19-mac-then-encrypt.cnf.in 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155
  1. # -*- mode: perl; -*-
  2. # Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. ## SSL test configurations
  9. package ssltests;
  10. use OpenSSL::Test::Utils;
  11. our $fips_mode;
  12. our @tests = (
  13. {
  14. name => "disable-encrypt-then-mac-server-sha",
  15. server => {
  16. "Options" => "-EncryptThenMac",
  17. },
  18. client => {
  19. "CipherString" => "AES128-SHA",
  20. "MaxProtocol" => "TLSv1.2"
  21. },
  22. test => {
  23. "ExpectedResult" => "Success",
  24. },
  25. },
  26. {
  27. name => "disable-encrypt-then-mac-client-sha",
  28. server => {
  29. },
  30. client => {
  31. "CipherString" => "AES128-SHA",
  32. "Options" => "-EncryptThenMac",
  33. "MaxProtocol" => "TLSv1.2"
  34. },
  35. test => {
  36. "ExpectedResult" => "Success",
  37. },
  38. },
  39. {
  40. name => "disable-encrypt-then-mac-both-sha",
  41. server => {
  42. "Options" => "-EncryptThenMac",
  43. },
  44. client => {
  45. "CipherString" => "AES128-SHA",
  46. "Options" => "-EncryptThenMac",
  47. "MaxProtocol" => "TLSv1.2"
  48. },
  49. test => {
  50. "ExpectedResult" => "Success",
  51. },
  52. },
  53. );
  54. my @tests_tls1_2 = (
  55. {
  56. name => "disable-encrypt-then-mac-server-sha2",
  57. server => {
  58. "Options" => "-EncryptThenMac",
  59. },
  60. client => {
  61. "CipherString" => "AES128-SHA256",
  62. "MaxProtocol" => "TLSv1.2"
  63. },
  64. test => {
  65. "ExpectedResult" => "Success",
  66. },
  67. },
  68. {
  69. name => "disable-encrypt-then-mac-client-sha2",
  70. server => {
  71. },
  72. client => {
  73. "CipherString" => "AES128-SHA256",
  74. "Options" => "-EncryptThenMac",
  75. "MaxProtocol" => "TLSv1.2"
  76. },
  77. test => {
  78. "ExpectedResult" => "Success",
  79. },
  80. },
  81. {
  82. name => "disable-encrypt-then-mac-both-sha2",
  83. server => {
  84. "Options" => "-EncryptThenMac",
  85. },
  86. client => {
  87. "CipherString" => "AES128-SHA256",
  88. "Options" => "-EncryptThenMac",
  89. "MaxProtocol" => "TLSv1.2"
  90. },
  91. test => {
  92. "ExpectedResult" => "Success",
  93. },
  94. },
  95. );
  96. our @tests_tls1 = (
  97. {
  98. name => "disable-encrypt-then-mac-server-sha-tls1",
  99. server => {
  100. "CipherString" => 'DEFAULT:@SECLEVEL=0',
  101. "Options" => "-EncryptThenMac",
  102. },
  103. client => {
  104. "CipherString" => 'AES128-SHA@SECLEVEL=0',
  105. "MinProtocol" => "TLSv1",
  106. "MaxProtocol" => "TLSv1"
  107. },
  108. test => {
  109. "ExpectedResult" => "Success",
  110. },
  111. },
  112. {
  113. name => "disable-encrypt-then-mac-client-sha-tls1",
  114. server => {
  115. "CipherString" => 'DEFAULT:@SECLEVEL=0',
  116. },
  117. client => {
  118. "CipherString" => 'AES128-SHA@SECLEVEL=0',
  119. "Options" => "-EncryptThenMac",
  120. "MinProtocol" => "TLSv1",
  121. "MaxProtocol" => "TLSv1"
  122. },
  123. test => {
  124. "ExpectedResult" => "Success",
  125. },
  126. },
  127. {
  128. name => "disable-encrypt-then-mac-both-sha-tls1",
  129. server => {
  130. "CipherString" => 'DEFAULT:@SECLEVEL=0',
  131. "Options" => "-EncryptThenMac",
  132. },
  133. client => {
  134. "CipherString" => 'AES128-SHA@SECLEVEL=0',
  135. "Options" => "-EncryptThenMac",
  136. "MinProtocol" => "TLSv1",
  137. "MaxProtocol" => "TLSv1"
  138. },
  139. test => {
  140. "ExpectedResult" => "Success",
  141. },
  142. },
  143. );
  144. push @tests, @tests_tls1_2 unless disabled("tls1_2");
  145. push @tests, @tests_tls1 unless disabled("tls1") || $fips_mode;