1 # Generated with generate_ssl_tests.pl
5 test-0 = 0-ECDSA CipherString Selection
6 test-1 = 1-Ed25519 CipherString and Signature Algorithm Selection
7 test-2 = 2-RSA CipherString Selection
8 test-3 = 3-RSA-PSS Certificate CipherString Selection
9 test-4 = 4-P-256 CipherString and Signature Algorithm Selection
10 test-5 = 5-Ed25519 CipherString and Curves Selection
11 test-6 = 6-ECDSA CipherString Selection, no ECDSA certificate
12 test-7 = 7-ECDSA Signature Algorithm Selection
13 test-8 = 8-ECDSA Signature Algorithm Selection SHA384
14 test-9 = 9-ECDSA Signature Algorithm Selection SHA1
15 test-10 = 10-ECDSA Signature Algorithm Selection compressed point
16 test-11 = 11-ECDSA Signature Algorithm Selection, no ECDSA certificate
17 test-12 = 12-RSA Signature Algorithm Selection
18 test-13 = 13-RSA-PSS Signature Algorithm Selection
19 test-14 = 14-RSA-PSS Certificate Legacy Signature Algorithm Selection
20 test-15 = 15-RSA-PSS Certificate Unified Signature Algorithm Selection
21 test-16 = 16-Only RSA-PSS Certificate
22 test-17 = 17-RSA-PSS Certificate, no PSS signature algorithms
23 test-18 = 18-Suite B P-256 Hash Algorithm Selection
24 test-19 = 19-Suite B P-384 Hash Algorithm Selection
25 test-20 = 20-TLS 1.2 Ed25519 Client Auth
26 test-21 = 21-Only RSA-PSS Certificate, TLS v1.1
27 test-22 = 22-TLS 1.3 ECDSA Signature Algorithm Selection
28 test-23 = 23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
29 test-24 = 24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
30 test-25 = 25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
31 test-26 = 26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
32 test-27 = 27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
33 test-28 = 28-TLS 1.3 RSA Signature Algorithm Selection, no PSS
34 test-29 = 29-TLS 1.3 RSA-PSS Signature Algorithm Selection
35 test-30 = 30-TLS 1.3 Ed25519 Signature Algorithm Selection
36 test-31 = 31-TLS 1.3 Ed25519 CipherString and Groups Selection
37 test-32 = 32-TLS 1.3 RSA Client Auth Signature Algorithm Selection
38 test-33 = 33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names
39 test-34 = 34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
40 test-35 = 35-TLS 1.3 Ed25519 Client Auth
41 test-36 = 36-TLS 1.2 DSA Certificate Test
42 test-37 = 37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
43 test-38 = 38-TLS 1.3 DSA Certificate Test
44 # ===========================================================
46 [0-ECDSA CipherString Selection]
47 ssl_conf = 0-ECDSA CipherString Selection-ssl
49 [0-ECDSA CipherString Selection-ssl]
50 server = 0-ECDSA CipherString Selection-server
51 client = 0-ECDSA CipherString Selection-client
53 [0-ECDSA CipherString Selection-server]
54 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
55 CipherString = DEFAULT
56 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
57 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
58 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
59 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
61 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
63 [0-ECDSA CipherString Selection-client]
66 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
67 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
71 ExpectedResult = Success
72 ExpectedServerCANames = empty
73 ExpectedServerCertType = P-256
74 ExpectedServerSignType = EC
77 # ===========================================================
79 [1-Ed25519 CipherString and Signature Algorithm Selection]
80 ssl_conf = 1-Ed25519 CipherString and Signature Algorithm Selection-ssl
82 [1-Ed25519 CipherString and Signature Algorithm Selection-ssl]
83 server = 1-Ed25519 CipherString and Signature Algorithm Selection-server
84 client = 1-Ed25519 CipherString and Signature Algorithm Selection-client
86 [1-Ed25519 CipherString and Signature Algorithm Selection-server]
87 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
88 CipherString = DEFAULT
89 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
90 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
91 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
92 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
94 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
96 [1-Ed25519 CipherString and Signature Algorithm Selection-client]
99 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
100 SignatureAlgorithms = ed25519:ECDSA+SHA256
101 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
105 ExpectedResult = Success
106 ExpectedServerCANames = empty
107 ExpectedServerCertType = Ed25519
108 ExpectedServerSignType = Ed25519
111 # ===========================================================
113 [2-RSA CipherString Selection]
114 ssl_conf = 2-RSA CipherString Selection-ssl
116 [2-RSA CipherString Selection-ssl]
117 server = 2-RSA CipherString Selection-server
118 client = 2-RSA CipherString Selection-client
120 [2-RSA CipherString Selection-server]
121 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
122 CipherString = DEFAULT
123 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
124 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
125 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
126 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
127 MaxProtocol = TLSv1.2
128 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
130 [2-RSA CipherString Selection-client]
132 MaxProtocol = TLSv1.2
133 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
137 ExpectedResult = Success
138 ExpectedServerCertType = RSA
139 ExpectedServerSignType = RSA-PSS
142 # ===========================================================
144 [3-RSA-PSS Certificate CipherString Selection]
145 ssl_conf = 3-RSA-PSS Certificate CipherString Selection-ssl
147 [3-RSA-PSS Certificate CipherString Selection-ssl]
148 server = 3-RSA-PSS Certificate CipherString Selection-server
149 client = 3-RSA-PSS Certificate CipherString Selection-client
151 [3-RSA-PSS Certificate CipherString Selection-server]
152 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
153 CipherString = DEFAULT
154 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
155 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
156 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
157 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
158 MaxProtocol = TLSv1.2
159 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
160 PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
161 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
163 [3-RSA-PSS Certificate CipherString Selection-client]
165 MaxProtocol = TLSv1.2
166 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
170 ExpectedResult = Success
171 ExpectedServerCertType = RSA-PSS
172 ExpectedServerSignType = RSA-PSS
175 # ===========================================================
177 [4-P-256 CipherString and Signature Algorithm Selection]
178 ssl_conf = 4-P-256 CipherString and Signature Algorithm Selection-ssl
180 [4-P-256 CipherString and Signature Algorithm Selection-ssl]
181 server = 4-P-256 CipherString and Signature Algorithm Selection-server
182 client = 4-P-256 CipherString and Signature Algorithm Selection-client
184 [4-P-256 CipherString and Signature Algorithm Selection-server]
185 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
186 CipherString = DEFAULT
187 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
188 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
189 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
190 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
191 MaxProtocol = TLSv1.2
192 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
194 [4-P-256 CipherString and Signature Algorithm Selection-client]
195 CipherString = aECDSA
196 MaxProtocol = TLSv1.2
197 SignatureAlgorithms = ECDSA+SHA256:ed25519
198 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
202 ExpectedResult = Success
203 ExpectedServerCertType = P-256
204 ExpectedServerSignHash = SHA256
205 ExpectedServerSignType = EC
208 # ===========================================================
210 [5-Ed25519 CipherString and Curves Selection]
211 ssl_conf = 5-Ed25519 CipherString and Curves Selection-ssl
213 [5-Ed25519 CipherString and Curves Selection-ssl]
214 server = 5-Ed25519 CipherString and Curves Selection-server
215 client = 5-Ed25519 CipherString and Curves Selection-client
217 [5-Ed25519 CipherString and Curves Selection-server]
218 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
219 CipherString = DEFAULT
220 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
221 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
222 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
223 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
224 MaxProtocol = TLSv1.2
225 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
227 [5-Ed25519 CipherString and Curves Selection-client]
228 CipherString = aECDSA
230 MaxProtocol = TLSv1.2
231 SignatureAlgorithms = ECDSA+SHA256:ed25519
232 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
236 ExpectedResult = Success
237 ExpectedServerCertType = Ed25519
238 ExpectedServerSignType = Ed25519
241 # ===========================================================
243 [6-ECDSA CipherString Selection, no ECDSA certificate]
244 ssl_conf = 6-ECDSA CipherString Selection, no ECDSA certificate-ssl
246 [6-ECDSA CipherString Selection, no ECDSA certificate-ssl]
247 server = 6-ECDSA CipherString Selection, no ECDSA certificate-server
248 client = 6-ECDSA CipherString Selection, no ECDSA certificate-client
250 [6-ECDSA CipherString Selection, no ECDSA certificate-server]
251 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
252 CipherString = DEFAULT
253 MaxProtocol = TLSv1.2
254 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
256 [6-ECDSA CipherString Selection, no ECDSA certificate-client]
257 CipherString = aECDSA
258 MaxProtocol = TLSv1.2
259 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
263 ExpectedResult = ServerFail
266 # ===========================================================
268 [7-ECDSA Signature Algorithm Selection]
269 ssl_conf = 7-ECDSA Signature Algorithm Selection-ssl
271 [7-ECDSA Signature Algorithm Selection-ssl]
272 server = 7-ECDSA Signature Algorithm Selection-server
273 client = 7-ECDSA Signature Algorithm Selection-client
275 [7-ECDSA Signature Algorithm Selection-server]
276 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
277 CipherString = DEFAULT
278 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
279 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
280 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
281 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
282 MaxProtocol = TLSv1.2
283 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
285 [7-ECDSA Signature Algorithm Selection-client]
286 CipherString = DEFAULT
287 SignatureAlgorithms = ECDSA+SHA256
288 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
292 ExpectedResult = Success
293 ExpectedServerCertType = P-256
294 ExpectedServerSignHash = SHA256
295 ExpectedServerSignType = EC
298 # ===========================================================
300 [8-ECDSA Signature Algorithm Selection SHA384]
301 ssl_conf = 8-ECDSA Signature Algorithm Selection SHA384-ssl
303 [8-ECDSA Signature Algorithm Selection SHA384-ssl]
304 server = 8-ECDSA Signature Algorithm Selection SHA384-server
305 client = 8-ECDSA Signature Algorithm Selection SHA384-client
307 [8-ECDSA Signature Algorithm Selection SHA384-server]
308 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
309 CipherString = DEFAULT
310 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
311 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
312 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
313 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
314 MaxProtocol = TLSv1.2
315 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
317 [8-ECDSA Signature Algorithm Selection SHA384-client]
318 CipherString = DEFAULT
319 SignatureAlgorithms = ECDSA+SHA384
320 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
324 ExpectedResult = Success
325 ExpectedServerCertType = P-256
326 ExpectedServerSignHash = SHA384
327 ExpectedServerSignType = EC
330 # ===========================================================
332 [9-ECDSA Signature Algorithm Selection SHA1]
333 ssl_conf = 9-ECDSA Signature Algorithm Selection SHA1-ssl
335 [9-ECDSA Signature Algorithm Selection SHA1-ssl]
336 server = 9-ECDSA Signature Algorithm Selection SHA1-server
337 client = 9-ECDSA Signature Algorithm Selection SHA1-client
339 [9-ECDSA Signature Algorithm Selection SHA1-server]
340 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
341 CipherString = DEFAULT
342 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
343 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
344 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
345 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
346 MaxProtocol = TLSv1.2
347 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
349 [9-ECDSA Signature Algorithm Selection SHA1-client]
350 CipherString = DEFAULT
351 SignatureAlgorithms = ECDSA+SHA1
352 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
356 ExpectedResult = Success
357 ExpectedServerCertType = P-256
358 ExpectedServerSignHash = SHA1
359 ExpectedServerSignType = EC
362 # ===========================================================
364 [10-ECDSA Signature Algorithm Selection compressed point]
365 ssl_conf = 10-ECDSA Signature Algorithm Selection compressed point-ssl
367 [10-ECDSA Signature Algorithm Selection compressed point-ssl]
368 server = 10-ECDSA Signature Algorithm Selection compressed point-server
369 client = 10-ECDSA Signature Algorithm Selection compressed point-client
371 [10-ECDSA Signature Algorithm Selection compressed point-server]
372 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
373 CipherString = DEFAULT
374 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
375 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
376 MaxProtocol = TLSv1.2
377 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
379 [10-ECDSA Signature Algorithm Selection compressed point-client]
380 CipherString = DEFAULT
381 SignatureAlgorithms = ECDSA+SHA256
382 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
386 ExpectedResult = Success
387 ExpectedServerCertType = P-256
388 ExpectedServerSignHash = SHA256
389 ExpectedServerSignType = EC
392 # ===========================================================
394 [11-ECDSA Signature Algorithm Selection, no ECDSA certificate]
395 ssl_conf = 11-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
397 [11-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
398 server = 11-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
399 client = 11-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
401 [11-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
402 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
403 CipherString = DEFAULT
404 MaxProtocol = TLSv1.2
405 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
407 [11-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
408 CipherString = DEFAULT
409 SignatureAlgorithms = ECDSA+SHA256
410 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
414 ExpectedResult = ServerFail
417 # ===========================================================
419 [12-RSA Signature Algorithm Selection]
420 ssl_conf = 12-RSA Signature Algorithm Selection-ssl
422 [12-RSA Signature Algorithm Selection-ssl]
423 server = 12-RSA Signature Algorithm Selection-server
424 client = 12-RSA Signature Algorithm Selection-client
426 [12-RSA Signature Algorithm Selection-server]
427 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
428 CipherString = DEFAULT
429 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
430 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
431 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
432 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
433 MaxProtocol = TLSv1.2
434 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
436 [12-RSA Signature Algorithm Selection-client]
437 CipherString = DEFAULT
438 SignatureAlgorithms = RSA+SHA256
439 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
443 ExpectedResult = Success
444 ExpectedServerCertType = RSA
445 ExpectedServerSignHash = SHA256
446 ExpectedServerSignType = RSA
449 # ===========================================================
451 [13-RSA-PSS Signature Algorithm Selection]
452 ssl_conf = 13-RSA-PSS Signature Algorithm Selection-ssl
454 [13-RSA-PSS Signature Algorithm Selection-ssl]
455 server = 13-RSA-PSS Signature Algorithm Selection-server
456 client = 13-RSA-PSS Signature Algorithm Selection-client
458 [13-RSA-PSS Signature Algorithm Selection-server]
459 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
460 CipherString = DEFAULT
461 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
462 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
463 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
464 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
465 MaxProtocol = TLSv1.2
466 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
468 [13-RSA-PSS Signature Algorithm Selection-client]
469 CipherString = DEFAULT
470 SignatureAlgorithms = RSA-PSS+SHA256
471 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
475 ExpectedResult = Success
476 ExpectedServerCertType = RSA
477 ExpectedServerSignHash = SHA256
478 ExpectedServerSignType = RSA-PSS
481 # ===========================================================
483 [14-RSA-PSS Certificate Legacy Signature Algorithm Selection]
484 ssl_conf = 14-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl
486 [14-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl]
487 server = 14-RSA-PSS Certificate Legacy Signature Algorithm Selection-server
488 client = 14-RSA-PSS Certificate Legacy Signature Algorithm Selection-client
490 [14-RSA-PSS Certificate Legacy Signature Algorithm Selection-server]
491 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
492 CipherString = DEFAULT
493 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
494 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
495 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
496 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
497 MaxProtocol = TLSv1.2
498 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
499 PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
500 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
502 [14-RSA-PSS Certificate Legacy Signature Algorithm Selection-client]
503 CipherString = DEFAULT
504 SignatureAlgorithms = RSA-PSS+SHA256
505 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
509 ExpectedResult = Success
510 ExpectedServerCertType = RSA
511 ExpectedServerSignHash = SHA256
512 ExpectedServerSignType = RSA-PSS
515 # ===========================================================
517 [15-RSA-PSS Certificate Unified Signature Algorithm Selection]
518 ssl_conf = 15-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl
520 [15-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl]
521 server = 15-RSA-PSS Certificate Unified Signature Algorithm Selection-server
522 client = 15-RSA-PSS Certificate Unified Signature Algorithm Selection-client
524 [15-RSA-PSS Certificate Unified Signature Algorithm Selection-server]
525 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
526 CipherString = DEFAULT
527 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
528 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
529 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
530 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
531 MaxProtocol = TLSv1.2
532 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
533 PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
534 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
536 [15-RSA-PSS Certificate Unified Signature Algorithm Selection-client]
537 CipherString = DEFAULT
538 SignatureAlgorithms = rsa_pss_pss_sha256
539 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
543 ExpectedResult = Success
544 ExpectedServerCertType = RSA-PSS
545 ExpectedServerSignHash = SHA256
546 ExpectedServerSignType = RSA-PSS
549 # ===========================================================
551 [16-Only RSA-PSS Certificate]
552 ssl_conf = 16-Only RSA-PSS Certificate-ssl
554 [16-Only RSA-PSS Certificate-ssl]
555 server = 16-Only RSA-PSS Certificate-server
556 client = 16-Only RSA-PSS Certificate-client
558 [16-Only RSA-PSS Certificate-server]
559 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
560 CipherString = DEFAULT
561 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
563 [16-Only RSA-PSS Certificate-client]
564 CipherString = DEFAULT
565 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
569 ExpectedResult = Success
570 ExpectedServerCertType = RSA-PSS
571 ExpectedServerSignHash = SHA256
572 ExpectedServerSignType = RSA-PSS
575 # ===========================================================
577 [17-RSA-PSS Certificate, no PSS signature algorithms]
578 ssl_conf = 17-RSA-PSS Certificate, no PSS signature algorithms-ssl
580 [17-RSA-PSS Certificate, no PSS signature algorithms-ssl]
581 server = 17-RSA-PSS Certificate, no PSS signature algorithms-server
582 client = 17-RSA-PSS Certificate, no PSS signature algorithms-client
584 [17-RSA-PSS Certificate, no PSS signature algorithms-server]
585 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
586 CipherString = DEFAULT
587 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
589 [17-RSA-PSS Certificate, no PSS signature algorithms-client]
590 CipherString = DEFAULT
591 SignatureAlgorithms = RSA+SHA256
592 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
596 ExpectedResult = ServerFail
599 # ===========================================================
601 [18-Suite B P-256 Hash Algorithm Selection]
602 ssl_conf = 18-Suite B P-256 Hash Algorithm Selection-ssl
604 [18-Suite B P-256 Hash Algorithm Selection-ssl]
605 server = 18-Suite B P-256 Hash Algorithm Selection-server
606 client = 18-Suite B P-256 Hash Algorithm Selection-client
608 [18-Suite B P-256 Hash Algorithm Selection-server]
609 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
610 CipherString = SUITEB128
611 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
612 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem
613 MaxProtocol = TLSv1.2
614 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
616 [18-Suite B P-256 Hash Algorithm Selection-client]
617 CipherString = DEFAULT
618 SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256
619 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
623 ExpectedResult = Success
624 ExpectedServerCertType = P-256
625 ExpectedServerSignHash = SHA256
626 ExpectedServerSignType = EC
629 # ===========================================================
631 [19-Suite B P-384 Hash Algorithm Selection]
632 ssl_conf = 19-Suite B P-384 Hash Algorithm Selection-ssl
634 [19-Suite B P-384 Hash Algorithm Selection-ssl]
635 server = 19-Suite B P-384 Hash Algorithm Selection-server
636 client = 19-Suite B P-384 Hash Algorithm Selection-client
638 [19-Suite B P-384 Hash Algorithm Selection-server]
639 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
640 CipherString = SUITEB128
641 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
642 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
643 MaxProtocol = TLSv1.2
644 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
646 [19-Suite B P-384 Hash Algorithm Selection-client]
647 CipherString = DEFAULT
648 SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384
649 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
653 ExpectedResult = Success
654 ExpectedServerCertType = P-384
655 ExpectedServerSignHash = SHA384
656 ExpectedServerSignType = EC
659 # ===========================================================
661 [20-TLS 1.2 Ed25519 Client Auth]
662 ssl_conf = 20-TLS 1.2 Ed25519 Client Auth-ssl
664 [20-TLS 1.2 Ed25519 Client Auth-ssl]
665 server = 20-TLS 1.2 Ed25519 Client Auth-server
666 client = 20-TLS 1.2 Ed25519 Client Auth-client
668 [20-TLS 1.2 Ed25519 Client Auth-server]
669 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
670 CipherString = DEFAULT
671 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
672 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
675 [20-TLS 1.2 Ed25519 Client Auth-client]
676 CipherString = DEFAULT
677 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
678 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
679 MaxProtocol = TLSv1.2
680 MinProtocol = TLSv1.2
681 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
685 ExpectedClientCertType = Ed25519
686 ExpectedClientSignType = Ed25519
687 ExpectedResult = Success
690 # ===========================================================
692 [21-Only RSA-PSS Certificate, TLS v1.1]
693 ssl_conf = 21-Only RSA-PSS Certificate, TLS v1.1-ssl
695 [21-Only RSA-PSS Certificate, TLS v1.1-ssl]
696 server = 21-Only RSA-PSS Certificate, TLS v1.1-server
697 client = 21-Only RSA-PSS Certificate, TLS v1.1-client
699 [21-Only RSA-PSS Certificate, TLS v1.1-server]
700 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
701 CipherString = DEFAULT
702 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
704 [21-Only RSA-PSS Certificate, TLS v1.1-client]
705 CipherString = DEFAULT
706 MaxProtocol = TLSv1.1
707 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
711 ExpectedResult = ServerFail
714 # ===========================================================
716 [22-TLS 1.3 ECDSA Signature Algorithm Selection]
717 ssl_conf = 22-TLS 1.3 ECDSA Signature Algorithm Selection-ssl
719 [22-TLS 1.3 ECDSA Signature Algorithm Selection-ssl]
720 server = 22-TLS 1.3 ECDSA Signature Algorithm Selection-server
721 client = 22-TLS 1.3 ECDSA Signature Algorithm Selection-client
723 [22-TLS 1.3 ECDSA Signature Algorithm Selection-server]
724 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
725 CipherString = DEFAULT
726 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
727 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
728 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
729 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
730 MaxProtocol = TLSv1.3
731 MinProtocol = TLSv1.3
732 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
734 [22-TLS 1.3 ECDSA Signature Algorithm Selection-client]
735 CipherString = DEFAULT
736 SignatureAlgorithms = ECDSA+SHA256
737 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
741 ExpectedResult = Success
742 ExpectedServerCANames = empty
743 ExpectedServerCertType = P-256
744 ExpectedServerSignHash = SHA256
745 ExpectedServerSignType = EC
748 # ===========================================================
750 [23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point]
751 ssl_conf = 23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl
753 [23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl]
754 server = 23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server
755 client = 23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client
757 [23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server]
758 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
759 CipherString = DEFAULT
760 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
761 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
762 MaxProtocol = TLSv1.3
763 MinProtocol = TLSv1.3
764 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
766 [23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client]
767 CipherString = DEFAULT
768 SignatureAlgorithms = ECDSA+SHA256
769 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
773 ExpectedResult = ServerFail
776 # ===========================================================
778 [24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1]
779 ssl_conf = 24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl
781 [24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl]
782 server = 24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server
783 client = 24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
785 [24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
786 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
787 CipherString = DEFAULT
788 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
789 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
790 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
791 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
792 MaxProtocol = TLSv1.3
793 MinProtocol = TLSv1.3
794 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
796 [24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
797 CipherString = DEFAULT
798 SignatureAlgorithms = ECDSA+SHA1
799 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
803 ExpectedResult = ServerFail
806 # ===========================================================
808 [25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS]
809 ssl_conf = 25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl
811 [25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl]
812 server = 25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server
813 client = 25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client
815 [25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server]
816 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
817 CipherString = DEFAULT
818 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
819 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
820 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
821 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
822 MaxProtocol = TLSv1.3
823 MinProtocol = TLSv1.3
824 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
826 [25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client]
827 CipherString = DEFAULT
828 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
829 SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256
830 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
834 ExpectedResult = Success
835 ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
836 ExpectedServerCertType = P-256
837 ExpectedServerSignHash = SHA256
838 ExpectedServerSignType = EC
841 # ===========================================================
843 [26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS]
844 ssl_conf = 26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl
846 [26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl]
847 server = 26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server
848 client = 26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client
850 [26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server]
851 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
852 CipherString = DEFAULT
853 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
854 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
855 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
856 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
857 MaxProtocol = TLSv1.3
858 MinProtocol = TLSv1.3
859 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
861 [26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client]
862 CipherString = DEFAULT
863 SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384
864 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
868 ExpectedResult = Success
869 ExpectedServerCertType = RSA
870 ExpectedServerSignHash = SHA384
871 ExpectedServerSignType = RSA-PSS
874 # ===========================================================
876 [27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate]
877 ssl_conf = 27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
879 [27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
880 server = 27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server
881 client = 27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client
883 [27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
884 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
885 CipherString = DEFAULT
886 MaxProtocol = TLSv1.3
887 MinProtocol = TLSv1.3
888 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
890 [27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
891 CipherString = DEFAULT
892 SignatureAlgorithms = ECDSA+SHA256
893 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
897 ExpectedResult = ServerFail
900 # ===========================================================
902 [28-TLS 1.3 RSA Signature Algorithm Selection, no PSS]
903 ssl_conf = 28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl
905 [28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl]
906 server = 28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server
907 client = 28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client
909 [28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server]
910 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
911 CipherString = DEFAULT
912 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
913 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
914 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
915 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
916 MaxProtocol = TLSv1.3
917 MinProtocol = TLSv1.3
918 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
920 [28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client]
921 CipherString = DEFAULT
922 SignatureAlgorithms = RSA+SHA256
923 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
927 ExpectedResult = ServerFail
930 # ===========================================================
932 [29-TLS 1.3 RSA-PSS Signature Algorithm Selection]
933 ssl_conf = 29-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl
935 [29-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl]
936 server = 29-TLS 1.3 RSA-PSS Signature Algorithm Selection-server
937 client = 29-TLS 1.3 RSA-PSS Signature Algorithm Selection-client
939 [29-TLS 1.3 RSA-PSS Signature Algorithm Selection-server]
940 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
941 CipherString = DEFAULT
942 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
943 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
944 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
945 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
946 MaxProtocol = TLSv1.3
947 MinProtocol = TLSv1.3
948 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
950 [29-TLS 1.3 RSA-PSS Signature Algorithm Selection-client]
951 CipherString = DEFAULT
952 SignatureAlgorithms = RSA-PSS+SHA256
953 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
957 ExpectedResult = Success
958 ExpectedServerCertType = RSA
959 ExpectedServerSignHash = SHA256
960 ExpectedServerSignType = RSA-PSS
963 # ===========================================================
965 [30-TLS 1.3 Ed25519 Signature Algorithm Selection]
966 ssl_conf = 30-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl
968 [30-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl]
969 server = 30-TLS 1.3 Ed25519 Signature Algorithm Selection-server
970 client = 30-TLS 1.3 Ed25519 Signature Algorithm Selection-client
972 [30-TLS 1.3 Ed25519 Signature Algorithm Selection-server]
973 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
974 CipherString = DEFAULT
975 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
976 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
977 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
978 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
979 MaxProtocol = TLSv1.3
980 MinProtocol = TLSv1.3
981 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
983 [30-TLS 1.3 Ed25519 Signature Algorithm Selection-client]
984 CipherString = DEFAULT
985 SignatureAlgorithms = ed25519
986 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
990 ExpectedResult = Success
991 ExpectedServerCertType = Ed25519
992 ExpectedServerSignType = Ed25519
995 # ===========================================================
997 [31-TLS 1.3 Ed25519 CipherString and Groups Selection]
998 ssl_conf = 31-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl
1000 [31-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl]
1001 server = 31-TLS 1.3 Ed25519 CipherString and Groups Selection-server
1002 client = 31-TLS 1.3 Ed25519 CipherString and Groups Selection-client
1004 [31-TLS 1.3 Ed25519 CipherString and Groups Selection-server]
1005 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1006 CipherString = DEFAULT
1007 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1008 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1009 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1010 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1011 MaxProtocol = TLSv1.3
1012 MinProtocol = TLSv1.3
1013 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1015 [31-TLS 1.3 Ed25519 CipherString and Groups Selection-client]
1016 CipherString = DEFAULT
1018 SignatureAlgorithms = ECDSA+SHA256:ed25519
1019 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1023 ExpectedResult = Success
1024 ExpectedServerCertType = P-256
1025 ExpectedServerSignType = EC
1028 # ===========================================================
1030 [32-TLS 1.3 RSA Client Auth Signature Algorithm Selection]
1031 ssl_conf = 32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl
1033 [32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl]
1034 server = 32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server
1035 client = 32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client
1037 [32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server]
1038 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1039 CipherString = DEFAULT
1040 ClientSignatureAlgorithms = PSS+SHA256
1041 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1042 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1043 VerifyMode = Require
1045 [32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client]
1046 CipherString = DEFAULT
1047 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1048 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1049 MaxProtocol = TLSv1.3
1050 MinProtocol = TLSv1.3
1051 RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1052 RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1053 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1057 ExpectedClientCANames = empty
1058 ExpectedClientCertType = RSA
1059 ExpectedClientSignHash = SHA256
1060 ExpectedClientSignType = RSA-PSS
1061 ExpectedResult = Success
1064 # ===========================================================
1066 [33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names]
1067 ssl_conf = 33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl
1069 [33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl]
1070 server = 33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server
1071 client = 33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client
1073 [33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server]
1074 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1075 CipherString = DEFAULT
1076 ClientSignatureAlgorithms = PSS+SHA256
1077 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1078 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1079 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1080 VerifyMode = Require
1082 [33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client]
1083 CipherString = DEFAULT
1084 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1085 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1086 MaxProtocol = TLSv1.3
1087 MinProtocol = TLSv1.3
1088 RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1089 RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1090 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1094 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1095 ExpectedClientCertType = RSA
1096 ExpectedClientSignHash = SHA256
1097 ExpectedClientSignType = RSA-PSS
1098 ExpectedResult = Success
1101 # ===========================================================
1103 [34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection]
1104 ssl_conf = 34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl
1106 [34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl]
1107 server = 34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server
1108 client = 34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client
1110 [34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server]
1111 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1112 CipherString = DEFAULT
1113 ClientSignatureAlgorithms = ECDSA+SHA256
1114 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1115 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1116 VerifyMode = Require
1118 [34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client]
1119 CipherString = DEFAULT
1120 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1121 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1122 MaxProtocol = TLSv1.3
1123 MinProtocol = TLSv1.3
1124 RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1125 RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1126 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1130 ExpectedClientCertType = P-256
1131 ExpectedClientSignHash = SHA256
1132 ExpectedClientSignType = EC
1133 ExpectedResult = Success
1136 # ===========================================================
1138 [35-TLS 1.3 Ed25519 Client Auth]
1139 ssl_conf = 35-TLS 1.3 Ed25519 Client Auth-ssl
1141 [35-TLS 1.3 Ed25519 Client Auth-ssl]
1142 server = 35-TLS 1.3 Ed25519 Client Auth-server
1143 client = 35-TLS 1.3 Ed25519 Client Auth-client
1145 [35-TLS 1.3 Ed25519 Client Auth-server]
1146 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1147 CipherString = DEFAULT
1148 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1149 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1150 VerifyMode = Require
1152 [35-TLS 1.3 Ed25519 Client Auth-client]
1153 CipherString = DEFAULT
1154 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
1155 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
1156 MaxProtocol = TLSv1.3
1157 MinProtocol = TLSv1.3
1158 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1162 ExpectedClientCertType = Ed25519
1163 ExpectedClientSignType = Ed25519
1164 ExpectedResult = Success
1167 # ===========================================================
1169 [36-TLS 1.2 DSA Certificate Test]
1170 ssl_conf = 36-TLS 1.2 DSA Certificate Test-ssl
1172 [36-TLS 1.2 DSA Certificate Test-ssl]
1173 server = 36-TLS 1.2 DSA Certificate Test-server
1174 client = 36-TLS 1.2 DSA Certificate Test-client
1176 [36-TLS 1.2 DSA Certificate Test-server]
1177 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1179 DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
1180 DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
1181 DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
1182 MaxProtocol = TLSv1.2
1183 MinProtocol = TLSv1.2
1184 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1186 [36-TLS 1.2 DSA Certificate Test-client]
1188 SignatureAlgorithms = DSA+SHA256:DSA+SHA1
1189 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1193 ExpectedResult = Success
1196 # ===========================================================
1198 [37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms]
1199 ssl_conf = 37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl
1201 [37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl]
1202 server = 37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server
1203 client = 37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client
1205 [37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server]
1206 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1207 CipherString = DEFAULT
1208 ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256
1209 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1210 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1211 VerifyMode = Request
1213 [37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client]
1214 CipherString = DEFAULT
1215 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1219 ExpectedResult = ServerFail
1222 # ===========================================================
1224 [38-TLS 1.3 DSA Certificate Test]
1225 ssl_conf = 38-TLS 1.3 DSA Certificate Test-ssl
1227 [38-TLS 1.3 DSA Certificate Test-ssl]
1228 server = 38-TLS 1.3 DSA Certificate Test-server
1229 client = 38-TLS 1.3 DSA Certificate Test-client
1231 [38-TLS 1.3 DSA Certificate Test-server]
1232 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1234 DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
1235 DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
1236 MaxProtocol = TLSv1.3
1237 MinProtocol = TLSv1.3
1238 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1240 [38-TLS 1.3 DSA Certificate Test-client]
1242 SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256
1243 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1247 ExpectedResult = ServerFail