17-renegotiate.cnf.in 8.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316
  1. # -*- mode: perl; -*-
  2. # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. ## Test Renegotiation
  9. use strict;
  10. use warnings;
  11. package ssltests;
  12. use OpenSSL::Test::Utils;
  13. our @tests = (
  14. {
  15. name => "renegotiate-client-no-resume",
  16. server => {
  17. "Options" => "NoResumptionOnRenegotiation",
  18. "MaxProtocol" => "TLSv1.2"
  19. },
  20. client => {},
  21. test => {
  22. "Method" => "TLS",
  23. "HandshakeMode" => "RenegotiateClient",
  24. "ResumptionExpected" => "No",
  25. "ExpectedResult" => "Success"
  26. }
  27. },
  28. {
  29. name => "renegotiate-client-resume",
  30. server => {
  31. "MaxProtocol" => "TLSv1.2"
  32. },
  33. client => {},
  34. test => {
  35. "Method" => "TLS",
  36. "HandshakeMode" => "RenegotiateClient",
  37. "ResumptionExpected" => "Yes",
  38. "ExpectedResult" => "Success"
  39. }
  40. },
  41. {
  42. name => "renegotiate-server-no-resume",
  43. server => {
  44. "Options" => "NoResumptionOnRenegotiation",
  45. "MaxProtocol" => "TLSv1.2"
  46. },
  47. client => {},
  48. test => {
  49. "Method" => "TLS",
  50. "HandshakeMode" => "RenegotiateServer",
  51. "ResumptionExpected" => "No",
  52. "ExpectedResult" => "Success"
  53. }
  54. },
  55. {
  56. name => "renegotiate-server-resume",
  57. server => {
  58. "MaxProtocol" => "TLSv1.2"
  59. },
  60. client => {},
  61. test => {
  62. "Method" => "TLS",
  63. "HandshakeMode" => "RenegotiateServer",
  64. "ResumptionExpected" => "Yes",
  65. "ExpectedResult" => "Success"
  66. }
  67. },
  68. {
  69. name => "renegotiate-client-auth-require",
  70. server => {
  71. "Options" => "NoResumptionOnRenegotiation",
  72. "MaxProtocol" => "TLSv1.2",
  73. "VerifyCAFile" => test_pem("root-cert.pem"),
  74. "VerifyMode" => "Require",
  75. },
  76. client => {
  77. "Certificate" => test_pem("ee-client-chain.pem"),
  78. "PrivateKey" => test_pem("ee-key.pem"),
  79. },
  80. test => {
  81. "Method" => "TLS",
  82. "HandshakeMode" => "RenegotiateServer",
  83. "ResumptionExpected" => "No",
  84. "ExpectedResult" => "Success"
  85. }
  86. },
  87. {
  88. name => "renegotiate-client-auth-once",
  89. server => {
  90. "Options" => "NoResumptionOnRenegotiation",
  91. "MaxProtocol" => "TLSv1.2",
  92. "VerifyCAFile" => test_pem("root-cert.pem"),
  93. "VerifyMode" => "Once",
  94. },
  95. client => {
  96. "Certificate" => test_pem("ee-client-chain.pem"),
  97. "PrivateKey" => test_pem("ee-key.pem"),
  98. },
  99. test => {
  100. "Method" => "TLS",
  101. "HandshakeMode" => "RenegotiateServer",
  102. "ResumptionExpected" => "No",
  103. "ExpectedResult" => "Success"
  104. }
  105. },
  106. {
  107. # Just test that UnsafeLegacyServerConnect option
  108. # exists, it won't have any real effect here
  109. name => "renegotiate-client-legacy-connect",
  110. server => {
  111. "MaxProtocol" => "TLSv1.2"
  112. },
  113. client => {
  114. "Options" => "UnsafeLegacyServerConnect",
  115. },
  116. test => {
  117. "Method" => "TLS",
  118. "HandshakeMode" => "RenegotiateClient",
  119. "ResumptionExpected" => "Yes",
  120. "ExpectedResult" => "Success"
  121. }
  122. },
  123. );
  124. our @tests_tls1_2 = (
  125. {
  126. name => "renegotiate-aead-to-non-aead",
  127. server => {
  128. "Options" => "NoResumptionOnRenegotiation",
  129. },
  130. client => {
  131. "CipherString" => "AES128-GCM-SHA256",
  132. "MaxProtocol" => "TLSv1.2",
  133. extra => {
  134. "RenegotiateCiphers" => "AES128-SHA"
  135. }
  136. },
  137. test => {
  138. "Method" => "TLS",
  139. "HandshakeMode" => "RenegotiateClient",
  140. "ResumptionExpected" => "No",
  141. "ExpectedResult" => "Success"
  142. }
  143. },
  144. {
  145. name => "renegotiate-non-aead-to-aead",
  146. server => {
  147. "Options" => "NoResumptionOnRenegotiation",
  148. },
  149. client => {
  150. "CipherString" => "AES128-SHA",
  151. "MaxProtocol" => "TLSv1.2",
  152. extra => {
  153. "RenegotiateCiphers" => "AES128-GCM-SHA256"
  154. }
  155. },
  156. test => {
  157. "Method" => "TLS",
  158. "HandshakeMode" => "RenegotiateClient",
  159. "ResumptionExpected" => "No",
  160. "ExpectedResult" => "Success"
  161. }
  162. },
  163. {
  164. name => "renegotiate-non-aead-to-non-aead",
  165. server => {
  166. "Options" => "NoResumptionOnRenegotiation",
  167. },
  168. client => {
  169. "CipherString" => "AES128-SHA",
  170. "MaxProtocol" => "TLSv1.2",
  171. extra => {
  172. "RenegotiateCiphers" => "AES256-SHA"
  173. }
  174. },
  175. test => {
  176. "Method" => "TLS",
  177. "HandshakeMode" => "RenegotiateClient",
  178. "ResumptionExpected" => "No",
  179. "ExpectedResult" => "Success"
  180. }
  181. },
  182. {
  183. name => "renegotiate-aead-to-aead",
  184. server => {
  185. "Options" => "NoResumptionOnRenegotiation",
  186. },
  187. client => {
  188. "CipherString" => "AES128-GCM-SHA256",
  189. "MaxProtocol" => "TLSv1.2",
  190. extra => {
  191. "RenegotiateCiphers" => "AES256-GCM-SHA384"
  192. }
  193. },
  194. test => {
  195. "Method" => "TLS",
  196. "HandshakeMode" => "RenegotiateClient",
  197. "ResumptionExpected" => "No",
  198. "ExpectedResult" => "Success"
  199. }
  200. },
  201. {
  202. name => "no-renegotiation-server-by-client",
  203. server => {
  204. "Options" => "NoRenegotiation",
  205. "MaxProtocol" => "TLSv1.2"
  206. },
  207. client => { },
  208. test => {
  209. "Method" => "TLS",
  210. "HandshakeMode" => "RenegotiateClient",
  211. "ResumptionExpected" => "No",
  212. "ExpectedResult" => "ClientFail"
  213. }
  214. },
  215. {
  216. name => "no-renegotiation-server-by-server",
  217. server => {
  218. "Options" => "NoRenegotiation",
  219. "MaxProtocol" => "TLSv1.2"
  220. },
  221. client => { },
  222. test => {
  223. "Method" => "TLS",
  224. "HandshakeMode" => "RenegotiateServer",
  225. "ResumptionExpected" => "No",
  226. "ExpectedResult" => "ServerFail"
  227. }
  228. },
  229. {
  230. name => "no-renegotiation-client-by-server",
  231. server => {
  232. "MaxProtocol" => "TLSv1.2"
  233. },
  234. client => {
  235. "Options" => "NoRenegotiation",
  236. },
  237. test => {
  238. "Method" => "TLS",
  239. "HandshakeMode" => "RenegotiateServer",
  240. "ResumptionExpected" => "No",
  241. "ExpectedResult" => "ServerFail"
  242. }
  243. },
  244. {
  245. name => "no-renegotiation-client-by-client",
  246. server => {
  247. "MaxProtocol" => "TLSv1.2"
  248. },
  249. client => {
  250. "Options" => "NoRenegotiation",
  251. },
  252. test => {
  253. "Method" => "TLS",
  254. "HandshakeMode" => "RenegotiateClient",
  255. "ResumptionExpected" => "No",
  256. "ExpectedResult" => "ClientFail"
  257. }
  258. },
  259. {
  260. name => "no-extms-on-renegotiation",
  261. server => {
  262. "MaxProtocol" => "TLSv1.2"
  263. },
  264. client => {
  265. "MaxProtocol" => "TLSv1.2",
  266. extra => {
  267. "RenegotiateNoExtms" => "Yes"
  268. }
  269. },
  270. test => {
  271. "Method" => "TLS",
  272. "HandshakeMode" => "RenegotiateClient",
  273. "ResumptionExpected" => "No",
  274. "ExpectedResult" => "ServerFail"
  275. }
  276. },
  277. {
  278. name => "allow-client-renegotiation",
  279. server => {
  280. "MaxProtocol" => "TLSv1.2",
  281. },
  282. client => {
  283. "MaxProtocol" => "TLSv1.2"
  284. },
  285. test => {
  286. "Method" => "TLS",
  287. "HandshakeMode" => "RenegotiateClient",
  288. "ResumptionExpected" => "Yes",
  289. "ExpectedResult" => "Success"
  290. }
  291. },
  292. {
  293. name => "no-client-renegotiation",
  294. server => {
  295. "MaxProtocol" => "TLSv1.2",
  296. "Options" => "-ClientRenegotiation"
  297. },
  298. client => {
  299. "MaxProtocol" => "TLSv1.2",
  300. },
  301. test => {
  302. "Method" => "TLS",
  303. "HandshakeMode" => "RenegotiateClient",
  304. "ResumptionExpected" => "No",
  305. "ExpectedResult" => "ClientFail",
  306. "ExpectedServerAlert" => "NoRenegotiation"
  307. }
  308. }
  309. );
  310. push @tests, @tests_tls1_2 unless disabled("tls1_2");