17-renegotiate.cnf 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432
  1. # Generated with generate_ssl_tests.pl
  2. num_tests = 14
  3. test-0 = 0-renegotiate-client-no-resume
  4. test-1 = 1-renegotiate-client-resume
  5. test-2 = 2-renegotiate-server-no-resume
  6. test-3 = 3-renegotiate-server-resume
  7. test-4 = 4-renegotiate-client-auth-require
  8. test-5 = 5-renegotiate-client-auth-once
  9. test-6 = 6-renegotiate-aead-to-non-aead
  10. test-7 = 7-renegotiate-non-aead-to-aead
  11. test-8 = 8-renegotiate-non-aead-to-non-aead
  12. test-9 = 9-renegotiate-aead-to-aead
  13. test-10 = 10-no-renegotiation-server-by-client
  14. test-11 = 11-no-renegotiation-server-by-server
  15. test-12 = 12-no-renegotiation-client-by-server
  16. test-13 = 13-no-renegotiation-client-by-client
  17. # ===========================================================
  18. [0-renegotiate-client-no-resume]
  19. ssl_conf = 0-renegotiate-client-no-resume-ssl
  20. [0-renegotiate-client-no-resume-ssl]
  21. server = 0-renegotiate-client-no-resume-server
  22. client = 0-renegotiate-client-no-resume-client
  23. [0-renegotiate-client-no-resume-server]
  24. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  25. CipherString = DEFAULT
  26. MaxProtocol = TLSv1.2
  27. Options = NoResumptionOnRenegotiation
  28. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  29. [0-renegotiate-client-no-resume-client]
  30. CipherString = DEFAULT
  31. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  32. VerifyMode = Peer
  33. [test-0]
  34. ExpectedResult = Success
  35. HandshakeMode = RenegotiateClient
  36. Method = TLS
  37. ResumptionExpected = No
  38. # ===========================================================
  39. [1-renegotiate-client-resume]
  40. ssl_conf = 1-renegotiate-client-resume-ssl
  41. [1-renegotiate-client-resume-ssl]
  42. server = 1-renegotiate-client-resume-server
  43. client = 1-renegotiate-client-resume-client
  44. [1-renegotiate-client-resume-server]
  45. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  46. CipherString = DEFAULT
  47. MaxProtocol = TLSv1.2
  48. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  49. [1-renegotiate-client-resume-client]
  50. CipherString = DEFAULT
  51. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  52. VerifyMode = Peer
  53. [test-1]
  54. ExpectedResult = Success
  55. HandshakeMode = RenegotiateClient
  56. Method = TLS
  57. ResumptionExpected = Yes
  58. # ===========================================================
  59. [2-renegotiate-server-no-resume]
  60. ssl_conf = 2-renegotiate-server-no-resume-ssl
  61. [2-renegotiate-server-no-resume-ssl]
  62. server = 2-renegotiate-server-no-resume-server
  63. client = 2-renegotiate-server-no-resume-client
  64. [2-renegotiate-server-no-resume-server]
  65. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  66. CipherString = DEFAULT
  67. MaxProtocol = TLSv1.2
  68. Options = NoResumptionOnRenegotiation
  69. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  70. [2-renegotiate-server-no-resume-client]
  71. CipherString = DEFAULT
  72. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  73. VerifyMode = Peer
  74. [test-2]
  75. ExpectedResult = Success
  76. HandshakeMode = RenegotiateServer
  77. Method = TLS
  78. ResumptionExpected = No
  79. # ===========================================================
  80. [3-renegotiate-server-resume]
  81. ssl_conf = 3-renegotiate-server-resume-ssl
  82. [3-renegotiate-server-resume-ssl]
  83. server = 3-renegotiate-server-resume-server
  84. client = 3-renegotiate-server-resume-client
  85. [3-renegotiate-server-resume-server]
  86. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  87. CipherString = DEFAULT
  88. MaxProtocol = TLSv1.2
  89. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  90. [3-renegotiate-server-resume-client]
  91. CipherString = DEFAULT
  92. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  93. VerifyMode = Peer
  94. [test-3]
  95. ExpectedResult = Success
  96. HandshakeMode = RenegotiateServer
  97. Method = TLS
  98. ResumptionExpected = Yes
  99. # ===========================================================
  100. [4-renegotiate-client-auth-require]
  101. ssl_conf = 4-renegotiate-client-auth-require-ssl
  102. [4-renegotiate-client-auth-require-ssl]
  103. server = 4-renegotiate-client-auth-require-server
  104. client = 4-renegotiate-client-auth-require-client
  105. [4-renegotiate-client-auth-require-server]
  106. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  107. CipherString = DEFAULT
  108. MaxProtocol = TLSv1.2
  109. Options = NoResumptionOnRenegotiation
  110. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  111. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  112. VerifyMode = Require
  113. [4-renegotiate-client-auth-require-client]
  114. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  115. CipherString = DEFAULT
  116. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  117. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  118. VerifyMode = Peer
  119. [test-4]
  120. ExpectedResult = Success
  121. HandshakeMode = RenegotiateServer
  122. Method = TLS
  123. ResumptionExpected = No
  124. # ===========================================================
  125. [5-renegotiate-client-auth-once]
  126. ssl_conf = 5-renegotiate-client-auth-once-ssl
  127. [5-renegotiate-client-auth-once-ssl]
  128. server = 5-renegotiate-client-auth-once-server
  129. client = 5-renegotiate-client-auth-once-client
  130. [5-renegotiate-client-auth-once-server]
  131. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  132. CipherString = DEFAULT
  133. MaxProtocol = TLSv1.2
  134. Options = NoResumptionOnRenegotiation
  135. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  136. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
  137. VerifyMode = Once
  138. [5-renegotiate-client-auth-once-client]
  139. Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
  140. CipherString = DEFAULT
  141. PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
  142. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  143. VerifyMode = Peer
  144. [test-5]
  145. ExpectedResult = Success
  146. HandshakeMode = RenegotiateServer
  147. Method = TLS
  148. ResumptionExpected = No
  149. # ===========================================================
  150. [6-renegotiate-aead-to-non-aead]
  151. ssl_conf = 6-renegotiate-aead-to-non-aead-ssl
  152. [6-renegotiate-aead-to-non-aead-ssl]
  153. server = 6-renegotiate-aead-to-non-aead-server
  154. client = 6-renegotiate-aead-to-non-aead-client
  155. [6-renegotiate-aead-to-non-aead-server]
  156. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  157. CipherString = DEFAULT
  158. Options = NoResumptionOnRenegotiation
  159. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  160. [6-renegotiate-aead-to-non-aead-client]
  161. CipherString = AES128-GCM-SHA256
  162. MaxProtocol = TLSv1.2
  163. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  164. VerifyMode = Peer
  165. [test-6]
  166. ExpectedResult = Success
  167. HandshakeMode = RenegotiateClient
  168. Method = TLS
  169. ResumptionExpected = No
  170. client = 6-renegotiate-aead-to-non-aead-client-extra
  171. [6-renegotiate-aead-to-non-aead-client-extra]
  172. RenegotiateCiphers = AES128-SHA
  173. # ===========================================================
  174. [7-renegotiate-non-aead-to-aead]
  175. ssl_conf = 7-renegotiate-non-aead-to-aead-ssl
  176. [7-renegotiate-non-aead-to-aead-ssl]
  177. server = 7-renegotiate-non-aead-to-aead-server
  178. client = 7-renegotiate-non-aead-to-aead-client
  179. [7-renegotiate-non-aead-to-aead-server]
  180. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  181. CipherString = DEFAULT
  182. Options = NoResumptionOnRenegotiation
  183. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  184. [7-renegotiate-non-aead-to-aead-client]
  185. CipherString = AES128-SHA
  186. MaxProtocol = TLSv1.2
  187. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  188. VerifyMode = Peer
  189. [test-7]
  190. ExpectedResult = Success
  191. HandshakeMode = RenegotiateClient
  192. Method = TLS
  193. ResumptionExpected = No
  194. client = 7-renegotiate-non-aead-to-aead-client-extra
  195. [7-renegotiate-non-aead-to-aead-client-extra]
  196. RenegotiateCiphers = AES128-GCM-SHA256
  197. # ===========================================================
  198. [8-renegotiate-non-aead-to-non-aead]
  199. ssl_conf = 8-renegotiate-non-aead-to-non-aead-ssl
  200. [8-renegotiate-non-aead-to-non-aead-ssl]
  201. server = 8-renegotiate-non-aead-to-non-aead-server
  202. client = 8-renegotiate-non-aead-to-non-aead-client
  203. [8-renegotiate-non-aead-to-non-aead-server]
  204. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  205. CipherString = DEFAULT
  206. Options = NoResumptionOnRenegotiation
  207. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  208. [8-renegotiate-non-aead-to-non-aead-client]
  209. CipherString = AES128-SHA
  210. MaxProtocol = TLSv1.2
  211. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  212. VerifyMode = Peer
  213. [test-8]
  214. ExpectedResult = Success
  215. HandshakeMode = RenegotiateClient
  216. Method = TLS
  217. ResumptionExpected = No
  218. client = 8-renegotiate-non-aead-to-non-aead-client-extra
  219. [8-renegotiate-non-aead-to-non-aead-client-extra]
  220. RenegotiateCiphers = AES256-SHA
  221. # ===========================================================
  222. [9-renegotiate-aead-to-aead]
  223. ssl_conf = 9-renegotiate-aead-to-aead-ssl
  224. [9-renegotiate-aead-to-aead-ssl]
  225. server = 9-renegotiate-aead-to-aead-server
  226. client = 9-renegotiate-aead-to-aead-client
  227. [9-renegotiate-aead-to-aead-server]
  228. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  229. CipherString = DEFAULT
  230. Options = NoResumptionOnRenegotiation
  231. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  232. [9-renegotiate-aead-to-aead-client]
  233. CipherString = AES128-GCM-SHA256
  234. MaxProtocol = TLSv1.2
  235. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  236. VerifyMode = Peer
  237. [test-9]
  238. ExpectedResult = Success
  239. HandshakeMode = RenegotiateClient
  240. Method = TLS
  241. ResumptionExpected = No
  242. client = 9-renegotiate-aead-to-aead-client-extra
  243. [9-renegotiate-aead-to-aead-client-extra]
  244. RenegotiateCiphers = AES256-GCM-SHA384
  245. # ===========================================================
  246. [10-no-renegotiation-server-by-client]
  247. ssl_conf = 10-no-renegotiation-server-by-client-ssl
  248. [10-no-renegotiation-server-by-client-ssl]
  249. server = 10-no-renegotiation-server-by-client-server
  250. client = 10-no-renegotiation-server-by-client-client
  251. [10-no-renegotiation-server-by-client-server]
  252. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  253. CipherString = DEFAULT
  254. MaxProtocol = TLSv1.2
  255. Options = NoRenegotiation
  256. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  257. [10-no-renegotiation-server-by-client-client]
  258. CipherString = DEFAULT
  259. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  260. VerifyMode = Peer
  261. [test-10]
  262. ExpectedResult = ClientFail
  263. HandshakeMode = RenegotiateClient
  264. Method = TLS
  265. ResumptionExpected = No
  266. # ===========================================================
  267. [11-no-renegotiation-server-by-server]
  268. ssl_conf = 11-no-renegotiation-server-by-server-ssl
  269. [11-no-renegotiation-server-by-server-ssl]
  270. server = 11-no-renegotiation-server-by-server-server
  271. client = 11-no-renegotiation-server-by-server-client
  272. [11-no-renegotiation-server-by-server-server]
  273. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  274. CipherString = DEFAULT
  275. MaxProtocol = TLSv1.2
  276. Options = NoRenegotiation
  277. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  278. [11-no-renegotiation-server-by-server-client]
  279. CipherString = DEFAULT
  280. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  281. VerifyMode = Peer
  282. [test-11]
  283. ExpectedResult = ServerFail
  284. HandshakeMode = RenegotiateServer
  285. Method = TLS
  286. ResumptionExpected = No
  287. # ===========================================================
  288. [12-no-renegotiation-client-by-server]
  289. ssl_conf = 12-no-renegotiation-client-by-server-ssl
  290. [12-no-renegotiation-client-by-server-ssl]
  291. server = 12-no-renegotiation-client-by-server-server
  292. client = 12-no-renegotiation-client-by-server-client
  293. [12-no-renegotiation-client-by-server-server]
  294. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  295. CipherString = DEFAULT
  296. MaxProtocol = TLSv1.2
  297. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  298. [12-no-renegotiation-client-by-server-client]
  299. CipherString = DEFAULT
  300. Options = NoRenegotiation
  301. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  302. VerifyMode = Peer
  303. [test-12]
  304. ExpectedResult = ServerFail
  305. HandshakeMode = RenegotiateServer
  306. Method = TLS
  307. ResumptionExpected = No
  308. # ===========================================================
  309. [13-no-renegotiation-client-by-client]
  310. ssl_conf = 13-no-renegotiation-client-by-client-ssl
  311. [13-no-renegotiation-client-by-client-ssl]
  312. server = 13-no-renegotiation-client-by-client-server
  313. client = 13-no-renegotiation-client-by-client-client
  314. [13-no-renegotiation-client-by-client-server]
  315. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  316. CipherString = DEFAULT
  317. MaxProtocol = TLSv1.2
  318. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  319. [13-no-renegotiation-client-by-client-client]
  320. CipherString = DEFAULT
  321. Options = NoRenegotiation
  322. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  323. VerifyMode = Peer
  324. [test-13]
  325. ExpectedResult = ClientFail
  326. HandshakeMode = RenegotiateClient
  327. Method = TLS
  328. ResumptionExpected = No