X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fssl-tests%2F20-cert-select.conf;h=1bf81c12d738e2049606e313d3adda86f1eb9925;hp=69a80033fbcf1d1954479f711311b310aed9b0c8;hb=b2c4909c208994a94b4b09e1c34316c889985bb0;hpb=b7ab4eeed9c0f245cfd0cd884f95bcb3474f0435 diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf index 69a80033fb..1bf81c12d7 100644 --- a/test/ssl-tests/20-cert-select.conf +++ b/test/ssl-tests/20-cert-select.conf @@ -1,29 +1,56 @@ # Generated with generate_ssl_tests.pl -num_tests = 22 +num_tests = 49 test-0 = 0-ECDSA CipherString Selection -test-1 = 1-Ed25519 CipherString and Signature Algorithm Selection -test-2 = 2-RSA CipherString Selection -test-3 = 3-RSA-PSS Certificate CipherString Selection -test-4 = 4-P-256 CipherString and Signature Algorithm Selection -test-5 = 5-Ed25519 CipherString and Curves Selection -test-6 = 6-ECDSA CipherString Selection, no ECDSA certificate -test-7 = 7-ECDSA Signature Algorithm Selection -test-8 = 8-ECDSA Signature Algorithm Selection SHA384 -test-9 = 9-ECDSA Signature Algorithm Selection SHA1 -test-10 = 10-ECDSA Signature Algorithm Selection compressed point -test-11 = 11-ECDSA Signature Algorithm Selection, no ECDSA certificate -test-12 = 12-RSA Signature Algorithm Selection -test-13 = 13-RSA-PSS Signature Algorithm Selection -test-14 = 14-RSA-PSS Certificate Signature Algorithm Selection -test-15 = 15-Only RSA-PSS Certificate -test-16 = 16-RSA-PSS Certificate, no PSS signature algorithms -test-17 = 17-Suite B P-256 Hash Algorithm Selection -test-18 = 18-Suite B P-384 Hash Algorithm Selection -test-19 = 19-TLS 1.2 Ed25519 Client Auth -test-20 = 20-Only RSA-PSS Certificate, TLS v1.1 -test-21 = 21-TLS 1.2 DSA Certificate Test +test-1 = 1-ECDSA CipherString Selection +test-2 = 2-ECDSA CipherString Selection +test-3 = 3-Ed25519 CipherString and Signature Algorithm Selection +test-4 = 4-Ed448 CipherString and Signature Algorithm Selection +test-5 = 5-RSA CipherString Selection +test-6 = 6-RSA-PSS Certificate CipherString Selection +test-7 = 7-P-256 CipherString and Signature Algorithm Selection +test-8 = 8-Ed25519 CipherString and Curves Selection +test-9 = 9-Ed448 CipherString and Curves Selection +test-10 = 10-ECDSA CipherString Selection, no ECDSA certificate +test-11 = 11-ECDSA Signature Algorithm Selection +test-12 = 12-ECDSA Signature Algorithm Selection SHA384 +test-13 = 13-ECDSA Signature Algorithm Selection SHA1 +test-14 = 14-ECDSA Signature Algorithm Selection compressed point +test-15 = 15-ECDSA Signature Algorithm Selection, no ECDSA certificate +test-16 = 16-RSA Signature Algorithm Selection +test-17 = 17-RSA-PSS Signature Algorithm Selection +test-18 = 18-RSA-PSS Certificate Legacy Signature Algorithm Selection +test-19 = 19-RSA-PSS Certificate Unified Signature Algorithm Selection +test-20 = 20-Only RSA-PSS Certificate +test-21 = 21-RSA-PSS Certificate, no PSS signature algorithms +test-22 = 22-RSA key exchange with all RSA certificate types +test-23 = 23-RSA key exchange with only RSA-PSS certificate +test-24 = 24-Suite B P-256 Hash Algorithm Selection +test-25 = 25-Suite B P-384 Hash Algorithm Selection +test-26 = 26-TLS 1.2 Ed25519 Client Auth +test-27 = 27-TLS 1.2 Ed448 Client Auth +test-28 = 28-Only RSA-PSS Certificate, TLS v1.1 +test-29 = 29-TLS 1.3 ECDSA Signature Algorithm Selection +test-30 = 30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point +test-31 = 31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1 +test-32 = 32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS +test-33 = 33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS +test-34 = 34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate +test-35 = 35-TLS 1.3 RSA Signature Algorithm Selection, no PSS +test-36 = 36-TLS 1.3 RSA-PSS Signature Algorithm Selection +test-37 = 37-TLS 1.3 Ed25519 Signature Algorithm Selection +test-38 = 38-TLS 1.3 Ed448 Signature Algorithm Selection +test-39 = 39-TLS 1.3 Ed25519 CipherString and Groups Selection +test-40 = 40-TLS 1.3 Ed448 CipherString and Groups Selection +test-41 = 41-TLS 1.3 RSA Client Auth Signature Algorithm Selection +test-42 = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names +test-43 = 43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection +test-44 = 44-TLS 1.3 Ed25519 Client Auth +test-45 = 45-TLS 1.3 Ed448 Client Auth +test-46 = 46-TLS 1.2 DSA Certificate Test +test-47 = 47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms +test-48 = 48-TLS 1.3 DSA Certificate Test # =========================================================== [0-ECDSA CipherString Selection] @@ -38,8 +65,10 @@ Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -59,64 +88,167 @@ ExpectedServerSignType = EC # =========================================================== -[1-Ed25519 CipherString and Signature Algorithm Selection] -ssl_conf = 1-Ed25519 CipherString and Signature Algorithm Selection-ssl +[1-ECDSA CipherString Selection] +ssl_conf = 1-ECDSA CipherString Selection-ssl -[1-Ed25519 CipherString and Signature Algorithm Selection-ssl] -server = 1-Ed25519 CipherString and Signature Algorithm Selection-server -client = 1-Ed25519 CipherString and Signature Algorithm Selection-client +[1-ECDSA CipherString Selection-ssl] +server = 1-ECDSA CipherString Selection-server +client = 1-ECDSA CipherString Selection-client -[1-Ed25519 CipherString and Signature Algorithm Selection-server] +[1-ECDSA CipherString Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Groups = P-384 MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[1-Ed25519 CipherString and Signature Algorithm Selection-client] +[1-ECDSA CipherString Selection-client] CipherString = aECDSA +Groups = P-256:P-384 MaxProtocol = TLSv1.2 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem -SignatureAlgorithms = ed25519:ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] ExpectedResult = Success ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignType = EC + + +# =========================================================== + +[2-ECDSA CipherString Selection] +ssl_conf = 2-ECDSA CipherString Selection-ssl + +[2-ECDSA CipherString Selection-ssl] +server = 2-ECDSA CipherString Selection-server +client = 2-ECDSA CipherString Selection-client + +[2-ECDSA CipherString Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Groups = P-256:P-384 +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[2-ECDSA CipherString Selection-client] +CipherString = aECDSA +Groups = P-384 +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-2] +ExpectedResult = ServerFail + + +# =========================================================== + +[3-Ed25519 CipherString and Signature Algorithm Selection] +ssl_conf = 3-Ed25519 CipherString and Signature Algorithm Selection-ssl + +[3-Ed25519 CipherString and Signature Algorithm Selection-ssl] +server = 3-Ed25519 CipherString and Signature Algorithm Selection-server +client = 3-Ed25519 CipherString and Signature Algorithm Selection-client + +[3-Ed25519 CipherString and Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[3-Ed25519 CipherString and Signature Algorithm Selection-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +SignatureAlgorithms = ed25519:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-3] +ExpectedResult = Success +ExpectedServerCANames = empty ExpectedServerCertType = Ed25519 ExpectedServerSignType = Ed25519 # =========================================================== -[2-RSA CipherString Selection] -ssl_conf = 2-RSA CipherString Selection-ssl +[4-Ed448 CipherString and Signature Algorithm Selection] +ssl_conf = 4-Ed448 CipherString and Signature Algorithm Selection-ssl + +[4-Ed448 CipherString and Signature Algorithm Selection-ssl] +server = 4-Ed448 CipherString and Signature Algorithm Selection-server +client = 4-Ed448 CipherString and Signature Algorithm Selection-client + +[4-Ed448 CipherString and Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[4-Ed448 CipherString and Signature Algorithm Selection-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +SignatureAlgorithms = ed448:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-4] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = Ed448 +ExpectedServerSignType = Ed448 + + +# =========================================================== + +[5-RSA CipherString Selection] +ssl_conf = 5-RSA CipherString Selection-ssl -[2-RSA CipherString Selection-ssl] -server = 2-RSA CipherString Selection-server -client = 2-RSA CipherString Selection-client +[5-RSA CipherString Selection-ssl] +server = 5-RSA CipherString Selection-server +client = 5-RSA CipherString Selection-client -[2-RSA CipherString Selection-server] +[5-RSA CipherString Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[2-RSA CipherString Selection-client] +[5-RSA CipherString Selection-client] CipherString = aRSA MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-2] +[test-5] ExpectedResult = Success ExpectedServerCertType = RSA ExpectedServerSignType = RSA-PSS @@ -124,32 +256,34 @@ ExpectedServerSignType = RSA-PSS # =========================================================== -[3-RSA-PSS Certificate CipherString Selection] -ssl_conf = 3-RSA-PSS Certificate CipherString Selection-ssl +[6-RSA-PSS Certificate CipherString Selection] +ssl_conf = 6-RSA-PSS Certificate CipherString Selection-ssl -[3-RSA-PSS Certificate CipherString Selection-ssl] -server = 3-RSA-PSS Certificate CipherString Selection-server -client = 3-RSA-PSS Certificate CipherString Selection-client +[6-RSA-PSS Certificate CipherString Selection-ssl] +server = 6-RSA-PSS Certificate CipherString Selection-server +client = 6-RSA-PSS Certificate CipherString Selection-client -[3-RSA-PSS Certificate CipherString Selection-server] +[6-RSA-PSS Certificate CipherString Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[3-RSA-PSS Certificate CipherString Selection-client] +[6-RSA-PSS Certificate CipherString Selection-client] CipherString = aRSA MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-3] +[test-6] ExpectedResult = Success ExpectedServerCertType = RSA-PSS ExpectedServerSignType = RSA-PSS @@ -157,31 +291,33 @@ ExpectedServerSignType = RSA-PSS # =========================================================== -[4-P-256 CipherString and Signature Algorithm Selection] -ssl_conf = 4-P-256 CipherString and Signature Algorithm Selection-ssl +[7-P-256 CipherString and Signature Algorithm Selection] +ssl_conf = 7-P-256 CipherString and Signature Algorithm Selection-ssl -[4-P-256 CipherString and Signature Algorithm Selection-ssl] -server = 4-P-256 CipherString and Signature Algorithm Selection-server -client = 4-P-256 CipherString and Signature Algorithm Selection-client +[7-P-256 CipherString and Signature Algorithm Selection-ssl] +server = 7-P-256 CipherString and Signature Algorithm Selection-server +client = 7-P-256 CipherString and Signature Algorithm Selection-client -[4-P-256 CipherString and Signature Algorithm Selection-server] +[7-P-256 CipherString and Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[4-P-256 CipherString and Signature Algorithm Selection-client] +[7-P-256 CipherString and Signature Algorithm Selection-client] CipherString = aECDSA MaxProtocol = TLSv1.2 SignatureAlgorithms = ECDSA+SHA256:ed25519 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-4] +[test-7] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA256 @@ -190,24 +326,26 @@ ExpectedServerSignType = EC # =========================================================== -[5-Ed25519 CipherString and Curves Selection] -ssl_conf = 5-Ed25519 CipherString and Curves Selection-ssl +[8-Ed25519 CipherString and Curves Selection] +ssl_conf = 8-Ed25519 CipherString and Curves Selection-ssl -[5-Ed25519 CipherString and Curves Selection-ssl] -server = 5-Ed25519 CipherString and Curves Selection-server -client = 5-Ed25519 CipherString and Curves Selection-client +[8-Ed25519 CipherString and Curves Selection-ssl] +server = 8-Ed25519 CipherString and Curves Selection-server +client = 8-Ed25519 CipherString and Curves Selection-client -[5-Ed25519 CipherString and Curves Selection-server] +[8-Ed25519 CipherString and Curves Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[5-Ed25519 CipherString and Curves Selection-client] +[8-Ed25519 CipherString and Curves Selection-client] CipherString = aECDSA Curves = X25519 MaxProtocol = TLSv1.2 @@ -215,7 +353,7 @@ SignatureAlgorithms = ECDSA+SHA256:ed25519 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-5] +[test-8] ExpectedResult = Success ExpectedServerCertType = Ed25519 ExpectedServerSignType = Ed25519 @@ -223,55 +361,92 @@ ExpectedServerSignType = Ed25519 # =========================================================== -[6-ECDSA CipherString Selection, no ECDSA certificate] -ssl_conf = 6-ECDSA CipherString Selection, no ECDSA certificate-ssl +[9-Ed448 CipherString and Curves Selection] +ssl_conf = 9-Ed448 CipherString and Curves Selection-ssl -[6-ECDSA CipherString Selection, no ECDSA certificate-ssl] -server = 6-ECDSA CipherString Selection, no ECDSA certificate-server -client = 6-ECDSA CipherString Selection, no ECDSA certificate-client +[9-Ed448 CipherString and Curves Selection-ssl] +server = 9-Ed448 CipherString and Curves Selection-server +client = 9-Ed448 CipherString and Curves Selection-client -[6-ECDSA CipherString Selection, no ECDSA certificate-server] +[9-Ed448 CipherString and Curves Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[6-ECDSA CipherString Selection, no ECDSA certificate-client] +[9-Ed448 CipherString and Curves Selection-client] CipherString = aECDSA +Curves = X448 MaxProtocol = TLSv1.2 +SignatureAlgorithms = ECDSA+SHA256:ed448 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-6] +[test-9] +ExpectedResult = Success +ExpectedServerCertType = Ed448 +ExpectedServerSignType = Ed448 + + +# =========================================================== + +[10-ECDSA CipherString Selection, no ECDSA certificate] +ssl_conf = 10-ECDSA CipherString Selection, no ECDSA certificate-ssl + +[10-ECDSA CipherString Selection, no ECDSA certificate-ssl] +server = 10-ECDSA CipherString Selection, no ECDSA certificate-server +client = 10-ECDSA CipherString Selection, no ECDSA certificate-client + +[10-ECDSA CipherString Selection, no ECDSA certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[10-ECDSA CipherString Selection, no ECDSA certificate-client] +CipherString = aECDSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-10] ExpectedResult = ServerFail # =========================================================== -[7-ECDSA Signature Algorithm Selection] -ssl_conf = 7-ECDSA Signature Algorithm Selection-ssl +[11-ECDSA Signature Algorithm Selection] +ssl_conf = 11-ECDSA Signature Algorithm Selection-ssl -[7-ECDSA Signature Algorithm Selection-ssl] -server = 7-ECDSA Signature Algorithm Selection-server -client = 7-ECDSA Signature Algorithm Selection-client +[11-ECDSA Signature Algorithm Selection-ssl] +server = 11-ECDSA Signature Algorithm Selection-server +client = 11-ECDSA Signature Algorithm Selection-client -[7-ECDSA Signature Algorithm Selection-server] +[11-ECDSA Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[7-ECDSA Signature Algorithm Selection-client] +[11-ECDSA Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-7] +[test-11] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA256 @@ -280,30 +455,32 @@ ExpectedServerSignType = EC # =========================================================== -[8-ECDSA Signature Algorithm Selection SHA384] -ssl_conf = 8-ECDSA Signature Algorithm Selection SHA384-ssl +[12-ECDSA Signature Algorithm Selection SHA384] +ssl_conf = 12-ECDSA Signature Algorithm Selection SHA384-ssl -[8-ECDSA Signature Algorithm Selection SHA384-ssl] -server = 8-ECDSA Signature Algorithm Selection SHA384-server -client = 8-ECDSA Signature Algorithm Selection SHA384-client +[12-ECDSA Signature Algorithm Selection SHA384-ssl] +server = 12-ECDSA Signature Algorithm Selection SHA384-server +client = 12-ECDSA Signature Algorithm Selection SHA384-client -[8-ECDSA Signature Algorithm Selection SHA384-server] +[12-ECDSA Signature Algorithm Selection SHA384-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[8-ECDSA Signature Algorithm Selection SHA384-client] +[12-ECDSA Signature Algorithm Selection SHA384-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA384 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-8] +[test-12] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA384 @@ -312,30 +489,32 @@ ExpectedServerSignType = EC # =========================================================== -[9-ECDSA Signature Algorithm Selection SHA1] -ssl_conf = 9-ECDSA Signature Algorithm Selection SHA1-ssl +[13-ECDSA Signature Algorithm Selection SHA1] +ssl_conf = 13-ECDSA Signature Algorithm Selection SHA1-ssl -[9-ECDSA Signature Algorithm Selection SHA1-ssl] -server = 9-ECDSA Signature Algorithm Selection SHA1-server -client = 9-ECDSA Signature Algorithm Selection SHA1-client +[13-ECDSA Signature Algorithm Selection SHA1-ssl] +server = 13-ECDSA Signature Algorithm Selection SHA1-server +client = 13-ECDSA Signature Algorithm Selection SHA1-client -[9-ECDSA Signature Algorithm Selection SHA1-server] +[13-ECDSA Signature Algorithm Selection SHA1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[9-ECDSA Signature Algorithm Selection SHA1-client] +[13-ECDSA Signature Algorithm Selection SHA1-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-9] +[test-13] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA1 @@ -344,14 +523,14 @@ ExpectedServerSignType = EC # =========================================================== -[10-ECDSA Signature Algorithm Selection compressed point] -ssl_conf = 10-ECDSA Signature Algorithm Selection compressed point-ssl +[14-ECDSA Signature Algorithm Selection compressed point] +ssl_conf = 14-ECDSA Signature Algorithm Selection compressed point-ssl -[10-ECDSA Signature Algorithm Selection compressed point-ssl] -server = 10-ECDSA Signature Algorithm Selection compressed point-server -client = 10-ECDSA Signature Algorithm Selection compressed point-client +[14-ECDSA Signature Algorithm Selection compressed point-ssl] +server = 14-ECDSA Signature Algorithm Selection compressed point-server +client = 14-ECDSA Signature Algorithm Selection compressed point-client -[10-ECDSA Signature Algorithm Selection compressed point-server] +[14-ECDSA Signature Algorithm Selection compressed point-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem @@ -359,13 +538,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[10-ECDSA Signature Algorithm Selection compressed point-client] +[14-ECDSA Signature Algorithm Selection compressed point-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-10] +[test-14] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA256 @@ -374,55 +553,57 @@ ExpectedServerSignType = EC # =========================================================== -[11-ECDSA Signature Algorithm Selection, no ECDSA certificate] -ssl_conf = 11-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl +[15-ECDSA Signature Algorithm Selection, no ECDSA certificate] +ssl_conf = 15-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl -[11-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] -server = 11-ECDSA Signature Algorithm Selection, no ECDSA certificate-server -client = 11-ECDSA Signature Algorithm Selection, no ECDSA certificate-client +[15-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] +server = 15-ECDSA Signature Algorithm Selection, no ECDSA certificate-server +client = 15-ECDSA Signature Algorithm Selection, no ECDSA certificate-client -[11-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] +[15-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[11-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] +[15-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-11] +[test-15] ExpectedResult = ServerFail # =========================================================== -[12-RSA Signature Algorithm Selection] -ssl_conf = 12-RSA Signature Algorithm Selection-ssl +[16-RSA Signature Algorithm Selection] +ssl_conf = 16-RSA Signature Algorithm Selection-ssl -[12-RSA Signature Algorithm Selection-ssl] -server = 12-RSA Signature Algorithm Selection-server -client = 12-RSA Signature Algorithm Selection-client +[16-RSA Signature Algorithm Selection-ssl] +server = 16-RSA Signature Algorithm Selection-server +client = 16-RSA Signature Algorithm Selection-client -[12-RSA Signature Algorithm Selection-server] +[16-RSA Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[12-RSA Signature Algorithm Selection-client] +[16-RSA Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = RSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-12] +[test-16] ExpectedResult = Success ExpectedServerCertType = RSA ExpectedServerSignHash = SHA256 @@ -431,30 +612,32 @@ ExpectedServerSignType = RSA # =========================================================== -[13-RSA-PSS Signature Algorithm Selection] -ssl_conf = 13-RSA-PSS Signature Algorithm Selection-ssl +[17-RSA-PSS Signature Algorithm Selection] +ssl_conf = 17-RSA-PSS Signature Algorithm Selection-ssl -[13-RSA-PSS Signature Algorithm Selection-ssl] -server = 13-RSA-PSS Signature Algorithm Selection-server -client = 13-RSA-PSS Signature Algorithm Selection-client +[17-RSA-PSS Signature Algorithm Selection-ssl] +server = 17-RSA-PSS Signature Algorithm Selection-server +client = 17-RSA-PSS Signature Algorithm Selection-client -[13-RSA-PSS Signature Algorithm Selection-server] +[17-RSA-PSS Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[13-RSA-PSS Signature Algorithm Selection-client] +[17-RSA-PSS Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = RSA-PSS+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-13] +[test-17] ExpectedResult = Success ExpectedServerCertType = RSA ExpectedServerSignHash = SHA256 @@ -463,32 +646,70 @@ ExpectedServerSignType = RSA-PSS # =========================================================== -[14-RSA-PSS Certificate Signature Algorithm Selection] -ssl_conf = 14-RSA-PSS Certificate Signature Algorithm Selection-ssl +[18-RSA-PSS Certificate Legacy Signature Algorithm Selection] +ssl_conf = 18-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl -[14-RSA-PSS Certificate Signature Algorithm Selection-ssl] -server = 14-RSA-PSS Certificate Signature Algorithm Selection-server -client = 14-RSA-PSS Certificate Signature Algorithm Selection-client +[18-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl] +server = 18-RSA-PSS Certificate Legacy Signature Algorithm Selection-server +client = 18-RSA-PSS Certificate Legacy Signature Algorithm Selection-client -[14-RSA-PSS Certificate Signature Algorithm Selection-server] +[18-RSA-PSS Certificate Legacy Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem -EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem -EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem MaxProtocol = TLSv1.2 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[14-RSA-PSS Certificate Signature Algorithm Selection-client] +[18-RSA-PSS Certificate Legacy Signature Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = RSA-PSS+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-14] +[test-18] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[19-RSA-PSS Certificate Unified Signature Algorithm Selection] +ssl_conf = 19-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl + +[19-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl] +server = 19-RSA-PSS Certificate Unified Signature Algorithm Selection-server +client = 19-RSA-PSS Certificate Unified Signature Algorithm Selection-client + +[19-RSA-PSS Certificate Unified Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.2 +PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[19-RSA-PSS Certificate Unified Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = rsa_pss_pss_sha256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-19] ExpectedResult = Success ExpectedServerCertType = RSA-PSS ExpectedServerSignHash = SHA256 @@ -497,24 +718,24 @@ ExpectedServerSignType = RSA-PSS # =========================================================== -[15-Only RSA-PSS Certificate] -ssl_conf = 15-Only RSA-PSS Certificate-ssl +[20-Only RSA-PSS Certificate] +ssl_conf = 20-Only RSA-PSS Certificate-ssl -[15-Only RSA-PSS Certificate-ssl] -server = 15-Only RSA-PSS Certificate-server -client = 15-Only RSA-PSS Certificate-client +[20-Only RSA-PSS Certificate-ssl] +server = 20-Only RSA-PSS Certificate-server +client = 20-Only RSA-PSS Certificate-client -[15-Only RSA-PSS Certificate-server] +[20-Only RSA-PSS Certificate-server] Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem -[15-Only RSA-PSS Certificate-client] +[20-Only RSA-PSS Certificate-client] CipherString = DEFAULT VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-15] +[test-20] ExpectedResult = Success ExpectedServerCertType = RSA-PSS ExpectedServerSignHash = SHA256 @@ -523,38 +744,89 @@ ExpectedServerSignType = RSA-PSS # =========================================================== -[16-RSA-PSS Certificate, no PSS signature algorithms] -ssl_conf = 16-RSA-PSS Certificate, no PSS signature algorithms-ssl +[21-RSA-PSS Certificate, no PSS signature algorithms] +ssl_conf = 21-RSA-PSS Certificate, no PSS signature algorithms-ssl -[16-RSA-PSS Certificate, no PSS signature algorithms-ssl] -server = 16-RSA-PSS Certificate, no PSS signature algorithms-server -client = 16-RSA-PSS Certificate, no PSS signature algorithms-client +[21-RSA-PSS Certificate, no PSS signature algorithms-ssl] +server = 21-RSA-PSS Certificate, no PSS signature algorithms-server +client = 21-RSA-PSS Certificate, no PSS signature algorithms-client -[16-RSA-PSS Certificate, no PSS signature algorithms-server] +[21-RSA-PSS Certificate, no PSS signature algorithms-server] Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem -[16-RSA-PSS Certificate, no PSS signature algorithms-client] +[21-RSA-PSS Certificate, no PSS signature algorithms-client] CipherString = DEFAULT SignatureAlgorithms = RSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-16] +[test-21] +ExpectedResult = ServerFail + + +# =========================================================== + +[22-RSA key exchange with all RSA certificate types] +ssl_conf = 22-RSA key exchange with all RSA certificate types-ssl + +[22-RSA key exchange with all RSA certificate types-ssl] +server = 22-RSA key exchange with all RSA certificate types-server +client = 22-RSA key exchange with all RSA certificate types-client + +[22-RSA key exchange with all RSA certificate types-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[22-RSA key exchange with all RSA certificate types-client] +CipherString = kRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-22] +ExpectedResult = Success +ExpectedServerCertType = RSA + + +# =========================================================== + +[23-RSA key exchange with only RSA-PSS certificate] +ssl_conf = 23-RSA key exchange with only RSA-PSS certificate-ssl + +[23-RSA key exchange with only RSA-PSS certificate-ssl] +server = 23-RSA key exchange with only RSA-PSS certificate-server +client = 23-RSA key exchange with only RSA-PSS certificate-client + +[23-RSA key exchange with only RSA-PSS certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem + +[23-RSA key exchange with only RSA-PSS certificate-client] +CipherString = kRSA +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-23] ExpectedResult = ServerFail # =========================================================== -[17-Suite B P-256 Hash Algorithm Selection] -ssl_conf = 17-Suite B P-256 Hash Algorithm Selection-ssl +[24-Suite B P-256 Hash Algorithm Selection] +ssl_conf = 24-Suite B P-256 Hash Algorithm Selection-ssl -[17-Suite B P-256 Hash Algorithm Selection-ssl] -server = 17-Suite B P-256 Hash Algorithm Selection-server -client = 17-Suite B P-256 Hash Algorithm Selection-client +[24-Suite B P-256 Hash Algorithm Selection-ssl] +server = 24-Suite B P-256 Hash Algorithm Selection-server +client = 24-Suite B P-256 Hash Algorithm Selection-client -[17-Suite B P-256 Hash Algorithm Selection-server] +[24-Suite B P-256 Hash Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = SUITEB128 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem @@ -562,13 +834,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[17-Suite B P-256 Hash Algorithm Selection-client] +[24-Suite B P-256 Hash Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem VerifyMode = Peer -[test-17] +[test-24] ExpectedResult = Success ExpectedServerCertType = P-256 ExpectedServerSignHash = SHA256 @@ -577,14 +849,14 @@ ExpectedServerSignType = EC # =========================================================== -[18-Suite B P-384 Hash Algorithm Selection] -ssl_conf = 18-Suite B P-384 Hash Algorithm Selection-ssl +[25-Suite B P-384 Hash Algorithm Selection] +ssl_conf = 25-Suite B P-384 Hash Algorithm Selection-ssl -[18-Suite B P-384 Hash Algorithm Selection-ssl] -server = 18-Suite B P-384 Hash Algorithm Selection-server -client = 18-Suite B P-384 Hash Algorithm Selection-client +[25-Suite B P-384 Hash Algorithm Selection-ssl] +server = 25-Suite B P-384 Hash Algorithm Selection-server +client = 25-Suite B P-384 Hash Algorithm Selection-client -[18-Suite B P-384 Hash Algorithm Selection-server] +[25-Suite B P-384 Hash Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = SUITEB128 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem @@ -592,13 +864,13 @@ ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[18-Suite B P-384 Hash Algorithm Selection-client] +[25-Suite B P-384 Hash Algorithm Selection-client] CipherString = DEFAULT SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem VerifyMode = Peer -[test-18] +[test-25] ExpectedResult = Success ExpectedServerCertType = P-384 ExpectedServerSignHash = SHA384 @@ -607,30 +879,30 @@ ExpectedServerSignType = EC # =========================================================== -[19-TLS 1.2 Ed25519 Client Auth] -ssl_conf = 19-TLS 1.2 Ed25519 Client Auth-ssl +[26-TLS 1.2 Ed25519 Client Auth] +ssl_conf = 26-TLS 1.2 Ed25519 Client Auth-ssl -[19-TLS 1.2 Ed25519 Client Auth-ssl] -server = 19-TLS 1.2 Ed25519 Client Auth-server -client = 19-TLS 1.2 Ed25519 Client Auth-client +[26-TLS 1.2 Ed25519 Client Auth-ssl] +server = 26-TLS 1.2 Ed25519 Client Auth-server +client = 26-TLS 1.2 Ed25519 Client Auth-client -[19-TLS 1.2 Ed25519 Client Auth-server] +[26-TLS 1.2 Ed25519 Client Auth-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem VerifyMode = Require -[19-TLS 1.2 Ed25519 Client Auth-client] +[26-TLS 1.2 Ed25519 Client Auth-client] CipherString = DEFAULT -EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem -EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-19] +[test-26] ExpectedClientCertType = Ed25519 ExpectedClientSignType = Ed25519 ExpectedResult = Success @@ -638,54 +910,712 @@ ExpectedResult = Success # =========================================================== -[20-Only RSA-PSS Certificate, TLS v1.1] -ssl_conf = 20-Only RSA-PSS Certificate, TLS v1.1-ssl +[27-TLS 1.2 Ed448 Client Auth] +ssl_conf = 27-TLS 1.2 Ed448 Client Auth-ssl + +[27-TLS 1.2 Ed448 Client Auth-ssl] +server = 27-TLS 1.2 Ed448 Client Auth-server +client = 27-TLS 1.2 Ed448 Client Auth-client + +[27-TLS 1.2 Ed448 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[27-TLS 1.2 Ed448 Client Auth-client] +CipherString = DEFAULT +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-27] +ExpectedClientCertType = Ed448 +ExpectedClientSignType = Ed448 +ExpectedResult = Success + + +# =========================================================== + +[28-Only RSA-PSS Certificate, TLS v1.1] +ssl_conf = 28-Only RSA-PSS Certificate, TLS v1.1-ssl -[20-Only RSA-PSS Certificate, TLS v1.1-ssl] -server = 20-Only RSA-PSS Certificate, TLS v1.1-server -client = 20-Only RSA-PSS Certificate, TLS v1.1-client +[28-Only RSA-PSS Certificate, TLS v1.1-ssl] +server = 28-Only RSA-PSS Certificate, TLS v1.1-server +client = 28-Only RSA-PSS Certificate, TLS v1.1-client -[20-Only RSA-PSS Certificate, TLS v1.1-server] +[28-Only RSA-PSS Certificate, TLS v1.1-server] Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem CipherString = DEFAULT PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem -[20-Only RSA-PSS Certificate, TLS v1.1-client] +[28-Only RSA-PSS Certificate, TLS v1.1-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-20] +[test-28] ExpectedResult = ServerFail # =========================================================== -[21-TLS 1.2 DSA Certificate Test] -ssl_conf = 21-TLS 1.2 DSA Certificate Test-ssl +[29-TLS 1.3 ECDSA Signature Algorithm Selection] +ssl_conf = 29-TLS 1.3 ECDSA Signature Algorithm Selection-ssl -[21-TLS 1.2 DSA Certificate Test-ssl] -server = 21-TLS 1.2 DSA Certificate Test-server -client = 21-TLS 1.2 DSA Certificate Test-client +[29-TLS 1.3 ECDSA Signature Algorithm Selection-ssl] +server = 29-TLS 1.3 ECDSA Signature Algorithm Selection-server +client = 29-TLS 1.3 ECDSA Signature Algorithm Selection-client -[21-TLS 1.2 DSA Certificate Test-server] +[29-TLS 1.3 ECDSA Signature Algorithm Selection-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = ALL -DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem -DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem -DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[21-TLS 1.2 DSA Certificate Test-client] -CipherString = ALL -SignatureAlgorithms = DSA+SHA256:DSA+SHA1 +[29-TLS 1.3 ECDSA Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-21] +[test-29] +ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point] +ssl_conf = 30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl + +[30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl] +server = 30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server +client = 30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client + +[30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] ExpectedResult = Success +ExpectedServerCANames = empty +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1] +ssl_conf = 31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl + +[31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl] +server = 31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server +client = 31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client + +[31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedResult = ServerFail + + +# =========================================================== + +[32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS] +ssl_conf = 32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl + +[32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl] +server = 32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server +client = 32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client + +[32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client] +CipherString = DEFAULT +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedResult = Success +ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedServerCertType = P-256 +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = EC + + +# =========================================================== + +[33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS] +ssl_conf = 33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl + +[33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl] +server = 33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server +client = 33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client + +[33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA384 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate] +ssl_conf = 34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl + +[34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] +server = 34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server +client = 34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client + +[34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client] +CipherString = DEFAULT +SignatureAlgorithms = ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedResult = ServerFail + + +# =========================================================== + +[35-TLS 1.3 RSA Signature Algorithm Selection, no PSS] +ssl_conf = 35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl + +[35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl] +server = 35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server +client = 35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client + +[35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedResult = ServerFail + + +# =========================================================== + +[36-TLS 1.3 RSA-PSS Signature Algorithm Selection] +ssl_conf = 36-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl + +[36-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl] +server = 36-TLS 1.3 RSA-PSS Signature Algorithm Selection-server +client = 36-TLS 1.3 RSA-PSS Signature Algorithm Selection-client + +[36-TLS 1.3 RSA-PSS Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-TLS 1.3 RSA-PSS Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = RSA-PSS+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedResult = Success +ExpectedServerCertType = RSA +ExpectedServerSignHash = SHA256 +ExpectedServerSignType = RSA-PSS + + +# =========================================================== + +[37-TLS 1.3 Ed25519 Signature Algorithm Selection] +ssl_conf = 37-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl + +[37-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl] +server = 37-TLS 1.3 Ed25519 Signature Algorithm Selection-server +client = 37-TLS 1.3 Ed25519 Signature Algorithm Selection-client + +[37-TLS 1.3 Ed25519 Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-TLS 1.3 Ed25519 Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedResult = Success +ExpectedServerCertType = Ed25519 +ExpectedServerSignType = Ed25519 + + +# =========================================================== + +[38-TLS 1.3 Ed448 Signature Algorithm Selection] +ssl_conf = 38-TLS 1.3 Ed448 Signature Algorithm Selection-ssl + +[38-TLS 1.3 Ed448 Signature Algorithm Selection-ssl] +server = 38-TLS 1.3 Ed448 Signature Algorithm Selection-server +client = 38-TLS 1.3 Ed448 Signature Algorithm Selection-client + +[38-TLS 1.3 Ed448 Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-TLS 1.3 Ed448 Signature Algorithm Selection-client] +CipherString = DEFAULT +SignatureAlgorithms = ed448 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedResult = Success +ExpectedServerCertType = Ed448 +ExpectedServerSignType = Ed448 + + +# =========================================================== + +[39-TLS 1.3 Ed25519 CipherString and Groups Selection] +ssl_conf = 39-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl + +[39-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl] +server = 39-TLS 1.3 Ed25519 CipherString and Groups Selection-server +client = 39-TLS 1.3 Ed25519 CipherString and Groups Selection-client + +[39-TLS 1.3 Ed25519 CipherString and Groups Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-TLS 1.3 Ed25519 CipherString and Groups Selection-client] +CipherString = DEFAULT +Groups = X25519 +SignatureAlgorithms = ECDSA+SHA256:ed25519 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignType = EC + + +# =========================================================== + +[40-TLS 1.3 Ed448 CipherString and Groups Selection] +ssl_conf = 40-TLS 1.3 Ed448 CipherString and Groups Selection-ssl + +[40-TLS 1.3 Ed448 CipherString and Groups Selection-ssl] +server = 40-TLS 1.3 Ed448 CipherString and Groups Selection-server +client = 40-TLS 1.3 Ed448 CipherString and Groups Selection-client + +[40-TLS 1.3 Ed448 CipherString and Groups Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem +Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem +Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem +Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem +Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-TLS 1.3 Ed448 CipherString and Groups Selection-client] +CipherString = DEFAULT +Groups = X448 +SignatureAlgorithms = ECDSA+SHA256:ed448 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedResult = Success +ExpectedServerCertType = P-256 +ExpectedServerSignType = EC + + +# =========================================================== + +[41-TLS 1.3 RSA Client Auth Signature Algorithm Selection] +ssl_conf = 41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl + +[41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl] +server = 41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server +client = 41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client + +[41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[41-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client] +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedClientCANames = empty +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names] +ssl_conf = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl + +[42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl] +server = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server +client = 42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client + +[42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = PSS+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[42-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client] +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem +ExpectedClientCertType = RSA +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = RSA-PSS +ExpectedResult = Success + + +# =========================================================== + +[43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection] +ssl_conf = 43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl + +[43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl] +server = 43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server +client = 43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client + +[43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = ECDSA+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[43-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client] +CipherString = DEFAULT +ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem +ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem +RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedClientCertType = P-256 +ExpectedClientSignHash = SHA256 +ExpectedClientSignType = EC +ExpectedResult = Success + + +# =========================================================== + +[44-TLS 1.3 Ed25519 Client Auth] +ssl_conf = 44-TLS 1.3 Ed25519 Client Auth-ssl + +[44-TLS 1.3 Ed25519 Client Auth-ssl] +server = 44-TLS 1.3 Ed25519 Client Auth-server +client = 44-TLS 1.3 Ed25519 Client Auth-client + +[44-TLS 1.3 Ed25519 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[44-TLS 1.3 Ed25519 Client Auth-client] +CipherString = DEFAULT +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] +ExpectedClientCertType = Ed25519 +ExpectedClientSignType = Ed25519 +ExpectedResult = Success + + +# =========================================================== + +[45-TLS 1.3 Ed448 Client Auth] +ssl_conf = 45-TLS 1.3 Ed448 Client Auth-ssl + +[45-TLS 1.3 Ed448 Client Auth-ssl] +server = 45-TLS 1.3 Ed448 Client Auth-server +client = 45-TLS 1.3 Ed448 Client Auth-client + +[45-TLS 1.3 Ed448 Client Auth-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Require + +[45-TLS 1.3 Ed448 Client Auth-client] +CipherString = DEFAULT +EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem +EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedClientCertType = Ed448 +ExpectedClientSignType = Ed448 +ExpectedResult = Success + + +# =========================================================== + +[46-TLS 1.2 DSA Certificate Test] +ssl_conf = 46-TLS 1.2 DSA Certificate Test-ssl + +[46-TLS 1.2 DSA Certificate Test-ssl] +server = 46-TLS 1.2 DSA Certificate Test-server +client = 46-TLS 1.2 DSA Certificate Test-client + +[46-TLS 1.2 DSA Certificate Test-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ALL +DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem +DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem +DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-TLS 1.2 DSA Certificate Test-client] +CipherString = ALL +SignatureAlgorithms = DSA+SHA256:DSA+SHA1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedResult = Success + + +# =========================================================== + +[47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms] +ssl_conf = 47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl + +[47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl] +server = 47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server +client = 47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client + +[47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem +VerifyMode = Request + +[47-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedResult = ServerFail + + +# =========================================================== + +[48-TLS 1.3 DSA Certificate Test] +ssl_conf = 48-TLS 1.3 DSA Certificate Test-ssl + +[48-TLS 1.3 DSA Certificate Test-ssl] +server = 48-TLS 1.3 DSA Certificate Test-server +client = 48-TLS 1.3 DSA Certificate Test-client + +[48-TLS 1.3 DSA Certificate Test-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = ALL +DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem +DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-TLS 1.3 DSA Certificate Test-client] +CipherString = ALL +SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedResult = ServerFail