17-renegotiate.cnf.in 7.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267
  1. # -*- mode: perl; -*-
  2. # Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. ## Test Renegotiation
  9. use strict;
  10. use warnings;
  11. package ssltests;
  12. use OpenSSL::Test::Utils;
  13. our @tests = (
  14. {
  15. name => "renegotiate-client-no-resume",
  16. server => {
  17. "Options" => "NoResumptionOnRenegotiation",
  18. "MaxProtocol" => "TLSv1.2"
  19. },
  20. client => {},
  21. test => {
  22. "Method" => "TLS",
  23. "HandshakeMode" => "RenegotiateClient",
  24. "ResumptionExpected" => "No",
  25. "ExpectedResult" => "Success"
  26. }
  27. },
  28. {
  29. name => "renegotiate-client-resume",
  30. server => {
  31. "MaxProtocol" => "TLSv1.2"
  32. },
  33. client => {},
  34. test => {
  35. "Method" => "TLS",
  36. "HandshakeMode" => "RenegotiateClient",
  37. "ResumptionExpected" => "Yes",
  38. "ExpectedResult" => "Success"
  39. }
  40. },
  41. {
  42. name => "renegotiate-server-no-resume",
  43. server => {
  44. "Options" => "NoResumptionOnRenegotiation",
  45. "MaxProtocol" => "TLSv1.2"
  46. },
  47. client => {},
  48. test => {
  49. "Method" => "TLS",
  50. "HandshakeMode" => "RenegotiateServer",
  51. "ResumptionExpected" => "No",
  52. "ExpectedResult" => "Success"
  53. }
  54. },
  55. {
  56. name => "renegotiate-server-resume",
  57. server => {
  58. "MaxProtocol" => "TLSv1.2"
  59. },
  60. client => {},
  61. test => {
  62. "Method" => "TLS",
  63. "HandshakeMode" => "RenegotiateServer",
  64. "ResumptionExpected" => "Yes",
  65. "ExpectedResult" => "Success"
  66. }
  67. },
  68. {
  69. name => "renegotiate-client-auth-require",
  70. server => {
  71. "Options" => "NoResumptionOnRenegotiation",
  72. "MaxProtocol" => "TLSv1.2",
  73. "VerifyCAFile" => test_pem("root-cert.pem"),
  74. "VerifyMode" => "Require",
  75. },
  76. client => {
  77. "Certificate" => test_pem("ee-client-chain.pem"),
  78. "PrivateKey" => test_pem("ee-key.pem"),
  79. },
  80. test => {
  81. "Method" => "TLS",
  82. "HandshakeMode" => "RenegotiateServer",
  83. "ResumptionExpected" => "No",
  84. "ExpectedResult" => "Success"
  85. }
  86. },
  87. {
  88. name => "renegotiate-client-auth-once",
  89. server => {
  90. "Options" => "NoResumptionOnRenegotiation",
  91. "MaxProtocol" => "TLSv1.2",
  92. "VerifyCAFile" => test_pem("root-cert.pem"),
  93. "VerifyMode" => "Once",
  94. },
  95. client => {
  96. "Certificate" => test_pem("ee-client-chain.pem"),
  97. "PrivateKey" => test_pem("ee-key.pem"),
  98. },
  99. test => {
  100. "Method" => "TLS",
  101. "HandshakeMode" => "RenegotiateServer",
  102. "ResumptionExpected" => "No",
  103. "ExpectedResult" => "Success"
  104. }
  105. }
  106. );
  107. our @tests_tls1_2 = (
  108. {
  109. name => "renegotiate-aead-to-non-aead",
  110. server => {
  111. "Options" => "NoResumptionOnRenegotiation",
  112. },
  113. client => {
  114. "CipherString" => "AES128-GCM-SHA256",
  115. "MaxProtocol" => "TLSv1.2",
  116. extra => {
  117. "RenegotiateCiphers" => "AES128-SHA"
  118. }
  119. },
  120. test => {
  121. "Method" => "TLS",
  122. "HandshakeMode" => "RenegotiateClient",
  123. "ResumptionExpected" => "No",
  124. "ExpectedResult" => "Success"
  125. }
  126. },
  127. {
  128. name => "renegotiate-non-aead-to-aead",
  129. server => {
  130. "Options" => "NoResumptionOnRenegotiation",
  131. },
  132. client => {
  133. "CipherString" => "AES128-SHA",
  134. "MaxProtocol" => "TLSv1.2",
  135. extra => {
  136. "RenegotiateCiphers" => "AES128-GCM-SHA256"
  137. }
  138. },
  139. test => {
  140. "Method" => "TLS",
  141. "HandshakeMode" => "RenegotiateClient",
  142. "ResumptionExpected" => "No",
  143. "ExpectedResult" => "Success"
  144. }
  145. },
  146. {
  147. name => "renegotiate-non-aead-to-non-aead",
  148. server => {
  149. "Options" => "NoResumptionOnRenegotiation",
  150. },
  151. client => {
  152. "CipherString" => "AES128-SHA",
  153. "MaxProtocol" => "TLSv1.2",
  154. extra => {
  155. "RenegotiateCiphers" => "AES256-SHA"
  156. }
  157. },
  158. test => {
  159. "Method" => "TLS",
  160. "HandshakeMode" => "RenegotiateClient",
  161. "ResumptionExpected" => "No",
  162. "ExpectedResult" => "Success"
  163. }
  164. },
  165. {
  166. name => "renegotiate-aead-to-aead",
  167. server => {
  168. "Options" => "NoResumptionOnRenegotiation",
  169. },
  170. client => {
  171. "CipherString" => "AES128-GCM-SHA256",
  172. "MaxProtocol" => "TLSv1.2",
  173. extra => {
  174. "RenegotiateCiphers" => "AES256-GCM-SHA384"
  175. }
  176. },
  177. test => {
  178. "Method" => "TLS",
  179. "HandshakeMode" => "RenegotiateClient",
  180. "ResumptionExpected" => "No",
  181. "ExpectedResult" => "Success"
  182. }
  183. },
  184. {
  185. name => "no-renegotiation-server-by-client",
  186. server => {
  187. "Options" => "NoRenegotiation",
  188. "MaxProtocol" => "TLSv1.2"
  189. },
  190. client => { },
  191. test => {
  192. "Method" => "TLS",
  193. "HandshakeMode" => "RenegotiateClient",
  194. "ResumptionExpected" => "No",
  195. "ExpectedResult" => "ClientFail"
  196. }
  197. },
  198. {
  199. name => "no-renegotiation-server-by-server",
  200. server => {
  201. "Options" => "NoRenegotiation",
  202. "MaxProtocol" => "TLSv1.2"
  203. },
  204. client => { },
  205. test => {
  206. "Method" => "TLS",
  207. "HandshakeMode" => "RenegotiateServer",
  208. "ResumptionExpected" => "No",
  209. "ExpectedResult" => "ServerFail"
  210. }
  211. },
  212. {
  213. name => "no-renegotiation-client-by-server",
  214. server => {
  215. "MaxProtocol" => "TLSv1.2"
  216. },
  217. client => {
  218. "Options" => "NoRenegotiation",
  219. },
  220. test => {
  221. "Method" => "TLS",
  222. "HandshakeMode" => "RenegotiateServer",
  223. "ResumptionExpected" => "No",
  224. "ExpectedResult" => "ServerFail"
  225. }
  226. },
  227. {
  228. name => "no-renegotiation-client-by-client",
  229. server => {
  230. "MaxProtocol" => "TLSv1.2"
  231. },
  232. client => {
  233. "Options" => "NoRenegotiation",
  234. },
  235. test => {
  236. "Method" => "TLS",
  237. "HandshakeMode" => "RenegotiateClient",
  238. "ResumptionExpected" => "No",
  239. "ExpectedResult" => "ClientFail"
  240. }
  241. },
  242. {
  243. name => "no-extms-on-renegotiation",
  244. server => {
  245. "MaxProtocol" => "TLSv1.2"
  246. },
  247. client => {
  248. "MaxProtocol" => "TLSv1.2",
  249. extra => {
  250. "RenegotiateNoExtms" => "Yes"
  251. }
  252. },
  253. test => {
  254. "Method" => "TLS",
  255. "HandshakeMode" => "RenegotiateClient",
  256. "ResumptionExpected" => "No",
  257. "ExpectedResult" => "ServerFail"
  258. }
  259. }
  260. );
  261. push @tests, @tests_tls1_2 unless disabled("tls1_2");