2
0

08-npn.cnf.in 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443
  1. # -*- mode: perl; -*-
  2. # Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. ## Test NPN. Note that NPN is only supported up to TLSv1.2
  9. use strict;
  10. use warnings;
  11. package ssltests;
  12. our @tests = (
  13. {
  14. name => "npn-simple",
  15. server => {
  16. extra => {
  17. "NPNProtocols" => "foo",
  18. },
  19. },
  20. client => {
  21. extra => {
  22. "NPNProtocols" => "foo",
  23. },
  24. "MaxProtocol" => "TLSv1.2"
  25. },
  26. test => {
  27. "ExpectedNPNProtocol" => "foo",
  28. },
  29. },
  30. {
  31. name => "npn-client-finds-match",
  32. server => {
  33. extra => {
  34. "NPNProtocols" => "baz,bar",
  35. },
  36. },
  37. client => {
  38. extra => {
  39. "NPNProtocols" => "foo,bar",
  40. },
  41. "MaxProtocol" => "TLSv1.2"
  42. },
  43. test => {
  44. "ExpectedNPNProtocol" => "bar",
  45. },
  46. },
  47. {
  48. name => "npn-client-honours-server-pref",
  49. server => {
  50. extra => {
  51. "NPNProtocols" => "bar,foo",
  52. },
  53. },
  54. client => {
  55. extra => {
  56. "NPNProtocols" => "foo,bar",
  57. },
  58. "MaxProtocol" => "TLSv1.2"
  59. },
  60. test => {
  61. "ExpectedNPNProtocol" => "bar",
  62. },
  63. },
  64. {
  65. name => "npn-client-first-pref-on-mismatch",
  66. server => {
  67. extra => {
  68. "NPNProtocols" => "baz",
  69. },
  70. },
  71. client => {
  72. extra => {
  73. "NPNProtocols" => "foo,bar",
  74. },
  75. "MaxProtocol" => "TLSv1.2"
  76. },
  77. test => {
  78. "ExpectedNPNProtocol" => "foo",
  79. },
  80. },
  81. {
  82. name => "npn-no-server-support",
  83. server => {},
  84. client => {
  85. extra => {
  86. "NPNProtocols" => "foo",
  87. },
  88. "MaxProtocol" => "TLSv1.2"
  89. },
  90. test => {
  91. "ExpectedNPNProtocol" => undef,
  92. },
  93. },
  94. {
  95. name => "npn-no-client-support",
  96. server => {
  97. extra => {
  98. "NPNProtocols" => "foo",
  99. },
  100. },
  101. client => {
  102. "MaxProtocol" => "TLSv1.2"
  103. },
  104. test => {
  105. "ExpectedNPNProtocol" => undef,
  106. },
  107. },
  108. {
  109. name => "npn-with-sni-no-context-switch",
  110. server => {
  111. extra => {
  112. "NPNProtocols" => "foo",
  113. "ServerNameCallback" => "IgnoreMismatch",
  114. },
  115. },
  116. server2 => {
  117. extra => {
  118. "NPNProtocols" => "bar",
  119. },
  120. },
  121. client => {
  122. extra => {
  123. "NPNProtocols" => "foo,bar",
  124. "ServerName" => "server1",
  125. },
  126. "MaxProtocol" => "TLSv1.2"
  127. },
  128. test => {
  129. "ExpectedServerName" => "server1",
  130. "ExpectedNPNProtocol" => "foo",
  131. },
  132. },
  133. {
  134. name => "npn-with-sni-context-switch",
  135. server => {
  136. extra => {
  137. "NPNProtocols" => "foo",
  138. "ServerNameCallback" => "IgnoreMismatch",
  139. },
  140. },
  141. server2 => {
  142. extra => {
  143. "NPNProtocols" => "bar",
  144. },
  145. },
  146. client => {
  147. extra => {
  148. "NPNProtocols" => "foo,bar",
  149. "ServerName" => "server2",
  150. },
  151. "MaxProtocol" => "TLSv1.2"
  152. },
  153. test => {
  154. "ExpectedServerName" => "server2",
  155. "ExpectedNPNProtocol" => "bar",
  156. },
  157. },
  158. {
  159. name => "npn-selected-sni-server-supports-npn",
  160. server => {
  161. extra => {
  162. "ServerNameCallback" => "IgnoreMismatch",
  163. },
  164. },
  165. server2 => {
  166. extra => {
  167. "NPNProtocols" => "bar",
  168. },
  169. },
  170. client => {
  171. extra => {
  172. "NPNProtocols" => "foo,bar",
  173. "ServerName" => "server2",
  174. },
  175. "MaxProtocol" => "TLSv1.2"
  176. },
  177. test => {
  178. "ExpectedServerName" => "server2",
  179. "ExpectedNPNProtocol" => "bar",
  180. },
  181. },
  182. {
  183. name => "npn-selected-sni-server-does-not-support-npn",
  184. server => {
  185. extra => {
  186. "NPNProtocols" => "bar",
  187. "ServerNameCallback" => "IgnoreMismatch",
  188. },
  189. },
  190. server2 => { },
  191. client => {
  192. extra => {
  193. "NPNProtocols" => "foo,bar",
  194. "ServerName" => "server2",
  195. },
  196. "MaxProtocol" => "TLSv1.2"
  197. },
  198. test => {
  199. "ExpectedServerName" => "server2",
  200. "ExpectedNPNProtocol" => undef,
  201. },
  202. },
  203. {
  204. name => "alpn-preferred-over-npn",
  205. server => {
  206. extra => {
  207. "ALPNProtocols" => "foo",
  208. "NPNProtocols" => "bar",
  209. },
  210. },
  211. client => {
  212. extra => {
  213. "ALPNProtocols" => "foo",
  214. "NPNProtocols" => "bar",
  215. },
  216. "MaxProtocol" => "TLSv1.2"
  217. },
  218. test => {
  219. "ExpectedALPNProtocol" => "foo",
  220. "ExpectedNPNProtocol" => undef,
  221. },
  222. },
  223. {
  224. name => "sni-npn-preferred-over-alpn",
  225. server => {
  226. extra => {
  227. "ServerNameCallback" => "IgnoreMismatch",
  228. "ALPNProtocols" => "foo",
  229. },
  230. },
  231. server2 => {
  232. extra => {
  233. "NPNProtocols" => "bar",
  234. },
  235. },
  236. client => {
  237. extra => {
  238. "ServerName" => "server2",
  239. "ALPNProtocols" => "foo",
  240. "NPNProtocols" => "bar",
  241. },
  242. "MaxProtocol" => "TLSv1.2"
  243. },
  244. test => {
  245. "ExpectedALPNProtocol" => undef,
  246. "ExpectedNPNProtocol" => "bar",
  247. "ExpectedServerName" => "server2",
  248. },
  249. },
  250. {
  251. name => "npn-simple-resumption",
  252. server => {
  253. extra => {
  254. "NPNProtocols" => "foo",
  255. },
  256. },
  257. client => {
  258. extra => {
  259. "NPNProtocols" => "foo",
  260. },
  261. "MaxProtocol" => "TLSv1.2"
  262. },
  263. test => {
  264. "HandshakeMode" => "Resume",
  265. "ResumptionExpected" => "Yes",
  266. "ExpectedNPNProtocol" => "foo",
  267. },
  268. },
  269. {
  270. name => "npn-server-switch-resumption",
  271. server => {
  272. extra => {
  273. "NPNProtocols" => "bar,foo",
  274. },
  275. },
  276. resume_server => {
  277. extra => {
  278. "NPNProtocols" => "baz,foo",
  279. },
  280. },
  281. client => {
  282. extra => {
  283. "NPNProtocols" => "foo,bar,baz",
  284. },
  285. "MaxProtocol" => "TLSv1.2"
  286. },
  287. test => {
  288. "HandshakeMode" => "Resume",
  289. "ResumptionExpected" => "Yes",
  290. "ExpectedNPNProtocol" => "baz",
  291. },
  292. },
  293. {
  294. name => "npn-client-switch-resumption",
  295. server => {
  296. extra => {
  297. "NPNProtocols" => "foo,bar,baz",
  298. },
  299. },
  300. client => {
  301. extra => {
  302. "NPNProtocols" => "foo,baz",
  303. },
  304. "MaxProtocol" => "TLSv1.2"
  305. },
  306. resume_client => {
  307. extra => {
  308. "NPNProtocols" => "bar,baz",
  309. },
  310. "MaxProtocol" => "TLSv1.2"
  311. },
  312. test => {
  313. "HandshakeMode" => "Resume",
  314. "ResumptionExpected" => "Yes",
  315. "ExpectedNPNProtocol" => "bar",
  316. },
  317. },
  318. {
  319. name => "npn-client-first-pref-on-mismatch-resumption",
  320. server => {
  321. extra => {
  322. "NPNProtocols" => "bar",
  323. },
  324. },
  325. resume_server => {
  326. extra => {
  327. "NPNProtocols" => "baz",
  328. },
  329. },
  330. client => {
  331. extra => {
  332. "NPNProtocols" => "foo,bar",
  333. },
  334. "MaxProtocol" => "TLSv1.2"
  335. },
  336. test => {
  337. "HandshakeMode" => "Resume",
  338. "ResumptionExpected" => "Yes",
  339. "ExpectedNPNProtocol" => "foo",
  340. },
  341. },
  342. {
  343. name => "npn-no-server-support-resumption",
  344. server => {
  345. extra => {
  346. "NPNProtocols" => "foo",
  347. },
  348. },
  349. resume_server => { },
  350. client => {
  351. extra => {
  352. "NPNProtocols" => "foo",
  353. },
  354. "MaxProtocol" => "TLSv1.2"
  355. },
  356. test => {
  357. "HandshakeMode" => "Resume",
  358. "ResumptionExpected" => "Yes",
  359. "ExpectedNPNProtocol" => undef,
  360. },
  361. },
  362. {
  363. name => "npn-no-client-support-resumption",
  364. server => {
  365. extra => {
  366. "NPNProtocols" => "foo",
  367. },
  368. },
  369. client => {
  370. extra => {
  371. "NPNProtocols" => "foo",
  372. },
  373. "MaxProtocol" => "TLSv1.2"
  374. },
  375. resume_client => {
  376. "MaxProtocol" => "TLSv1.2"
  377. },
  378. test => {
  379. "HandshakeMode" => "Resume",
  380. "ResumptionExpected" => "Yes",
  381. "ExpectedNPNProtocol" => undef,
  382. },
  383. },
  384. {
  385. name => "alpn-preferred-over-npn-resumption",
  386. server => {
  387. extra => {
  388. "NPNProtocols" => "bar",
  389. },
  390. },
  391. resume_server => {
  392. extra => {
  393. "ALPNProtocols" => "foo",
  394. "NPNProtocols" => "baz",
  395. },
  396. },
  397. client => {
  398. extra => {
  399. "ALPNProtocols" => "foo",
  400. "NPNProtocols" => "bar,baz",
  401. },
  402. "MaxProtocol" => "TLSv1.2"
  403. },
  404. test => {
  405. "HandshakeMode" => "Resume",
  406. "ResumptionExpected" => "Yes",
  407. "ExpectedALPNProtocol" => "foo",
  408. "ExpectedNPNProtocol" => undef,
  409. },
  410. },
  411. {
  412. name => "npn-used-if-alpn-not-supported-resumption",
  413. server => {
  414. extra => {
  415. "ALPNProtocols" => "foo",
  416. "NPNProtocols" => "bar",
  417. },
  418. },
  419. resume_server => {
  420. extra => {
  421. "NPNProtocols" => "baz",
  422. },
  423. },
  424. client => {
  425. extra => {
  426. "ALPNProtocols" => "foo",
  427. "NPNProtocols" => "bar,baz",
  428. },
  429. "MaxProtocol" => "TLSv1.2"
  430. },
  431. test => {
  432. "HandshakeMode" => "Resume",
  433. "ResumptionExpected" => "Yes",
  434. "ExpectedALPNProtocol" => undef,
  435. "ExpectedNPNProtocol" => "baz",
  436. },
  437. },
  438. );