12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 |
- # -*- mode: perl; -*-
- # Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
- #
- # Licensed under the Apache License 2.0 (the "License"). You may not use
- # this file except in compliance with the License. You can obtain a copy
- # in the file LICENSE in the source distribution or at
- # https://www.openssl.org/source/license.html
- ## SSL test configurations
- package ssltests;
- use OpenSSL::Test::Utils;
- our $fips_mode;
- our @tests = (
- {
- name => "SECLEVEL 3 with default key",
- server => { "CipherString" => "DEFAULT:\@SECLEVEL=3" },
- client => { },
- test => { "ExpectedResult" => "ServerFail" },
- },
- );
- our @tests_ec = (
- {
- name => "SECLEVEL 4 with ED448 key",
- server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
- "Certificate" => test_pem("server-ed448-cert.pem"),
- "PrivateKey" => test_pem("server-ed448-key.pem") },
- client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
- "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
- test => { "ExpectedResult" => "Success" },
- },
- {
- # The Ed448 signature algorithm will not be enabled.
- # Because of the config order, the certificate is first loaded, and
- # then the security level is changed. If you try this with s_server
- # the order will be reversed and it will instead fail to load the key.
- name => "SECLEVEL 5 server with ED448 key",
- server => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
- "Certificate" => test_pem("server-ed448-cert.pem"),
- "PrivateKey" => test_pem("server-ed448-key.pem") },
- client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
- "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
- test => { "ExpectedResult" => "ServerFail" },
- },
- {
- # The client will not sent the Ed448 signature algorithm, so the server
- # doesn't have a usable signature algorithm for the certificate.
- name => "SECLEVEL 5 client with ED448 key",
- server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
- "Certificate" => test_pem("server-ed448-cert.pem"),
- "PrivateKey" => test_pem("server-ed448-key.pem") },
- client => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
- "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
- test => { "ExpectedResult" => "ServerFail" },
- },
- {
- name => "SECLEVEL 3 with P-384 key, X25519 ECDHE",
- server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
- "Certificate" => test_pem("p384-server-cert.pem"),
- "PrivateKey" => test_pem("p384-server-key.pem"),
- "Groups" => "X25519" },
- client => { "CipherString" => "ECDHE:\@SECLEVEL=3",
- "VerifyCAFile" => test_pem("p384-root.pem") },
- test => { "ExpectedResult" => "Success" },
- },
- );
- our @tests_tls1_2 = (
- {
- name => "SECLEVEL 3 with ED448 key, TLSv1.2",
- server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
- "Certificate" => test_pem("server-ed448-cert.pem"),
- "PrivateKey" => test_pem("server-ed448-key.pem"),
- "MaxProtocol" => "TLSv1.2" },
- client => { "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
- test => { "ExpectedResult" => "Success" },
- },
- );
- push @tests, @tests_ec unless disabled("ec");
- push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec");
|