20-cert-select.cnf 65 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842
  1. # Generated with generate_ssl_tests.pl
  2. num_tests = 57
  3. test-0 = 0-ECDSA CipherString Selection
  4. test-1 = 1-ECDSA CipherString Selection
  5. test-2 = 2-ECDSA CipherString Selection
  6. test-3 = 3-RSA CipherString Selection
  7. test-4 = 4-P-256 CipherString and Signature Algorithm Selection
  8. test-5 = 5-ECDSA CipherString Selection, no ECDSA certificate
  9. test-6 = 6-ECDSA Signature Algorithm Selection
  10. test-7 = 7-ECDSA Signature Algorithm Selection SHA384
  11. test-8 = 8-ECDSA Signature Algorithm Selection compressed point
  12. test-9 = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate
  13. test-10 = 10-RSA Signature Algorithm Selection
  14. test-11 = 11-RSA-PSS Signature Algorithm Selection
  15. test-12 = 12-RSA key exchange with all RSA certificate types
  16. test-13 = 13-Suite B P-256 Hash Algorithm Selection
  17. test-14 = 14-Suite B P-384 Hash Algorithm Selection
  18. test-15 = 15-Ed25519 CipherString and Signature Algorithm Selection
  19. test-16 = 16-Ed448 CipherString and Signature Algorithm Selection
  20. test-17 = 17-Ed25519 CipherString and Curves Selection
  21. test-18 = 18-Ed448 CipherString and Curves Selection
  22. test-19 = 19-TLS 1.2 Ed25519 Client Auth
  23. test-20 = 20-TLS 1.2 Ed448 Client Auth
  24. test-21 = 21-ECDSA Signature Algorithm Selection SHA1
  25. test-22 = 22-ECDSA with brainpool
  26. test-23 = 23-RSA-PSS Certificate CipherString Selection
  27. test-24 = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection
  28. test-25 = 25-RSA-PSS Certificate Unified Signature Algorithm Selection
  29. test-26 = 26-Only RSA-PSS Certificate
  30. test-27 = 27-Only RSA-PSS Certificate Valid Signature Algorithms
  31. test-28 = 28-RSA-PSS Certificate, no PSS signature algorithms
  32. test-29 = 29-Only RSA-PSS Restricted Certificate
  33. test-30 = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms
  34. test-31 = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm
  35. test-32 = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms
  36. test-33 = 33-RSA key exchange with only RSA-PSS certificate
  37. test-34 = 34-Only RSA-PSS Certificate, TLS v1.1
  38. test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection
  39. test-36 = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
  40. test-37 = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
  41. test-38 = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
  42. test-39 = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
  43. test-40 = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
  44. test-41 = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS
  45. test-42 = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection
  46. test-43 = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection
  47. test-44 = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names
  48. test-45 = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
  49. test-46 = 46-TLS 1.3 Ed25519 Signature Algorithm Selection
  50. test-47 = 47-TLS 1.3 Ed448 Signature Algorithm Selection
  51. test-48 = 48-TLS 1.3 Ed25519 CipherString and Groups Selection
  52. test-49 = 49-TLS 1.3 Ed448 CipherString and Groups Selection
  53. test-50 = 50-TLS 1.3 Ed25519 Client Auth
  54. test-51 = 51-TLS 1.3 Ed448 Client Auth
  55. test-52 = 52-TLS 1.3 ECDSA with brainpool but no suitable groups
  56. test-53 = 53-TLS 1.3 ECDSA with brainpool
  57. test-54 = 54-TLS 1.2 DSA Certificate Test
  58. test-55 = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
  59. test-56 = 56-TLS 1.3 DSA Certificate Test
  60. # ===========================================================
  61. [0-ECDSA CipherString Selection]
  62. ssl_conf = 0-ECDSA CipherString Selection-ssl
  63. [0-ECDSA CipherString Selection-ssl]
  64. server = 0-ECDSA CipherString Selection-server
  65. client = 0-ECDSA CipherString Selection-client
  66. [0-ECDSA CipherString Selection-server]
  67. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  68. CipherString = DEFAULT
  69. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  70. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  71. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  72. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  73. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  74. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  75. MaxProtocol = TLSv1.2
  76. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  77. [0-ECDSA CipherString Selection-client]
  78. CipherString = aECDSA
  79. MaxProtocol = TLSv1.2
  80. RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  81. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  82. VerifyMode = Peer
  83. [test-0]
  84. ExpectedResult = Success
  85. ExpectedServerCANames = empty
  86. ExpectedServerCertType = P-256
  87. ExpectedServerSignType = EC
  88. # ===========================================================
  89. [1-ECDSA CipherString Selection]
  90. ssl_conf = 1-ECDSA CipherString Selection-ssl
  91. [1-ECDSA CipherString Selection-ssl]
  92. server = 1-ECDSA CipherString Selection-server
  93. client = 1-ECDSA CipherString Selection-client
  94. [1-ECDSA CipherString Selection-server]
  95. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  96. CipherString = DEFAULT
  97. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  98. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  99. Groups = P-384
  100. MaxProtocol = TLSv1.2
  101. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  102. [1-ECDSA CipherString Selection-client]
  103. CipherString = aECDSA
  104. Groups = P-256:P-384
  105. MaxProtocol = TLSv1.2
  106. RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  107. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  108. VerifyMode = Peer
  109. [test-1]
  110. ExpectedResult = Success
  111. ExpectedServerCANames = empty
  112. ExpectedServerCertType = P-256
  113. ExpectedServerSignType = EC
  114. # ===========================================================
  115. [2-ECDSA CipherString Selection]
  116. ssl_conf = 2-ECDSA CipherString Selection-ssl
  117. [2-ECDSA CipherString Selection-ssl]
  118. server = 2-ECDSA CipherString Selection-server
  119. client = 2-ECDSA CipherString Selection-client
  120. [2-ECDSA CipherString Selection-server]
  121. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  122. CipherString = DEFAULT
  123. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  124. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  125. Groups = P-256:P-384
  126. MaxProtocol = TLSv1.2
  127. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  128. [2-ECDSA CipherString Selection-client]
  129. CipherString = aECDSA
  130. Groups = P-384
  131. MaxProtocol = TLSv1.2
  132. RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  133. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  134. VerifyMode = Peer
  135. [test-2]
  136. ExpectedResult = ServerFail
  137. # ===========================================================
  138. [3-RSA CipherString Selection]
  139. ssl_conf = 3-RSA CipherString Selection-ssl
  140. [3-RSA CipherString Selection-ssl]
  141. server = 3-RSA CipherString Selection-server
  142. client = 3-RSA CipherString Selection-client
  143. [3-RSA CipherString Selection-server]
  144. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  145. CipherString = DEFAULT
  146. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  147. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  148. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  149. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  150. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  151. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  152. MaxProtocol = TLSv1.2
  153. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  154. [3-RSA CipherString Selection-client]
  155. CipherString = aRSA
  156. MaxProtocol = TLSv1.2
  157. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  158. VerifyMode = Peer
  159. [test-3]
  160. ExpectedResult = Success
  161. ExpectedServerCertType = RSA
  162. ExpectedServerSignType = RSA-PSS
  163. # ===========================================================
  164. [4-P-256 CipherString and Signature Algorithm Selection]
  165. ssl_conf = 4-P-256 CipherString and Signature Algorithm Selection-ssl
  166. [4-P-256 CipherString and Signature Algorithm Selection-ssl]
  167. server = 4-P-256 CipherString and Signature Algorithm Selection-server
  168. client = 4-P-256 CipherString and Signature Algorithm Selection-client
  169. [4-P-256 CipherString and Signature Algorithm Selection-server]
  170. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  171. CipherString = DEFAULT
  172. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  173. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  174. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  175. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  176. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  177. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  178. MaxProtocol = TLSv1.2
  179. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  180. [4-P-256 CipherString and Signature Algorithm Selection-client]
  181. CipherString = aECDSA
  182. MaxProtocol = TLSv1.2
  183. SignatureAlgorithms = ECDSA+SHA256:ed25519
  184. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  185. VerifyMode = Peer
  186. [test-4]
  187. ExpectedResult = Success
  188. ExpectedServerCertType = P-256
  189. ExpectedServerSignHash = SHA256
  190. ExpectedServerSignType = EC
  191. # ===========================================================
  192. [5-ECDSA CipherString Selection, no ECDSA certificate]
  193. ssl_conf = 5-ECDSA CipherString Selection, no ECDSA certificate-ssl
  194. [5-ECDSA CipherString Selection, no ECDSA certificate-ssl]
  195. server = 5-ECDSA CipherString Selection, no ECDSA certificate-server
  196. client = 5-ECDSA CipherString Selection, no ECDSA certificate-client
  197. [5-ECDSA CipherString Selection, no ECDSA certificate-server]
  198. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  199. CipherString = DEFAULT
  200. MaxProtocol = TLSv1.2
  201. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  202. [5-ECDSA CipherString Selection, no ECDSA certificate-client]
  203. CipherString = aECDSA
  204. MaxProtocol = TLSv1.2
  205. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  206. VerifyMode = Peer
  207. [test-5]
  208. ExpectedResult = ServerFail
  209. # ===========================================================
  210. [6-ECDSA Signature Algorithm Selection]
  211. ssl_conf = 6-ECDSA Signature Algorithm Selection-ssl
  212. [6-ECDSA Signature Algorithm Selection-ssl]
  213. server = 6-ECDSA Signature Algorithm Selection-server
  214. client = 6-ECDSA Signature Algorithm Selection-client
  215. [6-ECDSA Signature Algorithm Selection-server]
  216. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  217. CipherString = DEFAULT
  218. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  219. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  220. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  221. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  222. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  223. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  224. MaxProtocol = TLSv1.2
  225. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  226. [6-ECDSA Signature Algorithm Selection-client]
  227. CipherString = DEFAULT
  228. SignatureAlgorithms = ECDSA+SHA256
  229. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  230. VerifyMode = Peer
  231. [test-6]
  232. ExpectedResult = Success
  233. ExpectedServerCertType = P-256
  234. ExpectedServerSignHash = SHA256
  235. ExpectedServerSignType = EC
  236. # ===========================================================
  237. [7-ECDSA Signature Algorithm Selection SHA384]
  238. ssl_conf = 7-ECDSA Signature Algorithm Selection SHA384-ssl
  239. [7-ECDSA Signature Algorithm Selection SHA384-ssl]
  240. server = 7-ECDSA Signature Algorithm Selection SHA384-server
  241. client = 7-ECDSA Signature Algorithm Selection SHA384-client
  242. [7-ECDSA Signature Algorithm Selection SHA384-server]
  243. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  244. CipherString = DEFAULT
  245. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  246. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  247. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  248. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  249. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  250. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  251. MaxProtocol = TLSv1.2
  252. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  253. [7-ECDSA Signature Algorithm Selection SHA384-client]
  254. CipherString = DEFAULT
  255. SignatureAlgorithms = ECDSA+SHA384
  256. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  257. VerifyMode = Peer
  258. [test-7]
  259. ExpectedResult = Success
  260. ExpectedServerCertType = P-256
  261. ExpectedServerSignHash = SHA384
  262. ExpectedServerSignType = EC
  263. # ===========================================================
  264. [8-ECDSA Signature Algorithm Selection compressed point]
  265. ssl_conf = 8-ECDSA Signature Algorithm Selection compressed point-ssl
  266. [8-ECDSA Signature Algorithm Selection compressed point-ssl]
  267. server = 8-ECDSA Signature Algorithm Selection compressed point-server
  268. client = 8-ECDSA Signature Algorithm Selection compressed point-client
  269. [8-ECDSA Signature Algorithm Selection compressed point-server]
  270. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  271. CipherString = DEFAULT
  272. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
  273. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
  274. MaxProtocol = TLSv1.2
  275. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  276. [8-ECDSA Signature Algorithm Selection compressed point-client]
  277. CipherString = DEFAULT
  278. SignatureAlgorithms = ECDSA+SHA256
  279. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  280. VerifyMode = Peer
  281. [test-8]
  282. ExpectedResult = Success
  283. ExpectedServerCertType = P-256
  284. ExpectedServerSignHash = SHA256
  285. ExpectedServerSignType = EC
  286. # ===========================================================
  287. [9-ECDSA Signature Algorithm Selection, no ECDSA certificate]
  288. ssl_conf = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
  289. [9-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
  290. server = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
  291. client = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
  292. [9-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
  293. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  294. CipherString = DEFAULT
  295. MaxProtocol = TLSv1.2
  296. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  297. [9-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
  298. CipherString = DEFAULT
  299. SignatureAlgorithms = ECDSA+SHA256
  300. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  301. VerifyMode = Peer
  302. [test-9]
  303. ExpectedResult = ServerFail
  304. # ===========================================================
  305. [10-RSA Signature Algorithm Selection]
  306. ssl_conf = 10-RSA Signature Algorithm Selection-ssl
  307. [10-RSA Signature Algorithm Selection-ssl]
  308. server = 10-RSA Signature Algorithm Selection-server
  309. client = 10-RSA Signature Algorithm Selection-client
  310. [10-RSA Signature Algorithm Selection-server]
  311. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  312. CipherString = DEFAULT
  313. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  314. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  315. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  316. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  317. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  318. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  319. MaxProtocol = TLSv1.2
  320. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  321. [10-RSA Signature Algorithm Selection-client]
  322. CipherString = DEFAULT
  323. SignatureAlgorithms = RSA+SHA256
  324. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  325. VerifyMode = Peer
  326. [test-10]
  327. ExpectedResult = Success
  328. ExpectedServerCertType = RSA
  329. ExpectedServerSignHash = SHA256
  330. ExpectedServerSignType = RSA
  331. # ===========================================================
  332. [11-RSA-PSS Signature Algorithm Selection]
  333. ssl_conf = 11-RSA-PSS Signature Algorithm Selection-ssl
  334. [11-RSA-PSS Signature Algorithm Selection-ssl]
  335. server = 11-RSA-PSS Signature Algorithm Selection-server
  336. client = 11-RSA-PSS Signature Algorithm Selection-client
  337. [11-RSA-PSS Signature Algorithm Selection-server]
  338. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  339. CipherString = DEFAULT
  340. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  341. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  342. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  343. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  344. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  345. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  346. MaxProtocol = TLSv1.2
  347. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  348. [11-RSA-PSS Signature Algorithm Selection-client]
  349. CipherString = DEFAULT
  350. SignatureAlgorithms = RSA-PSS+SHA256
  351. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  352. VerifyMode = Peer
  353. [test-11]
  354. ExpectedResult = Success
  355. ExpectedServerCertType = RSA
  356. ExpectedServerSignHash = SHA256
  357. ExpectedServerSignType = RSA-PSS
  358. # ===========================================================
  359. [12-RSA key exchange with all RSA certificate types]
  360. ssl_conf = 12-RSA key exchange with all RSA certificate types-ssl
  361. [12-RSA key exchange with all RSA certificate types-ssl]
  362. server = 12-RSA key exchange with all RSA certificate types-server
  363. client = 12-RSA key exchange with all RSA certificate types-client
  364. [12-RSA key exchange with all RSA certificate types-server]
  365. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  366. CipherString = DEFAULT
  367. PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
  368. PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
  369. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  370. [12-RSA key exchange with all RSA certificate types-client]
  371. CipherString = kRSA
  372. MaxProtocol = TLSv1.2
  373. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  374. VerifyMode = Peer
  375. [test-12]
  376. ExpectedResult = Success
  377. ExpectedServerCertType = RSA
  378. # ===========================================================
  379. [13-Suite B P-256 Hash Algorithm Selection]
  380. ssl_conf = 13-Suite B P-256 Hash Algorithm Selection-ssl
  381. [13-Suite B P-256 Hash Algorithm Selection-ssl]
  382. server = 13-Suite B P-256 Hash Algorithm Selection-server
  383. client = 13-Suite B P-256 Hash Algorithm Selection-client
  384. [13-Suite B P-256 Hash Algorithm Selection-server]
  385. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  386. CipherString = SUITEB128
  387. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
  388. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem
  389. MaxProtocol = TLSv1.2
  390. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  391. [13-Suite B P-256 Hash Algorithm Selection-client]
  392. CipherString = DEFAULT
  393. SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256
  394. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
  395. VerifyMode = Peer
  396. [test-13]
  397. ExpectedResult = Success
  398. ExpectedServerCertType = P-256
  399. ExpectedServerSignHash = SHA256
  400. ExpectedServerSignType = EC
  401. # ===========================================================
  402. [14-Suite B P-384 Hash Algorithm Selection]
  403. ssl_conf = 14-Suite B P-384 Hash Algorithm Selection-ssl
  404. [14-Suite B P-384 Hash Algorithm Selection-ssl]
  405. server = 14-Suite B P-384 Hash Algorithm Selection-server
  406. client = 14-Suite B P-384 Hash Algorithm Selection-client
  407. [14-Suite B P-384 Hash Algorithm Selection-server]
  408. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  409. CipherString = SUITEB128
  410. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
  411. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
  412. MaxProtocol = TLSv1.2
  413. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  414. [14-Suite B P-384 Hash Algorithm Selection-client]
  415. CipherString = DEFAULT
  416. SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384
  417. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
  418. VerifyMode = Peer
  419. [test-14]
  420. ExpectedResult = Success
  421. ExpectedServerCertType = P-384
  422. ExpectedServerSignHash = SHA384
  423. ExpectedServerSignType = EC
  424. # ===========================================================
  425. [15-Ed25519 CipherString and Signature Algorithm Selection]
  426. ssl_conf = 15-Ed25519 CipherString and Signature Algorithm Selection-ssl
  427. [15-Ed25519 CipherString and Signature Algorithm Selection-ssl]
  428. server = 15-Ed25519 CipherString and Signature Algorithm Selection-server
  429. client = 15-Ed25519 CipherString and Signature Algorithm Selection-client
  430. [15-Ed25519 CipherString and Signature Algorithm Selection-server]
  431. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  432. CipherString = DEFAULT
  433. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  434. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  435. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  436. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  437. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  438. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  439. MaxProtocol = TLSv1.2
  440. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  441. [15-Ed25519 CipherString and Signature Algorithm Selection-client]
  442. CipherString = aECDSA
  443. MaxProtocol = TLSv1.2
  444. RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  445. SignatureAlgorithms = ed25519:ECDSA+SHA256
  446. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  447. VerifyMode = Peer
  448. [test-15]
  449. ExpectedResult = Success
  450. ExpectedServerCANames = empty
  451. ExpectedServerCertType = Ed25519
  452. ExpectedServerSignType = Ed25519
  453. # ===========================================================
  454. [16-Ed448 CipherString and Signature Algorithm Selection]
  455. ssl_conf = 16-Ed448 CipherString and Signature Algorithm Selection-ssl
  456. [16-Ed448 CipherString and Signature Algorithm Selection-ssl]
  457. server = 16-Ed448 CipherString and Signature Algorithm Selection-server
  458. client = 16-Ed448 CipherString and Signature Algorithm Selection-client
  459. [16-Ed448 CipherString and Signature Algorithm Selection-server]
  460. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  461. CipherString = DEFAULT
  462. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  463. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  464. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  465. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  466. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  467. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  468. MaxProtocol = TLSv1.2
  469. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  470. [16-Ed448 CipherString and Signature Algorithm Selection-client]
  471. CipherString = aECDSA
  472. MaxProtocol = TLSv1.2
  473. RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
  474. SignatureAlgorithms = ed448:ECDSA+SHA256
  475. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
  476. VerifyMode = Peer
  477. [test-16]
  478. ExpectedResult = Success
  479. ExpectedServerCANames = empty
  480. ExpectedServerCertType = Ed448
  481. ExpectedServerSignType = Ed448
  482. # ===========================================================
  483. [17-Ed25519 CipherString and Curves Selection]
  484. ssl_conf = 17-Ed25519 CipherString and Curves Selection-ssl
  485. [17-Ed25519 CipherString and Curves Selection-ssl]
  486. server = 17-Ed25519 CipherString and Curves Selection-server
  487. client = 17-Ed25519 CipherString and Curves Selection-client
  488. [17-Ed25519 CipherString and Curves Selection-server]
  489. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  490. CipherString = DEFAULT
  491. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  492. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  493. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  494. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  495. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  496. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  497. MaxProtocol = TLSv1.2
  498. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  499. [17-Ed25519 CipherString and Curves Selection-client]
  500. CipherString = aECDSA
  501. Curves = X25519
  502. MaxProtocol = TLSv1.2
  503. SignatureAlgorithms = ECDSA+SHA256:ed25519
  504. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  505. VerifyMode = Peer
  506. [test-17]
  507. ExpectedResult = Success
  508. ExpectedServerCertType = Ed25519
  509. ExpectedServerSignType = Ed25519
  510. # ===========================================================
  511. [18-Ed448 CipherString and Curves Selection]
  512. ssl_conf = 18-Ed448 CipherString and Curves Selection-ssl
  513. [18-Ed448 CipherString and Curves Selection-ssl]
  514. server = 18-Ed448 CipherString and Curves Selection-server
  515. client = 18-Ed448 CipherString and Curves Selection-client
  516. [18-Ed448 CipherString and Curves Selection-server]
  517. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  518. CipherString = DEFAULT
  519. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  520. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  521. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  522. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  523. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  524. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  525. MaxProtocol = TLSv1.2
  526. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  527. [18-Ed448 CipherString and Curves Selection-client]
  528. CipherString = aECDSA
  529. Curves = X448
  530. MaxProtocol = TLSv1.2
  531. SignatureAlgorithms = ECDSA+SHA256:ed448
  532. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
  533. VerifyMode = Peer
  534. [test-18]
  535. ExpectedResult = Success
  536. ExpectedServerCertType = Ed448
  537. ExpectedServerSignType = Ed448
  538. # ===========================================================
  539. [19-TLS 1.2 Ed25519 Client Auth]
  540. ssl_conf = 19-TLS 1.2 Ed25519 Client Auth-ssl
  541. [19-TLS 1.2 Ed25519 Client Auth-ssl]
  542. server = 19-TLS 1.2 Ed25519 Client Auth-server
  543. client = 19-TLS 1.2 Ed25519 Client Auth-client
  544. [19-TLS 1.2 Ed25519 Client Auth-server]
  545. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  546. CipherString = DEFAULT
  547. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  548. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  549. VerifyMode = Require
  550. [19-TLS 1.2 Ed25519 Client Auth-client]
  551. CipherString = DEFAULT
  552. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
  553. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
  554. MaxProtocol = TLSv1.2
  555. MinProtocol = TLSv1.2
  556. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  557. VerifyMode = Peer
  558. [test-19]
  559. ExpectedClientCertType = Ed25519
  560. ExpectedClientSignType = Ed25519
  561. ExpectedResult = Success
  562. # ===========================================================
  563. [20-TLS 1.2 Ed448 Client Auth]
  564. ssl_conf = 20-TLS 1.2 Ed448 Client Auth-ssl
  565. [20-TLS 1.2 Ed448 Client Auth-ssl]
  566. server = 20-TLS 1.2 Ed448 Client Auth-server
  567. client = 20-TLS 1.2 Ed448 Client Auth-client
  568. [20-TLS 1.2 Ed448 Client Auth-server]
  569. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  570. CipherString = DEFAULT
  571. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  572. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  573. VerifyMode = Require
  574. [20-TLS 1.2 Ed448 Client Auth-client]
  575. CipherString = DEFAULT
  576. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
  577. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
  578. MaxProtocol = TLSv1.2
  579. MinProtocol = TLSv1.2
  580. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  581. VerifyMode = Peer
  582. [test-20]
  583. ExpectedClientCertType = Ed448
  584. ExpectedClientSignType = Ed448
  585. ExpectedResult = Success
  586. # ===========================================================
  587. [21-ECDSA Signature Algorithm Selection SHA1]
  588. ssl_conf = 21-ECDSA Signature Algorithm Selection SHA1-ssl
  589. [21-ECDSA Signature Algorithm Selection SHA1-ssl]
  590. server = 21-ECDSA Signature Algorithm Selection SHA1-server
  591. client = 21-ECDSA Signature Algorithm Selection SHA1-client
  592. [21-ECDSA Signature Algorithm Selection SHA1-server]
  593. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  594. CipherString = DEFAULT:@SECLEVEL=0
  595. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  596. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  597. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  598. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  599. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  600. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  601. MaxProtocol = TLSv1.2
  602. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  603. [21-ECDSA Signature Algorithm Selection SHA1-client]
  604. CipherString = DEFAULT:@SECLEVEL=0
  605. SignatureAlgorithms = ECDSA+SHA1
  606. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  607. VerifyMode = Peer
  608. [test-21]
  609. ExpectedResult = Success
  610. ExpectedServerCertType = P-256
  611. ExpectedServerSignHash = SHA1
  612. ExpectedServerSignType = EC
  613. # ===========================================================
  614. [22-ECDSA with brainpool]
  615. ssl_conf = 22-ECDSA with brainpool-ssl
  616. [22-ECDSA with brainpool-ssl]
  617. server = 22-ECDSA with brainpool-server
  618. client = 22-ECDSA with brainpool-client
  619. [22-ECDSA with brainpool-server]
  620. Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
  621. CipherString = DEFAULT
  622. Groups = brainpoolP256r1
  623. PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
  624. [22-ECDSA with brainpool-client]
  625. CipherString = aECDSA
  626. Groups = brainpoolP256r1
  627. MaxProtocol = TLSv1.2
  628. RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  629. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  630. VerifyMode = Peer
  631. [test-22]
  632. ExpectedResult = Success
  633. ExpectedServerCANames = empty
  634. ExpectedServerCertType = brainpoolP256r1
  635. ExpectedServerSignType = EC
  636. # ===========================================================
  637. [23-RSA-PSS Certificate CipherString Selection]
  638. ssl_conf = 23-RSA-PSS Certificate CipherString Selection-ssl
  639. [23-RSA-PSS Certificate CipherString Selection-ssl]
  640. server = 23-RSA-PSS Certificate CipherString Selection-server
  641. client = 23-RSA-PSS Certificate CipherString Selection-client
  642. [23-RSA-PSS Certificate CipherString Selection-server]
  643. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  644. CipherString = DEFAULT
  645. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  646. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  647. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  648. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  649. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  650. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  651. MaxProtocol = TLSv1.2
  652. PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
  653. PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
  654. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  655. [23-RSA-PSS Certificate CipherString Selection-client]
  656. CipherString = aRSA
  657. MaxProtocol = TLSv1.2
  658. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  659. VerifyMode = Peer
  660. [test-23]
  661. ExpectedResult = Success
  662. ExpectedServerCertType = RSA-PSS
  663. ExpectedServerSignType = RSA-PSS
  664. # ===========================================================
  665. [24-RSA-PSS Certificate Legacy Signature Algorithm Selection]
  666. ssl_conf = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl
  667. [24-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl]
  668. server = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection-server
  669. client = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection-client
  670. [24-RSA-PSS Certificate Legacy Signature Algorithm Selection-server]
  671. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  672. CipherString = DEFAULT
  673. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  674. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  675. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  676. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  677. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  678. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  679. MaxProtocol = TLSv1.2
  680. PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
  681. PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
  682. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  683. [24-RSA-PSS Certificate Legacy Signature Algorithm Selection-client]
  684. CipherString = DEFAULT
  685. SignatureAlgorithms = RSA-PSS+SHA256
  686. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  687. VerifyMode = Peer
  688. [test-24]
  689. ExpectedResult = Success
  690. ExpectedServerCertType = RSA
  691. ExpectedServerSignHash = SHA256
  692. ExpectedServerSignType = RSA-PSS
  693. # ===========================================================
  694. [25-RSA-PSS Certificate Unified Signature Algorithm Selection]
  695. ssl_conf = 25-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl
  696. [25-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl]
  697. server = 25-RSA-PSS Certificate Unified Signature Algorithm Selection-server
  698. client = 25-RSA-PSS Certificate Unified Signature Algorithm Selection-client
  699. [25-RSA-PSS Certificate Unified Signature Algorithm Selection-server]
  700. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  701. CipherString = DEFAULT
  702. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  703. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  704. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  705. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  706. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  707. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  708. MaxProtocol = TLSv1.2
  709. PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
  710. PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
  711. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  712. [25-RSA-PSS Certificate Unified Signature Algorithm Selection-client]
  713. CipherString = DEFAULT
  714. SignatureAlgorithms = rsa_pss_pss_sha256
  715. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  716. VerifyMode = Peer
  717. [test-25]
  718. ExpectedResult = Success
  719. ExpectedServerCertType = RSA-PSS
  720. ExpectedServerSignHash = SHA256
  721. ExpectedServerSignType = RSA-PSS
  722. # ===========================================================
  723. [26-Only RSA-PSS Certificate]
  724. ssl_conf = 26-Only RSA-PSS Certificate-ssl
  725. [26-Only RSA-PSS Certificate-ssl]
  726. server = 26-Only RSA-PSS Certificate-server
  727. client = 26-Only RSA-PSS Certificate-client
  728. [26-Only RSA-PSS Certificate-server]
  729. Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
  730. CipherString = DEFAULT
  731. PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
  732. [26-Only RSA-PSS Certificate-client]
  733. CipherString = DEFAULT
  734. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  735. VerifyMode = Peer
  736. [test-26]
  737. ExpectedResult = Success
  738. ExpectedServerCertType = RSA-PSS
  739. ExpectedServerSignHash = SHA256
  740. ExpectedServerSignType = RSA-PSS
  741. # ===========================================================
  742. [27-Only RSA-PSS Certificate Valid Signature Algorithms]
  743. ssl_conf = 27-Only RSA-PSS Certificate Valid Signature Algorithms-ssl
  744. [27-Only RSA-PSS Certificate Valid Signature Algorithms-ssl]
  745. server = 27-Only RSA-PSS Certificate Valid Signature Algorithms-server
  746. client = 27-Only RSA-PSS Certificate Valid Signature Algorithms-client
  747. [27-Only RSA-PSS Certificate Valid Signature Algorithms-server]
  748. Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
  749. CipherString = DEFAULT
  750. PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
  751. [27-Only RSA-PSS Certificate Valid Signature Algorithms-client]
  752. CipherString = DEFAULT
  753. SignatureAlgorithms = rsa_pss_pss_sha512
  754. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  755. VerifyMode = Peer
  756. [test-27]
  757. ExpectedResult = Success
  758. ExpectedServerCertType = RSA-PSS
  759. ExpectedServerSignHash = SHA512
  760. ExpectedServerSignType = RSA-PSS
  761. # ===========================================================
  762. [28-RSA-PSS Certificate, no PSS signature algorithms]
  763. ssl_conf = 28-RSA-PSS Certificate, no PSS signature algorithms-ssl
  764. [28-RSA-PSS Certificate, no PSS signature algorithms-ssl]
  765. server = 28-RSA-PSS Certificate, no PSS signature algorithms-server
  766. client = 28-RSA-PSS Certificate, no PSS signature algorithms-client
  767. [28-RSA-PSS Certificate, no PSS signature algorithms-server]
  768. Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
  769. CipherString = DEFAULT
  770. PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
  771. [28-RSA-PSS Certificate, no PSS signature algorithms-client]
  772. CipherString = DEFAULT
  773. SignatureAlgorithms = RSA+SHA256
  774. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  775. VerifyMode = Peer
  776. [test-28]
  777. ExpectedResult = ServerFail
  778. # ===========================================================
  779. [29-Only RSA-PSS Restricted Certificate]
  780. ssl_conf = 29-Only RSA-PSS Restricted Certificate-ssl
  781. [29-Only RSA-PSS Restricted Certificate-ssl]
  782. server = 29-Only RSA-PSS Restricted Certificate-server
  783. client = 29-Only RSA-PSS Restricted Certificate-client
  784. [29-Only RSA-PSS Restricted Certificate-server]
  785. Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
  786. CipherString = DEFAULT
  787. PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
  788. [29-Only RSA-PSS Restricted Certificate-client]
  789. CipherString = DEFAULT
  790. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  791. VerifyMode = Peer
  792. [test-29]
  793. ExpectedResult = Success
  794. ExpectedServerCertType = RSA-PSS
  795. ExpectedServerSignHash = SHA256
  796. ExpectedServerSignType = RSA-PSS
  797. # ===========================================================
  798. [30-RSA-PSS Restricted Certificate Valid Signature Algorithms]
  799. ssl_conf = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl
  800. [30-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl]
  801. server = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms-server
  802. client = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms-client
  803. [30-RSA-PSS Restricted Certificate Valid Signature Algorithms-server]
  804. Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
  805. CipherString = DEFAULT
  806. PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
  807. [30-RSA-PSS Restricted Certificate Valid Signature Algorithms-client]
  808. CipherString = DEFAULT
  809. SignatureAlgorithms = rsa_pss_pss_sha256:rsa_pss_pss_sha512
  810. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  811. VerifyMode = Peer
  812. [test-30]
  813. ExpectedResult = Success
  814. ExpectedServerCertType = RSA-PSS
  815. ExpectedServerSignHash = SHA256
  816. ExpectedServerSignType = RSA-PSS
  817. # ===========================================================
  818. [31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm]
  819. ssl_conf = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl
  820. [31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl]
  821. server = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server
  822. client = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client
  823. [31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server]
  824. Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
  825. CipherString = DEFAULT
  826. PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
  827. [31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client]
  828. CipherString = DEFAULT
  829. SignatureAlgorithms = rsa_pss_pss_sha512:rsa_pss_pss_sha256
  830. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  831. VerifyMode = Peer
  832. [test-31]
  833. ExpectedResult = Success
  834. ExpectedServerCertType = RSA-PSS
  835. ExpectedServerSignHash = SHA256
  836. ExpectedServerSignType = RSA-PSS
  837. # ===========================================================
  838. [32-RSA-PSS Restricted Certificate Invalid Signature Algorithms]
  839. ssl_conf = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl
  840. [32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl]
  841. server = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server
  842. client = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client
  843. [32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server]
  844. Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
  845. CipherString = DEFAULT
  846. PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
  847. [32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client]
  848. CipherString = DEFAULT
  849. SignatureAlgorithms = rsa_pss_pss_sha512
  850. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  851. VerifyMode = Peer
  852. [test-32]
  853. ExpectedResult = ServerFail
  854. # ===========================================================
  855. [33-RSA key exchange with only RSA-PSS certificate]
  856. ssl_conf = 33-RSA key exchange with only RSA-PSS certificate-ssl
  857. [33-RSA key exchange with only RSA-PSS certificate-ssl]
  858. server = 33-RSA key exchange with only RSA-PSS certificate-server
  859. client = 33-RSA key exchange with only RSA-PSS certificate-client
  860. [33-RSA key exchange with only RSA-PSS certificate-server]
  861. Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
  862. CipherString = DEFAULT
  863. PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
  864. [33-RSA key exchange with only RSA-PSS certificate-client]
  865. CipherString = kRSA
  866. MaxProtocol = TLSv1.2
  867. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  868. VerifyMode = Peer
  869. [test-33]
  870. ExpectedResult = ServerFail
  871. # ===========================================================
  872. [34-Only RSA-PSS Certificate, TLS v1.1]
  873. ssl_conf = 34-Only RSA-PSS Certificate, TLS v1.1-ssl
  874. [34-Only RSA-PSS Certificate, TLS v1.1-ssl]
  875. server = 34-Only RSA-PSS Certificate, TLS v1.1-server
  876. client = 34-Only RSA-PSS Certificate, TLS v1.1-client
  877. [34-Only RSA-PSS Certificate, TLS v1.1-server]
  878. Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
  879. CipherString = DEFAULT:@SECLEVEL=0
  880. PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
  881. [34-Only RSA-PSS Certificate, TLS v1.1-client]
  882. CipherString = DEFAULT:@SECLEVEL=0
  883. MaxProtocol = TLSv1.1
  884. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  885. VerifyMode = Peer
  886. [test-34]
  887. ExpectedResult = ServerFail
  888. # ===========================================================
  889. [35-TLS 1.3 ECDSA Signature Algorithm Selection]
  890. ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl
  891. [35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl]
  892. server = 35-TLS 1.3 ECDSA Signature Algorithm Selection-server
  893. client = 35-TLS 1.3 ECDSA Signature Algorithm Selection-client
  894. [35-TLS 1.3 ECDSA Signature Algorithm Selection-server]
  895. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  896. CipherString = DEFAULT
  897. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  898. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  899. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  900. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  901. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  902. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  903. MaxProtocol = TLSv1.3
  904. MinProtocol = TLSv1.3
  905. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  906. [35-TLS 1.3 ECDSA Signature Algorithm Selection-client]
  907. CipherString = DEFAULT
  908. SignatureAlgorithms = ECDSA+SHA256
  909. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  910. VerifyMode = Peer
  911. [test-35]
  912. ExpectedResult = Success
  913. ExpectedServerCANames = empty
  914. ExpectedServerCertType = P-256
  915. ExpectedServerSignHash = SHA256
  916. ExpectedServerSignType = EC
  917. # ===========================================================
  918. [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point]
  919. ssl_conf = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl
  920. [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl]
  921. server = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server
  922. client = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client
  923. [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server]
  924. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  925. CipherString = DEFAULT
  926. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
  927. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
  928. MaxProtocol = TLSv1.3
  929. MinProtocol = TLSv1.3
  930. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  931. [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client]
  932. CipherString = DEFAULT
  933. SignatureAlgorithms = ECDSA+SHA256
  934. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  935. VerifyMode = Peer
  936. [test-36]
  937. ExpectedResult = Success
  938. ExpectedServerCANames = empty
  939. ExpectedServerCertType = P-256
  940. ExpectedServerSignHash = SHA256
  941. ExpectedServerSignType = EC
  942. # ===========================================================
  943. [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1]
  944. ssl_conf = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl
  945. [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl]
  946. server = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server
  947. client = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
  948. [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
  949. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  950. CipherString = DEFAULT:@SECLEVEL=0
  951. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  952. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  953. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  954. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  955. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  956. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  957. MaxProtocol = TLSv1.3
  958. MinProtocol = TLSv1.3
  959. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  960. [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
  961. CipherString = DEFAULT:@SECLEVEL=0
  962. SignatureAlgorithms = ECDSA+SHA1
  963. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  964. VerifyMode = Peer
  965. [test-37]
  966. ExpectedResult = ServerFail
  967. # ===========================================================
  968. [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS]
  969. ssl_conf = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl
  970. [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl]
  971. server = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server
  972. client = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client
  973. [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server]
  974. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  975. CipherString = DEFAULT
  976. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  977. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  978. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  979. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  980. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  981. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  982. MaxProtocol = TLSv1.3
  983. MinProtocol = TLSv1.3
  984. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  985. [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client]
  986. CipherString = DEFAULT
  987. RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  988. SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256
  989. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  990. VerifyMode = Peer
  991. [test-38]
  992. ExpectedResult = Success
  993. ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  994. ExpectedServerCertType = P-256
  995. ExpectedServerSignHash = SHA256
  996. ExpectedServerSignType = EC
  997. # ===========================================================
  998. [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS]
  999. ssl_conf = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl
  1000. [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl]
  1001. server = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server
  1002. client = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client
  1003. [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server]
  1004. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  1005. CipherString = DEFAULT
  1006. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  1007. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  1008. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  1009. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  1010. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  1011. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  1012. MaxProtocol = TLSv1.3
  1013. MinProtocol = TLSv1.3
  1014. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  1015. [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client]
  1016. CipherString = DEFAULT
  1017. SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384
  1018. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1019. VerifyMode = Peer
  1020. [test-39]
  1021. ExpectedResult = Success
  1022. ExpectedServerCertType = RSA
  1023. ExpectedServerSignHash = SHA384
  1024. ExpectedServerSignType = RSA-PSS
  1025. # ===========================================================
  1026. [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate]
  1027. ssl_conf = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
  1028. [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
  1029. server = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server
  1030. client = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client
  1031. [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
  1032. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  1033. CipherString = DEFAULT
  1034. MaxProtocol = TLSv1.3
  1035. MinProtocol = TLSv1.3
  1036. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  1037. [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
  1038. CipherString = DEFAULT
  1039. SignatureAlgorithms = ECDSA+SHA256
  1040. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1041. VerifyMode = Peer
  1042. [test-40]
  1043. ExpectedResult = ServerFail
  1044. # ===========================================================
  1045. [41-TLS 1.3 RSA Signature Algorithm Selection, no PSS]
  1046. ssl_conf = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl
  1047. [41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl]
  1048. server = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server
  1049. client = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client
  1050. [41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server]
  1051. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  1052. CipherString = DEFAULT
  1053. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  1054. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  1055. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  1056. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  1057. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  1058. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  1059. MaxProtocol = TLSv1.3
  1060. MinProtocol = TLSv1.3
  1061. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  1062. [41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client]
  1063. CipherString = DEFAULT
  1064. SignatureAlgorithms = RSA+SHA256
  1065. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1066. VerifyMode = Peer
  1067. [test-41]
  1068. ExpectedResult = ServerFail
  1069. # ===========================================================
  1070. [42-TLS 1.3 RSA-PSS Signature Algorithm Selection]
  1071. ssl_conf = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl
  1072. [42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl]
  1073. server = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server
  1074. client = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client
  1075. [42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server]
  1076. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  1077. CipherString = DEFAULT
  1078. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  1079. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  1080. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  1081. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  1082. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  1083. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  1084. MaxProtocol = TLSv1.3
  1085. MinProtocol = TLSv1.3
  1086. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  1087. [42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client]
  1088. CipherString = DEFAULT
  1089. SignatureAlgorithms = RSA-PSS+SHA256
  1090. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1091. VerifyMode = Peer
  1092. [test-42]
  1093. ExpectedResult = Success
  1094. ExpectedServerCertType = RSA
  1095. ExpectedServerSignHash = SHA256
  1096. ExpectedServerSignType = RSA-PSS
  1097. # ===========================================================
  1098. [43-TLS 1.3 RSA Client Auth Signature Algorithm Selection]
  1099. ssl_conf = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl
  1100. [43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl]
  1101. server = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server
  1102. client = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client
  1103. [43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server]
  1104. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  1105. CipherString = DEFAULT
  1106. ClientSignatureAlgorithms = PSS+SHA256
  1107. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  1108. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  1109. VerifyMode = Require
  1110. [43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client]
  1111. CipherString = DEFAULT
  1112. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
  1113. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
  1114. MaxProtocol = TLSv1.3
  1115. MinProtocol = TLSv1.3
  1116. RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  1117. RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  1118. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1119. VerifyMode = Peer
  1120. [test-43]
  1121. ExpectedClientCANames = empty
  1122. ExpectedClientCertType = RSA
  1123. ExpectedClientSignHash = SHA256
  1124. ExpectedClientSignType = RSA-PSS
  1125. ExpectedResult = Success
  1126. # ===========================================================
  1127. [44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names]
  1128. ssl_conf = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl
  1129. [44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl]
  1130. server = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server
  1131. client = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client
  1132. [44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server]
  1133. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  1134. CipherString = DEFAULT
  1135. ClientSignatureAlgorithms = PSS+SHA256
  1136. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  1137. RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  1138. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  1139. VerifyMode = Require
  1140. [44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client]
  1141. CipherString = DEFAULT
  1142. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
  1143. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
  1144. MaxProtocol = TLSv1.3
  1145. MinProtocol = TLSv1.3
  1146. RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  1147. RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  1148. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1149. VerifyMode = Peer
  1150. [test-44]
  1151. ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  1152. ExpectedClientCertType = RSA
  1153. ExpectedClientSignHash = SHA256
  1154. ExpectedClientSignType = RSA-PSS
  1155. ExpectedResult = Success
  1156. # ===========================================================
  1157. [45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection]
  1158. ssl_conf = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl
  1159. [45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl]
  1160. server = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server
  1161. client = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client
  1162. [45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server]
  1163. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  1164. CipherString = DEFAULT
  1165. ClientSignatureAlgorithms = ECDSA+SHA256
  1166. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  1167. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  1168. VerifyMode = Require
  1169. [45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client]
  1170. CipherString = DEFAULT
  1171. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
  1172. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
  1173. MaxProtocol = TLSv1.3
  1174. MinProtocol = TLSv1.3
  1175. RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  1176. RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  1177. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1178. VerifyMode = Peer
  1179. [test-45]
  1180. ExpectedClientCertType = P-256
  1181. ExpectedClientSignHash = SHA256
  1182. ExpectedClientSignType = EC
  1183. ExpectedResult = Success
  1184. # ===========================================================
  1185. [46-TLS 1.3 Ed25519 Signature Algorithm Selection]
  1186. ssl_conf = 46-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl
  1187. [46-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl]
  1188. server = 46-TLS 1.3 Ed25519 Signature Algorithm Selection-server
  1189. client = 46-TLS 1.3 Ed25519 Signature Algorithm Selection-client
  1190. [46-TLS 1.3 Ed25519 Signature Algorithm Selection-server]
  1191. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  1192. CipherString = DEFAULT
  1193. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  1194. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  1195. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  1196. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  1197. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  1198. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  1199. MaxProtocol = TLSv1.3
  1200. MinProtocol = TLSv1.3
  1201. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  1202. [46-TLS 1.3 Ed25519 Signature Algorithm Selection-client]
  1203. CipherString = DEFAULT
  1204. SignatureAlgorithms = ed25519
  1205. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1206. VerifyMode = Peer
  1207. [test-46]
  1208. ExpectedResult = Success
  1209. ExpectedServerCertType = Ed25519
  1210. ExpectedServerSignType = Ed25519
  1211. # ===========================================================
  1212. [47-TLS 1.3 Ed448 Signature Algorithm Selection]
  1213. ssl_conf = 47-TLS 1.3 Ed448 Signature Algorithm Selection-ssl
  1214. [47-TLS 1.3 Ed448 Signature Algorithm Selection-ssl]
  1215. server = 47-TLS 1.3 Ed448 Signature Algorithm Selection-server
  1216. client = 47-TLS 1.3 Ed448 Signature Algorithm Selection-client
  1217. [47-TLS 1.3 Ed448 Signature Algorithm Selection-server]
  1218. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  1219. CipherString = DEFAULT
  1220. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  1221. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  1222. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  1223. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  1224. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  1225. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  1226. MaxProtocol = TLSv1.3
  1227. MinProtocol = TLSv1.3
  1228. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  1229. [47-TLS 1.3 Ed448 Signature Algorithm Selection-client]
  1230. CipherString = DEFAULT
  1231. SignatureAlgorithms = ed448
  1232. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
  1233. VerifyMode = Peer
  1234. [test-47]
  1235. ExpectedResult = Success
  1236. ExpectedServerCertType = Ed448
  1237. ExpectedServerSignType = Ed448
  1238. # ===========================================================
  1239. [48-TLS 1.3 Ed25519 CipherString and Groups Selection]
  1240. ssl_conf = 48-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl
  1241. [48-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl]
  1242. server = 48-TLS 1.3 Ed25519 CipherString and Groups Selection-server
  1243. client = 48-TLS 1.3 Ed25519 CipherString and Groups Selection-client
  1244. [48-TLS 1.3 Ed25519 CipherString and Groups Selection-server]
  1245. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  1246. CipherString = DEFAULT
  1247. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  1248. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  1249. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  1250. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  1251. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  1252. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  1253. MaxProtocol = TLSv1.3
  1254. MinProtocol = TLSv1.3
  1255. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  1256. [48-TLS 1.3 Ed25519 CipherString and Groups Selection-client]
  1257. CipherString = DEFAULT
  1258. Groups = X25519
  1259. SignatureAlgorithms = ECDSA+SHA256:ed25519
  1260. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1261. VerifyMode = Peer
  1262. [test-48]
  1263. ExpectedResult = Success
  1264. ExpectedServerCertType = P-256
  1265. ExpectedServerSignType = EC
  1266. # ===========================================================
  1267. [49-TLS 1.3 Ed448 CipherString and Groups Selection]
  1268. ssl_conf = 49-TLS 1.3 Ed448 CipherString and Groups Selection-ssl
  1269. [49-TLS 1.3 Ed448 CipherString and Groups Selection-ssl]
  1270. server = 49-TLS 1.3 Ed448 CipherString and Groups Selection-server
  1271. client = 49-TLS 1.3 Ed448 CipherString and Groups Selection-client
  1272. [49-TLS 1.3 Ed448 CipherString and Groups Selection-server]
  1273. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  1274. CipherString = DEFAULT
  1275. ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
  1276. ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
  1277. Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
  1278. Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
  1279. Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
  1280. Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
  1281. MaxProtocol = TLSv1.3
  1282. MinProtocol = TLSv1.3
  1283. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  1284. [49-TLS 1.3 Ed448 CipherString and Groups Selection-client]
  1285. CipherString = DEFAULT
  1286. Groups = X448
  1287. SignatureAlgorithms = ECDSA+SHA256:ed448
  1288. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1289. VerifyMode = Peer
  1290. [test-49]
  1291. ExpectedResult = Success
  1292. ExpectedServerCertType = P-256
  1293. ExpectedServerSignType = EC
  1294. # ===========================================================
  1295. [50-TLS 1.3 Ed25519 Client Auth]
  1296. ssl_conf = 50-TLS 1.3 Ed25519 Client Auth-ssl
  1297. [50-TLS 1.3 Ed25519 Client Auth-ssl]
  1298. server = 50-TLS 1.3 Ed25519 Client Auth-server
  1299. client = 50-TLS 1.3 Ed25519 Client Auth-client
  1300. [50-TLS 1.3 Ed25519 Client Auth-server]
  1301. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  1302. CipherString = DEFAULT
  1303. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  1304. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  1305. VerifyMode = Require
  1306. [50-TLS 1.3 Ed25519 Client Auth-client]
  1307. CipherString = DEFAULT
  1308. EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
  1309. EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
  1310. MaxProtocol = TLSv1.3
  1311. MinProtocol = TLSv1.3
  1312. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1313. VerifyMode = Peer
  1314. [test-50]
  1315. ExpectedClientCertType = Ed25519
  1316. ExpectedClientSignType = Ed25519
  1317. ExpectedResult = Success
  1318. # ===========================================================
  1319. [51-TLS 1.3 Ed448 Client Auth]
  1320. ssl_conf = 51-TLS 1.3 Ed448 Client Auth-ssl
  1321. [51-TLS 1.3 Ed448 Client Auth-ssl]
  1322. server = 51-TLS 1.3 Ed448 Client Auth-server
  1323. client = 51-TLS 1.3 Ed448 Client Auth-client
  1324. [51-TLS 1.3 Ed448 Client Auth-server]
  1325. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  1326. CipherString = DEFAULT
  1327. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  1328. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  1329. VerifyMode = Require
  1330. [51-TLS 1.3 Ed448 Client Auth-client]
  1331. CipherString = DEFAULT
  1332. EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
  1333. EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
  1334. MaxProtocol = TLSv1.3
  1335. MinProtocol = TLSv1.3
  1336. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1337. VerifyMode = Peer
  1338. [test-51]
  1339. ExpectedClientCertType = Ed448
  1340. ExpectedClientSignType = Ed448
  1341. ExpectedResult = Success
  1342. # ===========================================================
  1343. [52-TLS 1.3 ECDSA with brainpool but no suitable groups]
  1344. ssl_conf = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-ssl
  1345. [52-TLS 1.3 ECDSA with brainpool but no suitable groups-ssl]
  1346. server = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-server
  1347. client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client
  1348. [52-TLS 1.3 ECDSA with brainpool but no suitable groups-server]
  1349. Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
  1350. CipherString = DEFAULT
  1351. Groups = brainpoolP256r1
  1352. PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
  1353. [52-TLS 1.3 ECDSA with brainpool but no suitable groups-client]
  1354. CipherString = aECDSA
  1355. Groups = brainpoolP256r1
  1356. RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  1357. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1358. VerifyMode = Peer
  1359. [test-52]
  1360. ExpectedResult = ClientFail
  1361. # ===========================================================
  1362. [53-TLS 1.3 ECDSA with brainpool]
  1363. ssl_conf = 53-TLS 1.3 ECDSA with brainpool-ssl
  1364. [53-TLS 1.3 ECDSA with brainpool-ssl]
  1365. server = 53-TLS 1.3 ECDSA with brainpool-server
  1366. client = 53-TLS 1.3 ECDSA with brainpool-client
  1367. [53-TLS 1.3 ECDSA with brainpool-server]
  1368. Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
  1369. CipherString = DEFAULT
  1370. PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
  1371. [53-TLS 1.3 ECDSA with brainpool-client]
  1372. CipherString = DEFAULT
  1373. MaxProtocol = TLSv1.3
  1374. MinProtocol = TLSv1.3
  1375. RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  1376. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1377. VerifyMode = Peer
  1378. [test-53]
  1379. ExpectedResult = Success
  1380. # ===========================================================
  1381. [54-TLS 1.2 DSA Certificate Test]
  1382. ssl_conf = 54-TLS 1.2 DSA Certificate Test-ssl
  1383. [54-TLS 1.2 DSA Certificate Test-ssl]
  1384. server = 54-TLS 1.2 DSA Certificate Test-server
  1385. client = 54-TLS 1.2 DSA Certificate Test-client
  1386. [54-TLS 1.2 DSA Certificate Test-server]
  1387. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  1388. CipherString = ALL
  1389. DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
  1390. DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
  1391. DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
  1392. MaxProtocol = TLSv1.2
  1393. MinProtocol = TLSv1.2
  1394. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  1395. [54-TLS 1.2 DSA Certificate Test-client]
  1396. CipherString = ALL
  1397. SignatureAlgorithms = DSA+SHA256:DSA+SHA1
  1398. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1399. VerifyMode = Peer
  1400. [test-54]
  1401. ExpectedResult = Success
  1402. # ===========================================================
  1403. [55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms]
  1404. ssl_conf = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl
  1405. [55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl]
  1406. server = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server
  1407. client = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client
  1408. [55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server]
  1409. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  1410. CipherString = DEFAULT
  1411. ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256
  1412. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  1413. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  1414. VerifyMode = Request
  1415. [55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client]
  1416. CipherString = DEFAULT
  1417. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1418. VerifyMode = Peer
  1419. [test-55]
  1420. ExpectedResult = ServerFail
  1421. # ===========================================================
  1422. [56-TLS 1.3 DSA Certificate Test]
  1423. ssl_conf = 56-TLS 1.3 DSA Certificate Test-ssl
  1424. [56-TLS 1.3 DSA Certificate Test-ssl]
  1425. server = 56-TLS 1.3 DSA Certificate Test-server
  1426. client = 56-TLS 1.3 DSA Certificate Test-client
  1427. [56-TLS 1.3 DSA Certificate Test-server]
  1428. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  1429. CipherString = ALL
  1430. DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
  1431. DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
  1432. MaxProtocol = TLSv1.3
  1433. MinProtocol = TLSv1.3
  1434. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  1435. [56-TLS 1.3 DSA Certificate Test-client]
  1436. CipherString = ALL
  1437. SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256
  1438. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  1439. VerifyMode = Peer
  1440. [test-56]
  1441. ExpectedResult = ServerFail