Browse Source

Disallow SHA-2 ciphersuites from TLS 1.0 and 1.1 handshakes

Sean Parkinson 4 years ago
parent
commit
a975ba9e97

+ 132 - 22
src/internal.c

@@ -2706,14 +2706,24 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
-    if (tls && haveDH && haveRSA) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && haveDH && haveRSA)
+#else
+    if (tls && haveDH && haveRSA)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
-    if (tls && haveDH && haveRSA) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && haveDH && haveRSA)
+#else
+    if (tls && haveDH && haveRSA)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256;
     }
@@ -2744,14 +2754,24 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
-    if (tls && haveRSA) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && haveRSA)
+#else
+    if (tls && haveRSA)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
-    if (tls && haveRSA) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && haveRSA)
+#else
+    if (tls && haveRSA)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
     }
@@ -2815,7 +2835,12 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
-    if (tls && haveRSA) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && haveRSA)
+#else
+    if (tls && haveRSA)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256;
     }
@@ -2829,28 +2854,48 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
-    if (tls && haveDH && havePSK) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && haveDH && havePSK)
+#else
+    if (tls && haveDH && havePSK)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384;
     }
 #endif
 
 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
-    if (tls && havePSK) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && havePSK)
+#else
+    if (tls && havePSK)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384;
     }
 #endif
 
 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
-    if (tls && haveDH && havePSK) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && haveDH && havePSK)
+#else
+    if (tls && haveDH && havePSK)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
-    if (tls && havePSK) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && havePSK)
+#else
+    if (tls1 && havePSK)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA256;
     }
@@ -2878,28 +2923,48 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
-    if (tls && havePSK) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && havePSK)
+#else
+    if (tls && havePSK)
+#endif
+    {
         suites->suites[idx++] = CHACHA_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_CHACHA20_POLY1305_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
-    if (tls && havePSK) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && havePSK)
+#else
+    if (tls && havePSK)
+#endif
+    {
         suites->suites[idx++] = CHACHA_BYTE;
         suites->suites[idx++] = TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
-    if (tls && havePSK) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && havePSK)
+#else
+    if (tls && havePSK)
+#endif
+    {
         suites->suites[idx++] = CHACHA_BYTE;
         suites->suites[idx++] = TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
-    if (tls && havePSK) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && havePSK)
+#else
+    if (tls && havePSK)
+#endif
+    {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
     }
@@ -2934,35 +2999,60 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
-    if (tls && haveDH && havePSK) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && haveDH && havePSK)
+#else
+    if (tls && haveDH && havePSK)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384;
     }
 #endif
 
 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
-    if (tls && havePSK) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && havePSK)
+#else
+    if (tls && havePSK)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384;
     }
 #endif
 
 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
-    if (tls && havePSK) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && havePSK)
+#else
+    if (tls && havePSK)
+#endif
+    {
         suites->suites[idx++] = ECC_BYTE;
         suites->suites[idx++] = TLS_ECDHE_PSK_WITH_NULL_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
-    if (tls && haveDH && havePSK) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && haveDH && havePSK)
+#else
+    if (tls && haveDH && havePSK)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
-    if (tls && havePSK) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && havePSK)
+#else
+    if (tls && havePSK)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256;
     }
@@ -3067,28 +3157,48 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
-    if (tls && haveRSA) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && haveRSA)
+#else
+    if (tls && haveRSA)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
-    if (tls && haveDH && haveRSA) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && haveDH && haveRSA)
+#else
+    if (tls && haveDH && haveRSA)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
-    if (tls && haveRSA) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && haveRSA)
+#else
+    if (tls && haveRSA)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256;
     }
 #endif
 
 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
-    if (tls && haveDH && haveRSA) {
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && haveDH && haveRSA)
+#else
+    if (tls && haveDH && haveRSA)
+#endif
+    {
         suites->suites[idx++] = CIPHER_BYTE;
         suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256;
     }

+ 5 - 0
tests/include.am

@@ -20,15 +20,20 @@ tests_unit_test_DEPENDENCIES = src/libwolfssl.la
 endif
 EXTRA_DIST += tests/unit.h
 EXTRA_DIST += tests/test.conf \
+              tests/test-sha2.conf \
               tests/test-tls13.conf \
               tests/test-tls13-down.conf \
               tests/test-tls13-ecc.conf \
               tests/test-tls13-psk.conf \
               tests/test-qsh.conf \
+              tests/test-qsh-sha2.conf \
               tests/test-psk.conf \
               tests/test-psk-no-id.conf \
+              tests/test-psk-no-id-sha2.conf \
               tests/test-dtls.conf \
+              tests/test-dtls-sha2.conf \
               tests/test-sctp.conf \
+              tests/test-sctp-sha2.conf \
               tests/test-sig.conf \
               tests/test-ed25519.conf \
               tests/test-enckeys.conf \

+ 44 - 0
tests/suites.c

@@ -717,6 +717,18 @@ int SuiteTest(int argc, char** argv)
     /* any extra cases will need another argument */
     args.argc = 2;
 
+#ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    /* SHA-2 cipher suites in old TLS versions */
+    strcpy(argv0[1], "tests/test-sha2.conf");
+    printf("starting SHA-2 cipher suite in old TLS versions tests\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
+#endif
+
 #ifdef WOLFSSL_TLS13
     /* add TLSv13 extra suites */
     strcpy(argv0[1], "tests/test-tls13.conf");
@@ -771,6 +783,17 @@ int SuiteTest(int argc, char** argv)
         args.return_code = EXIT_FAILURE;
         goto exit;
     }
+#ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    /* add dtls extra suites */
+    strcpy(argv0[1], "tests/test-dtls-sha2.conf");
+    printf("starting dtls extra cipher suite tests - old TLS sha-2 cs\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
+#endif
 #endif
 #ifdef WOLFSSL_SCTP
     /* add dtls-sctp extra suites */
@@ -782,6 +805,17 @@ int SuiteTest(int argc, char** argv)
         args.return_code = EXIT_FAILURE;
         goto exit;
     }
+#ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    /* add dtls-sctp extra suites */
+    strcpy(argv0[1], "tests/test-sctp-sha2.conf");
+    printf("starting dtls-sctp extra cipher suite tests - old TLS sha-2 cs\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
+#endif
 #endif
 #ifndef WC_STRICT_SIG
 #if !defined(NO_RSA) && defined(HAVE_ECC) /* testing mixed ECC/RSA cert */
@@ -806,6 +840,16 @@ int SuiteTest(int argc, char** argv)
         args.return_code = EXIT_FAILURE;
         goto exit;
     }
+#ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    strcpy(argv0[1], "tests/test-qsh-sha2.conf");
+    printf("starting qsh extra cipher suite tests - old TLS sha-2 cs\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
+#endif
 #endif
 #ifndef NO_PSK
     #ifndef WOLFSSL_NO_TLS12

+ 66 - 0
tests/test-dtls-sha2.conf

@@ -0,0 +1,66 @@
+# server DTLSv1 AES128-SHA256
+-u
+-v 2
+-l AES128-SHA256
+
+# client DTLSv1 AES128-SHA256
+-u
+-v 2
+-l AES128-SHA256
+
+# server DTLSv1 AES256-SHA256
+-u
+-v 2
+-l AES256-SHA256
+
+# client DTLSv1 AES256-SHA256
+-u
+-v 2
+-l AES256-SHA256
+
+# server TLSv1 ECDHE-PSK-AES128-SHA256
+-s
+-u
+-v 1
+-l ECDHE-PSK-AES128-SHA256
+
+# client TLSv1 ECDHE-PSK-AES128-SHA256
+-s
+-u
+-v 1
+-l ECDHE-PSK-AES128-SHA256
+
+# server TLSv1.1 ECDHE-PSK-AES128-SHA256
+-s
+-u
+-v 2
+-l ECDHE-PSK-AES128-SHA256
+
+# client TLSv1.1 ECDHE-PSK-AES128-SHA256
+-s
+-u
+-v 2
+-l ECDHE-PSK-AES128-SHA256
+# server TLSv1 ECDHE-PSK-NULL-SHA256
+-s
+-u
+-v 1
+-l ECDHE-PSK-NULL-SHA256
+
+# client TLSv1 ECDHE-PSK-NULL-SHA256
+-s
+-u
+-v 1
+-l ECDHE-PSK-NULL-SHA256
+
+# server TLSv1.1 ECDHE-PSK-NULL-SHA256
+-s
+-u
+-v 2
+-l ECDHE-PSK-NULL-SHA256
+
+# client TLSv1.1 ECDHE-PSK-NULL-SHA256
+-s
+-u
+-v 2
+-l ECDHE-PSK-NULL-SHA256

+ 0 - 68
tests/test-dtls.conf

@@ -170,16 +170,6 @@
 -v 3
 -l AES256-SHA
 
-# server DTLSv1 AES128-SHA256
--u
--v 2
--l AES128-SHA256
-
-# client DTLSv1 AES128-SHA256
--u
--v 2
--l AES128-SHA256
-
 # server DTLSv1.2 AES128-SHA256
 -u
 -v 3
@@ -190,16 +180,6 @@
 -v 3
 -l AES128-SHA256
 
-# server DTLSv1 AES256-SHA256
--u
--v 2
--l AES256-SHA256
-
-# client DTLSv1 AES256-SHA256
--u
--v 2
--l AES256-SHA256
-
 # server DTLSv1.2 AES256-SHA256
 -u
 -v 3
@@ -633,30 +613,6 @@
 -l ECDH-ECDSA-AES256-SHA384
 -A ./certs/ca-ecc-cert.pem
 
-# server TLSv1 ECDHE-PSK-AES128-SHA256
--s
--u
--v 1
--l ECDHE-PSK-AES128-SHA256
-
-# client TLSv1 ECDHE-PSK-AES128-SHA256
--s
--u
--v 1
--l ECDHE-PSK-AES128-SHA256
-
-# server TLSv1.1 ECDHE-PSK-AES128-SHA256
--s
--u
--v 2
--l ECDHE-PSK-AES128-SHA256
-
-# client TLSv1.1 ECDHE-PSK-AES128-SHA256
--s
--u
--v 2
--l ECDHE-PSK-AES128-SHA256
-
 # server TLSv1.2 ECDHE-PSK-AES128-SHA256
 -s
 -u
@@ -669,30 +625,6 @@
 -v 3
 -l ECDHE-PSK-AES128-SHA256
 
-# server TLSv1 ECDHE-PSK-NULL-SHA256
--s
--u
--v 1
--l ECDHE-PSK-NULL-SHA256
-
-# client TLSv1 ECDHE-PSK-NULL-SHA256
--s
--u
--v 1
--l ECDHE-PSK-NULL-SHA256
-
-# server TLSv1.1 ECDHE-PSK-NULL-SHA256
--s
--u
--v 2
--l ECDHE-PSK-NULL-SHA256
-
-# client TLSv1.1 ECDHE-PSK-NULL-SHA256
--s
--u
--v 2
--l ECDHE-PSK-NULL-SHA256
-
 # server TLSv1.2 ECDHE-PSK-NULL-SHA256
 -s
 -u

+ 87 - 0
tests/test-psk-no-id-sha2.conf

@@ -0,0 +1,87 @@
+# No Hint server TLSv1 ECDHE-PSK-AES128-SHA256
+-s
+-I
+-v 1
+-l ECDHE-PSK-AES128-SHA256
+
+# No Hint client TLSv1 ECDHE-PSK-AES128-SHA256
+-s
+-v 1
+-l ECDHE-PSK-AES128-SHA256
+
+# No Hint server TLSv1.1 ECDHE-PSK-AES128-SHA256
+-s
+-I
+-v 2
+-l ECDHE-PSK-AES128-SHA256
+
+# No Hint client TLSv1.1 ECDHE-PSK-AES128-SHA256
+-s
+-v 2
+-l ECDHE-PSK-AES128-SHA256
+
+# No Hint server TLSv1 ECDHE-PSK-NULL-SHA256
+-s
+-I
+-v 1
+-l ECDHE-PSK-NULL-SHA256
+
+# No Hint client TLSv1 ECDHE-PSK-NULL-SHA256
+-s
+-v 1
+-l ECDHE-PSK-NULL-SHA256
+
+# No Hint server TLSv1.1 ECDHE-PSK-NULL-SHA256
+-s
+-I
+-v 2
+-l ECDHE-PSK-NULL-SHA256
+
+# No Hint client TLSv1.1 ECDHE-PSK-NULL-SHA256
+-s
+-v 2
+-l ECDHE-PSK-NULL-SHA256
+
+# No Hint server TLSv1.0 PSK-AES128-SHA256
+-s
+-I
+-v 1
+-l PSK-AES128-CBC-SHA256
+
+# No Hint client TLSv1.0 PSK-AES128-SHA256
+-s
+-v 1
+-l PSK-AES128-CBC-SHA256
+
+# No Hint server TLSv1.1 PSK-AES128-SHA256
+-s
+-I
+-v 2
+-l PSK-AES128-CBC-SHA256
+
+# No Hint client TLSv1.1 PSK-AES128-SHA256
+-s
+-v 2
+-l PSK-AES128-CBC-SHA256
+
+ No Hint server TLSv1.0 PSK-AES256-SHA384
+-s
+-I
+-v 1
+-l PSK-AES256-CBC-SHA384
+
+# No Hint client TLSv1.0 PSK-AES256-SHA384
+-s
+-v 1
+-l PSK-AES256-CBC-SHA384
+
+# No Hint server TLSv1.1 PSK-AES256-SHA384
+-s
+-I
+-v 2
+-l PSK-AES256-CBC-SHA384
+
+# No Hint client TLSv1.1 PSK-AES256-SHA384
+-s
+-v 2
+-l PSK-AES256-CBC-SHA384

+ 0 - 88
tests/test-psk-no-id.conf

@@ -31,28 +31,6 @@
 -v 3
 -l ECDHE-PSK-CHACHA20-POLY1305
 
-# No Hint server TLSv1 ECDHE-PSK-AES128-SHA256
--s
--I
--v 1
--l ECDHE-PSK-AES128-SHA256
-
-# No Hint client TLSv1 ECDHE-PSK-AES128-SHA256
--s
--v 1
--l ECDHE-PSK-AES128-SHA256
-
-# No Hint server TLSv1.1 ECDHE-PSK-AES128-SHA256
--s
--I
--v 2
--l ECDHE-PSK-AES128-SHA256
-
-# No Hint client TLSv1.1 ECDHE-PSK-AES128-SHA256
--s
--v 2
--l ECDHE-PSK-AES128-SHA256
-
 # No Hint server TLSv1.2 ECDHE-PSK-AES128-SHA256
 -s
 -I
@@ -64,28 +42,6 @@
 -v 3
 -l ECDHE-PSK-AES128-SHA256
 
-# No Hint server TLSv1 ECDHE-PSK-NULL-SHA256
--s
--I
--v 1
--l ECDHE-PSK-NULL-SHA256
-
-# No Hint client TLSv1 ECDHE-PSK-NULL-SHA256
--s
--v 1
--l ECDHE-PSK-NULL-SHA256
-
-# No Hint server TLSv1.1 ECDHE-PSK-NULL-SHA256
--s
--I
--v 2
--l ECDHE-PSK-NULL-SHA256
-
-# No Hint client TLSv1.1 ECDHE-PSK-NULL-SHA256
--s
--v 2
--l ECDHE-PSK-NULL-SHA256
-
 # No Hint server TLSv1.2 ECDHE-PSK-NULL-SHA256
 -s
 -I
@@ -163,28 +119,6 @@
 -v 3
 -l PSK-AES256-CBC-SHA
 
-# No Hint server TLSv1.0 PSK-AES128-SHA256
--s
--I
--v 1
--l PSK-AES128-CBC-SHA256
-
-# No Hint client TLSv1.0 PSK-AES128-SHA256
--s
--v 1
--l PSK-AES128-CBC-SHA256
-
-# No Hint server TLSv1.1 PSK-AES128-SHA256
--s
--I
--v 2
--l PSK-AES128-CBC-SHA256
-
-# No Hint client TLSv1.1 PSK-AES128-SHA256
--s
--v 2
--l PSK-AES128-CBC-SHA256
-
 # No Hint server TLSv1.2 PSK-AES128-SHA256
 -s
 -I
@@ -196,28 +130,6 @@
 -v 3
 -l PSK-AES128-CBC-SHA256
 
-# No Hint server TLSv1.0 PSK-AES256-SHA384
--s
--I
--v 1
--l PSK-AES256-CBC-SHA384
-
-# No Hint client TLSv1.0 PSK-AES256-SHA384
--s
--v 1
--l PSK-AES256-CBC-SHA384
-
-# No Hint server TLSv1.1 PSK-AES256-SHA384
--s
--I
--v 2
--l PSK-AES256-CBC-SHA384
-
-# No Hint client TLSv1.1 PSK-AES256-SHA384
--s
--v 2
--l PSK-AES256-CBC-SHA384
-
 # No Hint server TLSv1.2 PSK-AES256-SHA384
 -s
 -I

+ 303 - 0
tests/test-qsh-sha2.conf

@@ -0,0 +1,303 @@
+# server TLSv1 AES128-SHA256
+-v 1
+-l QSH:AES128-SHA256
+
+# client TLSv1 AES128-SHA256
+-v 1
+-l QSH:AES128-SHA256
+
+# server TLSv1 AES256-SHA256
+-v 1
+-l QSH:AES256-SHA256
+
+# client TLSv1 AES256-SHA256
+-v 1
+-l QSH:AES256-SHA256
+
+# server TLSv1.1 AES128-SHA256
+-v 2
+-l QSH:AES128-SHA256
+
+# client TLSv1.1 AES128-SHA256
+-v 2
+-l QSH:AES128-SHA256
+
+# server TLSv1.1 AES256-SHA256
+-v 2
+-l QSH:AES256-SHA256
+
+# client TLSv1.1 AES256-SHA256
+-v 2
+-l QSH:AES256-SHA256
+
+# server TLSv1 DHE AES128-SHA256
+-v 1
+-l QSH:DHE-RSA-AES128-SHA256
+
+# client TLSv1 DHE AES128-SHA256
+-v 1
+-l QSH:DHE-RSA-AES128-SHA256
+
+# server TLSv1 DHE AES256-SHA256
+-v 1
+-l QSH:DHE-RSA-AES256-SHA256
+
+# client TLSv1 DHE AES256-SHA256
+-v 1
+-l QSH:DHE-RSA-AES256-SHA256
+
+# server TLSv1.1 DHE AES128-SHA256
+-v 2
+-l QSH:DHE-RSA-AES128-SHA256
+
+# client TLSv1.1 DHE AES128-SHA256
+-v 2
+-l QSH:DHE-RSA-AES128-SHA256
+
+# server TLSv1.1 DHE AES256-SHA256
+-v 2
+-l QSH:DHE-RSA-AES256-SHA256
+
+# client TLSv1.1 DHE AES256-SHA256
+-v 2
+-l QSH:DHE-RSA-AES256-SHA256
+
+# server TLSv1 ECDHE-PSK-AES128-SHA256
+-s
+-v 1
+-l QSH:ECDHE-PSK-AES128-SHA256
+
+# client TLSv1 ECDHE-PSK-AES128-SHA256
+-s
+-v 1
+-l QSH:ECDHE-PSK-AES128-SHA256
+
+# server TLSv1.1 ECDHE-PSK-AES128-SHA256
+-s
+-v 2
+-l QSH:ECDHE-PSK-AES128-SHA256
+
+# client TLSv1.1 ECDHE-PSK-AES128-SHA256
+-s
+-v 2
+-l QSH:ECDHE-PSK-AES128-SHA256
+
+# server TLSv1 ECDHE-PSK-NULL-SHA256
+-s
+-v 1
+-l QSH:ECDHE-PSK-NULL-SHA256
+
+# client TLSv1 ECDHE-PSK-NULL-SHA256
+-s
+-v 1
+-l QSH:ECDHE-PSK-NULL-SHA256
+
+# server TLSv1.1 ECDHE-PSK-NULL-SHA256
+-s
+-v 2
+-l QSH:ECDHE-PSK-NULL-SHA256
+
+# client TLSv1.1 ECDHE-PSK-NULL-SHA256
+-s
+-v 2
+-l QSH:ECDHE-PSK-NULL-SHA256
+
+# server TLSv1.0 PSK-AES128-SHA256
+-s
+-v 1
+-l QSH:PSK-AES128-CBC-SHA256
+
+# client TLSv1.0 PSK-AES128-SHA256
+-s
+-v 1
+-l QSH:PSK-AES128-CBC-SHA256
+
+# server TLSv1.1 PSK-AES128-SHA256
+-s
+-v 2
+-l QSH:PSK-AES128-CBC-SHA256
+
+# client TLSv1.1 PSK-AES128-SHA256
+-s
+-v 2
+-l QSH:PSK-AES128-CBC-SHA256
+
+# server TLSv1.0 PSK-AES256-SHA384
+-s
+-v 1
+-l QSH:PSK-AES256-CBC-SHA384
+
+# client TLSv1.0 PSK-AES256-SHA384
+-s
+-v 1
+-l QSH:PSK-AES256-CBC-SHA384
+
+# server TLSv1.1 PSK-AES256-SHA384
+-s
+-v 2
+-l QSH:PSK-AES256-CBC-SHA384
+
+# client TLSv1.1 PSK-AES256-SHA384
+-s
+-v 2
+-l QSH:PSK-AES256-CBC-SHA384
+
+# server TLSv1.0 RSA-NULL-SHA256
+-v 1
+-l QSH:NULL-SHA256
+
+# client TLSv1.0 RSA-NULL-SHA256
+-v 1
+-l QSH:NULL-SHA256
+
+# server TLSv1.1 RSA-NULL-SHA256
+-v 2
+-l QSH:NULL-SHA256
+
+# client TLSv1.1 RSA-NULL-SHA256
+-v 2
+-l QSH:NULL-SHA256
+
+# server TLSv1 CAMELLIA128-SHA256
+-v 1
+-l QSH:CAMELLIA128-SHA256
+
+# client TLSv1 CAMELLIA128-SHA256
+-v 1
+-l QSH:CAMELLIA128-SHA256
+
+# server TLSv1 CAMELLIA256-SHA256
+-v 1
+-l QSH:CAMELLIA256-SHA256
+
+# client TLSv1 CAMELLIA256-SHA256
+-v 1
+-l QSH:CAMELLIA256-SHA256
+
+# server TLSv1.1 CAMELLIA128-SHA256
+-v 2
+-l QSH:CAMELLIA128-SHA256
+
+# client TLSv1.1 CAMELLIA128-SHA256
+-v 2
+-l QSH:CAMELLIA128-SHA256
+
+# server TLSv1.1 CAMELLIA256-SHA256
+-v 2
+-l QSH:CAMELLIA256-SHA256
+
+# client TLSv1.1 CAMELLIA256-SHA256
+-v 2
+-l QSH:CAMELLIA256-SHA256
+
+# server TLSv1 DHE-RSA-CAMELLIA128-SHA256
+-v 1
+-l QSH:DHE-RSA-CAMELLIA128-SHA256
+
+# client TLSv1 DHE-RSA-CAMELLIA128-SHA256
+-v 1
+-l QSH:DHE-RSA-CAMELLIA128-SHA256
+
+# server TLSv1 DHE-RSA-CAMELLIA256-SHA256
+-v 1
+-l QSH:DHE-RSA-CAMELLIA256-SHA256
+
+# client TLSv1 DHE-RSA-CAMELLIA256-SHA256
+-v 1
+-l QSH:DHE-RSA-CAMELLIA256-SHA256
+
+# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
+-v 2
+-l QSH:DHE-RSA-CAMELLIA128-SHA256
+
+# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
+-v 2
+-l QSH:DHE-RSA-CAMELLIA128-SHA256
+
+# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
+-v 2
+-l QSH:DHE-RSA-CAMELLIA256-SHA256
+
+# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
+-v 2
+-l QSH:DHE-RSA-CAMELLIA256-SHA256
+
+# server TLSv1.0 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 1
+-l QSH:DHE-PSK-AES128-CBC-SHA256
+
+# client TLSv1.0 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 1
+-l QSH:DHE-PSK-AES128-CBC-SHA256
+
+# server TLSv1.1 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 2
+-l QSH:DHE-PSK-AES128-CBC-SHA256
+
+# client TLSv1.1 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 2
+-l QSH:DHE-PSK-AES128-CBC-SHA256
+
+# server TLSv1.0 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 1
+-l QSH:DHE-PSK-AES256-CBC-SHA384
+
+# client TLSv1.0 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 1
+-l QSH:DHE-PSK-AES256-CBC-SHA384
+
+# server TLSv1.1 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 2
+-l QSH:DHE-PSK-AES256-CBC-SHA384
+
+# client TLSv1.1 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 2
+-l QSH:DHE-PSK-AES256-CBC-SHA384
+
+# server TLSv1.0 DHE-PSK-NULL-SHA256
+-s
+-v 1
+-l QSH:DHE-PSK-NULL-SHA256
+
+# client TLSv1.0 DHE-PSK-NULL-SHA256
+-s
+-v 1
+-l QSH:DHE-PSK-NULL-SHA256
+
+# server TLSv1.1 DHE-PSK-NULL-SHA256
+-s
+-v 2
+-l QSH:DHE-PSK-NULL-SHA256
+
+# client TLSv1.1 DHE-PSK-NULL-SHA256
+-s
+-v 2
+-l QSH:DHE-PSK-NULL-SHA256
+
+# server TLSv1.0 DHE-PSK-NULL-SHA384
+-s
+-v 1
+-l QSH:DHE-PSK-NULL-SHA384
+
+# client TLSv1.0 DHE-PSK-NULL-SHA384
+-s
+-v 1
+-l QSH:DHE-PSK-NULL-SHA384
+
+# server TLSv1.1 DHE-PSK-NULL-SHA384
+-s
+-v 2
+-l QSH:DHE-PSK-NULL-SHA384
+
+# client TLSv1.1 DHE-PSK-NULL-SHA384
+-s
+-v 2
+-l QSH:DHE-PSK-NULL-SHA384

+ 0 - 304
tests/test-qsh.conf

@@ -162,22 +162,6 @@
 -v 1
 -l QSH:AES256-SHA
 
-# server TLSv1 AES128-SHA256
--v 1
--l QSH:AES128-SHA256
-
-# client TLSv1 AES128-SHA256
--v 1
--l QSH:AES128-SHA256
-
-# server TLSv1 AES256-SHA256
--v 1
--l QSH:AES256-SHA256
-
-# client TLSv1 AES256-SHA256
--v 1
--l QSH:AES256-SHA256
-
 # server TLSv1.1 RC4-SHA
 -v 2
 -l QSH:RC4-SHA
@@ -226,22 +210,6 @@
 -v 2
 -l QSH:AES256-SHA
 
-# server TLSv1.1 AES128-SHA256
--v 2
--l QSH:AES128-SHA256
-
-# client TLSv1.1 AES128-SHA256
--v 2
--l QSH:AES128-SHA256
-
-# server TLSv1.1 AES256-SHA256
--v 2
--l QSH:AES256-SHA256
-
-# client TLSv1.1 AES256-SHA256
--v 2
--l QSH:AES256-SHA256
-
 # server TLSv1.2 RC4-SHA
 -v 3
 -l QSH:RC4-SHA
@@ -1051,22 +1019,6 @@
 -v 1
 -l QSH:DHE-RSA-AES256-SHA
 
-# server TLSv1 DHE AES128-SHA256
--v 1
--l QSH:DHE-RSA-AES128-SHA256
-
-# client TLSv1 DHE AES128-SHA256
--v 1
--l QSH:DHE-RSA-AES128-SHA256
-
-# server TLSv1 DHE AES256-SHA256
--v 1
--l QSH:DHE-RSA-AES256-SHA256
-
-# client TLSv1 DHE AES256-SHA256
--v 1
--l QSH:DHE-RSA-AES256-SHA256
-
 # server TLSv1.1 DHE AES128
 -v 2
 -l QSH:DHE-RSA-AES128-SHA
@@ -1083,22 +1035,6 @@
 -v 2
 -l QSH:DHE-RSA-AES256-SHA
 
-# server TLSv1.1 DHE AES128-SHA256
--v 2
--l QSH:DHE-RSA-AES128-SHA256
-
-# client TLSv1.1 DHE AES128-SHA256
--v 2
--l QSH:DHE-RSA-AES128-SHA256
-
-# server TLSv1.1 DHE AES256-SHA256
--v 2
--l QSH:DHE-RSA-AES256-SHA256
-
-# client TLSv1.1 DHE AES256-SHA256
--v 2
--l QSH:DHE-RSA-AES256-SHA256
-
 # server TLSv1.2 DHE AES128
 -v 3
 -l QSH:DHE-RSA-AES128-SHA
@@ -1131,26 +1067,6 @@
 -v 3
 -l QSH:DHE-RSA-AES256-SHA256
 
-# server TLSv1 ECDHE-PSK-AES128-SHA256
--s
--v 1
--l QSH:ECDHE-PSK-AES128-SHA256
-
-# client TLSv1 ECDHE-PSK-AES128-SHA256
--s
--v 1
--l QSH:ECDHE-PSK-AES128-SHA256
-
-# server TLSv1.1 ECDHE-PSK-AES128-SHA256
--s
--v 2
--l QSH:ECDHE-PSK-AES128-SHA256
-
-# client TLSv1.1 ECDHE-PSK-AES128-SHA256
--s
--v 2
--l QSH:ECDHE-PSK-AES128-SHA256
-
 # server TLSv1.2 ECDHE-PSK-AES128-SHA256
 -s
 -v 3
@@ -1161,26 +1077,6 @@
 -v 3
 -l QSH:ECDHE-PSK-AES128-SHA256
 
-# server TLSv1 ECDHE-PSK-NULL-SHA256
--s
--v 1
--l QSH:ECDHE-PSK-NULL-SHA256
-
-# client TLSv1 ECDHE-PSK-NULL-SHA256
--s
--v 1
--l QSH:ECDHE-PSK-NULL-SHA256
-
-# server TLSv1.1 ECDHE-PSK-NULL-SHA256
--s
--v 2
--l QSH:ECDHE-PSK-NULL-SHA256
-
-# client TLSv1.1 ECDHE-PSK-NULL-SHA256
--s
--v 2
--l QSH:ECDHE-PSK-NULL-SHA256
-
 # server TLSv1.2 ECDHE-PSK-NULL-SHA256
 -s
 -v 3
@@ -1251,26 +1147,6 @@
 -v 3
 -l QSH:PSK-AES256-CBC-SHA
 
-# server TLSv1.0 PSK-AES128-SHA256
--s
--v 1
--l QSH:PSK-AES128-CBC-SHA256
-
-# client TLSv1.0 PSK-AES128-SHA256
--s
--v 1
--l QSH:PSK-AES128-CBC-SHA256
-
-# server TLSv1.1 PSK-AES128-SHA256
--s
--v 2
--l QSH:PSK-AES128-CBC-SHA256
-
-# client TLSv1.1 PSK-AES128-SHA256
--s
--v 2
--l QSH:PSK-AES128-CBC-SHA256
-
 # server TLSv1.2 PSK-AES128-SHA256
 -s
 -v 3
@@ -1281,26 +1157,6 @@
 -v 3
 -l QSH:PSK-AES128-CBC-SHA256
 
-# server TLSv1.0 PSK-AES256-SHA384
--s
--v 1
--l QSH:PSK-AES256-CBC-SHA384
-
-# client TLSv1.0 PSK-AES256-SHA384
--s
--v 1
--l QSH:PSK-AES256-CBC-SHA384
-
-# server TLSv1.1 PSK-AES256-SHA384
--s
--v 2
--l QSH:PSK-AES256-CBC-SHA384
-
-# client TLSv1.1 PSK-AES256-SHA384
--s
--v 2
--l QSH:PSK-AES256-CBC-SHA384
-
 # server TLSv1.2 PSK-AES256-SHA384
 -s
 -v 3
@@ -1405,22 +1261,6 @@
 -v 3
 -l QSH:NULL-SHA
 
-# server TLSv1.0 RSA-NULL-SHA256
--v 1
--l QSH:NULL-SHA256
-
-# client TLSv1.0 RSA-NULL-SHA256
--v 1
--l QSH:NULL-SHA256
-
-# server TLSv1.1 RSA-NULL-SHA256
--v 2
--l QSH:NULL-SHA256
-
-# client TLSv1.1 RSA-NULL-SHA256
--v 2
--l QSH:NULL-SHA256
-
 # server TLSv1.2 RSA-NULL-SHA256
 -v 3
 -l QSH:NULL-SHA256
@@ -1445,22 +1285,6 @@
 -v 1
 -l QSH:CAMELLIA256-SHA
 
-# server TLSv1 CAMELLIA128-SHA256
--v 1
--l QSH:CAMELLIA128-SHA256
-
-# client TLSv1 CAMELLIA128-SHA256
--v 1
--l QSH:CAMELLIA128-SHA256
-
-# server TLSv1 CAMELLIA256-SHA256
--v 1
--l QSH:CAMELLIA256-SHA256
-
-# client TLSv1 CAMELLIA256-SHA256
--v 1
--l QSH:CAMELLIA256-SHA256
-
 # server TLSv1.1 CAMELLIA128-SHA
 -v 2
 -l QSH:CAMELLIA128-SHA
@@ -1477,22 +1301,6 @@
 -v 2
 -l QSH:CAMELLIA256-SHA
 
-# server TLSv1.1 CAMELLIA128-SHA256
--v 2
--l QSH:CAMELLIA128-SHA256
-
-# client TLSv1.1 CAMELLIA128-SHA256
--v 2
--l QSH:CAMELLIA128-SHA256
-
-# server TLSv1.1 CAMELLIA256-SHA256
--v 2
--l QSH:CAMELLIA256-SHA256
-
-# client TLSv1.1 CAMELLIA256-SHA256
--v 2
--l QSH:CAMELLIA256-SHA256
-
 # server TLSv1.2 CAMELLIA128-SHA
 -v 3
 -l QSH:CAMELLIA128-SHA
@@ -1541,22 +1349,6 @@
 -v 1
 -l QSH:DHE-RSA-CAMELLIA256-SHA
 
-# server TLSv1 DHE-RSA-CAMELLIA128-SHA256
--v 1
--l QSH:DHE-RSA-CAMELLIA128-SHA256
-
-# client TLSv1 DHE-RSA-CAMELLIA128-SHA256
--v 1
--l QSH:DHE-RSA-CAMELLIA128-SHA256
-
-# server TLSv1 DHE-RSA-CAMELLIA256-SHA256
--v 1
--l QSH:DHE-RSA-CAMELLIA256-SHA256
-
-# client TLSv1 DHE-RSA-CAMELLIA256-SHA256
--v 1
--l QSH:DHE-RSA-CAMELLIA256-SHA256
-
 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA
 -v 2
 -l QSH:DHE-RSA-CAMELLIA128-SHA
@@ -1573,22 +1365,6 @@
 -v 2
 -l QSH:DHE-RSA-CAMELLIA256-SHA
 
-# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
--v 2
--l QSH:DHE-RSA-CAMELLIA128-SHA256
-
-# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
--v 2
--l QSH:DHE-RSA-CAMELLIA128-SHA256
-
-# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
--v 2
--l QSH:DHE-RSA-CAMELLIA256-SHA256
-
-# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
--v 2
--l QSH:DHE-RSA-CAMELLIA256-SHA256
-
 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA
 -v 3
 -l QSH:DHE-RSA-CAMELLIA128-SHA
@@ -1842,26 +1618,6 @@
 -v 3
 -l QSH:PSK-AES256-CCM-8
 
-# server TLSv1.0 DHE-PSK-AES128-CBC-SHA256
--s
--v 1
--l QSH:DHE-PSK-AES128-CBC-SHA256
-
-# client TLSv1.0 DHE-PSK-AES128-CBC-SHA256
--s
--v 1
--l QSH:DHE-PSK-AES128-CBC-SHA256
-
-# server TLSv1.1 DHE-PSK-AES128-CBC-SHA256
--s
--v 2
--l QSH:DHE-PSK-AES128-CBC-SHA256
-
-# client TLSv1.1 DHE-PSK-AES128-CBC-SHA256
--s
--v 2
--l QSH:DHE-PSK-AES128-CBC-SHA256
-
 # server TLSv1.2 DHE-PSK-AES128-CBC-SHA256
 -s
 -v 3
@@ -1872,26 +1628,6 @@
 -v 3
 -l QSH:DHE-PSK-AES128-CBC-SHA256
 
-# server TLSv1.0 DHE-PSK-AES256-CBC-SHA384
--s
--v 1
--l QSH:DHE-PSK-AES256-CBC-SHA384
-
-# client TLSv1.0 DHE-PSK-AES256-CBC-SHA384
--s
--v 1
--l QSH:DHE-PSK-AES256-CBC-SHA384
-
-# server TLSv1.1 DHE-PSK-AES256-CBC-SHA384
--s
--v 2
--l QSH:DHE-PSK-AES256-CBC-SHA384
-
-# client TLSv1.1 DHE-PSK-AES256-CBC-SHA384
--s
--v 2
--l QSH:DHE-PSK-AES256-CBC-SHA384
-
 # server TLSv1.2 DHE-PSK-AES256-CBC-SHA384
 -s
 -v 3
@@ -1902,26 +1638,6 @@
 -v 3
 -l QSH:DHE-PSK-AES256-CBC-SHA384
 
-# server TLSv1.0 DHE-PSK-NULL-SHA256
--s
--v 1
--l QSH:DHE-PSK-NULL-SHA256
-
-# client TLSv1.0 DHE-PSK-NULL-SHA256
--s
--v 1
--l QSH:DHE-PSK-NULL-SHA256
-
-# server TLSv1.1 DHE-PSK-NULL-SHA256
--s
--v 2
--l QSH:DHE-PSK-NULL-SHA256
-
-# client TLSv1.1 DHE-PSK-NULL-SHA256
--s
--v 2
--l QSH:DHE-PSK-NULL-SHA256
-
 # server TLSv1.2 DHE-PSK-NULL-SHA256
 -s
 -v 3
@@ -1932,26 +1648,6 @@
 -v 3
 -l QSH:DHE-PSK-NULL-SHA256
 
-# server TLSv1.0 DHE-PSK-NULL-SHA384
--s
--v 1
--l QSH:DHE-PSK-NULL-SHA384
-
-# client TLSv1.0 DHE-PSK-NULL-SHA384
--s
--v 1
--l QSH:DHE-PSK-NULL-SHA384
-
-# server TLSv1.1 DHE-PSK-NULL-SHA384
--s
--v 2
--l QSH:DHE-PSK-NULL-SHA384
-
-# client TLSv1.1 DHE-PSK-NULL-SHA384
--s
--v 2
--l QSH:DHE-PSK-NULL-SHA384
-
 # server TLSv1.2 DHE-PSK-NULL-SHA384
 -s
 -v 3

+ 67 - 0
tests/test-sctp-sha2.conf

@@ -0,0 +1,67 @@
+# server DTLSv1 AES128-SHA256
+-G
+-v 2
+-l AES128-SHA256
+
+# client DTLSv1 AES128-SHA256
+-G
+-v 2
+-l AES128-SHA256
+
+# server DTLSv1 AES256-SHA256
+-G
+-v 2
+-l AES256-SHA256
+
+# client DTLSv1 AES256-SHA256
+-G
+-v 2
+-l AES256-SHA256
+
+# server TLSv1 ECDHE-PSK-AES128-SHA256
+-s
+-G
+-v 1
+-l ECDHE-PSK-AES128-SHA256
+
+# client TLSv1 ECDHE-PSK-AES128-SHA256
+-s
+-G
+-v 1
+-l ECDHE-PSK-AES128-SHA256
+
+# server TLSv1.1 ECDHE-PSK-AES128-SHA256
+-s
+-G
+-v 2
+-l ECDHE-PSK-AES128-SHA256
+
+# client TLSv1.1 ECDHE-PSK-AES128-SHA256
+-s
+-G
+-v 2
+-l ECDHE-PSK-AES128-SHA256
+
+# server TLSv1 ECDHE-PSK-NULL-SHA256
+-s
+-G
+-v 1
+-l ECDHE-PSK-NULL-SHA256
+
+# client TLSv1 ECDHE-PSK-NULL-SHA256
+-s
+-G
+-v 1
+-l ECDHE-PSK-NULL-SHA256
+
+# server TLSv1.1 ECDHE-PSK-NULL-SHA256
+-s
+-G
+-v 2
+-l ECDHE-PSK-NULL-SHA256
+
+# client TLSv1.1 ECDHE-PSK-NULL-SHA256
+-s
+-G
+-v 2
+-l ECDHE-PSK-NULL-SHA256

+ 0 - 68
tests/test-sctp.conf

@@ -223,16 +223,6 @@
 -v 3
 -l AES256-SHA
 
-# server DTLSv1 AES128-SHA256
--G
--v 2
--l AES128-SHA256
-
-# client DTLSv1 AES128-SHA256
--G
--v 2
--l AES128-SHA256
-
 # server DTLSv1.2 AES128-SHA256
 -G
 -v 3
@@ -243,16 +233,6 @@
 -v 3
 -l AES128-SHA256
 
-# server DTLSv1 AES256-SHA256
--G
--v 2
--l AES256-SHA256
-
-# client DTLSv1 AES256-SHA256
--G
--v 2
--l AES256-SHA256
-
 # server DTLSv1.2 AES256-SHA256
 -G
 -v 3
@@ -782,30 +762,6 @@
 -l ECDH-ECDSA-AES256-SHA384
 -A ./certs/ca-ecc-cert.pem
 
-# server TLSv1 ECDHE-PSK-AES128-SHA256
--s
--G
--v 1
--l ECDHE-PSK-AES128-SHA256
-
-# client TLSv1 ECDHE-PSK-AES128-SHA256
--s
--G
--v 1
--l ECDHE-PSK-AES128-SHA256
-
-# server TLSv1.1 ECDHE-PSK-AES128-SHA256
--s
--G
--v 2
--l ECDHE-PSK-AES128-SHA256
-
-# client TLSv1.1 ECDHE-PSK-AES128-SHA256
--s
--G
--v 2
--l ECDHE-PSK-AES128-SHA256
-
 # server TLSv1.2 ECDHE-PSK-AES128-SHA256
 -s
 -G
@@ -818,30 +774,6 @@
 -v 3
 -l ECDHE-PSK-AES128-SHA256
 
-# server TLSv1 ECDHE-PSK-NULL-SHA256
--s
--G
--v 1
--l ECDHE-PSK-NULL-SHA256
-
-# client TLSv1 ECDHE-PSK-NULL-SHA256
--s
--G
--v 1
--l ECDHE-PSK-NULL-SHA256
-
-# server TLSv1.1 ECDHE-PSK-NULL-SHA256
--s
--G
--v 2
--l ECDHE-PSK-NULL-SHA256
-
-# client TLSv1.1 ECDHE-PSK-NULL-SHA256
--s
--G
--v 2
--l ECDHE-PSK-NULL-SHA256
-
 # server TLSv1.2 ECDHE-PSK-NULL-SHA256
 -s
 -G

+ 403 - 0
tests/test-sha2.conf

@@ -0,0 +1,403 @@
+# server TLSv1 AES128-SHA256
+-v 1
+-l AES128-SHA256
+
+# client TLSv1 AES128-SHA256
+-v 1
+-l AES128-SHA256
+
+# server TLSv1 AES256-SHA256
+-v 1
+-l AES256-SHA256
+
+# client TLSv1 AES256-SHA256
+-v 1
+-l AES256-SHA256
+
+# server TLSv1.1 AES128-SHA256
+-v 2
+-l AES128-SHA256
+
+# client TLSv1.1 AES128-SHA256
+-v 2
+-l AES128-SHA256
+
+# server TLSv1.1 AES256-SHA256
+-v 2
+-l AES256-SHA256
+
+# client TLSv1.1 AES256-SHA256
+-v 2
+-l AES256-SHA256
+
+# server TLSv1 DHE AES128-SHA256
+-v 1
+-l DHE-RSA-AES128-SHA256
+
+# client TLSv1 DHE AES128-SHA256
+-v 1
+-l DHE-RSA-AES128-SHA256
+
+# server TLSv1 DHE AES256-SHA256
+-v 1
+-l DHE-RSA-AES256-SHA256
+
+# client TLSv1 DHE AES256-SHA256
+-v 1
+-l DHE-RSA-AES256-SHA256
+
+# server TLSv1.1 DHE AES128-SHA256
+-v 2
+-l DHE-RSA-AES128-SHA256
+
+# client TLSv1.1 DHE AES128-SHA256
+-v 2
+-l DHE-RSA-AES128-SHA256
+
+# server TLSv1.1 DHE AES256-SHA256
+-v 2
+-l DHE-RSA-AES256-SHA256
+
+# client TLSv1.1 DHE AES256-SHA256
+-v 2
+-l DHE-RSA-AES256-SHA256
+
+# server TLSv1 ECDHE-PSK-NULL-SHA256
+-s
+-v 1
+-l ECDHE-PSK-NULL-SHA256
+
+# client TLSv1 ECDHE-PSK-NULL-SHA256
+-s
+-v 1
+-l ECDHE-PSK-NULL-SHA256
+
+# server TLSv1.1 ECDHE-PSK-NULL-SHA256
+-s
+-v 2
+-l ECDHE-PSK-NULL-SHA256
+
+# client TLSv1.1 ECDHE-PSK-NULL-SHA256
+-s
+-v 2
+-l ECDHE-PSK-NULL-SHA256
+
+# server TLSv1 ECDHE-PSK-AES128-SHA256
+-s
+-v 1
+-l ECDHE-PSK-AES128-SHA256
+
+# client TLSv1 ECDHE-PSK-AES128-SHA256
+-s
+-v 1
+-l ECDHE-PSK-AES128-SHA256
+
+# server TLSv1.1 ECDHE-PSK-AES128-SHA256
+-s
+-v 2
+-l ECDHE-PSK-AES128-SHA256
+
+# client TLSv1.1 ECDHE-PSK-AES128-SHA256
+-s
+-v 2
+-l ECDHE-PSK-AES128-SHA256
+
+# server TLSv1.0 PSK-AES128-SHA256
+-s
+-v 1
+-l PSK-AES128-CBC-SHA256
+
+# client TLSv1.0 PSK-AES128-SHA256
+-s
+-v 1
+-l PSK-AES128-CBC-SHA256
+
+# server TLSv1.1 PSK-AES128-SHA256
+-s
+-v 2
+-l PSK-AES128-CBC-SHA256
+
+# client TLSv1.1 PSK-AES128-SHA256
+-s
+-v 2
+-l PSK-AES128-CBC-SHA256
+
+# server TLSv1.0 PSK-AES256-SHA384
+-s
+-v 1
+-l PSK-AES256-CBC-SHA384
+
+# client TLSv1.0 PSK-AES256-SHA384
+-s
+-v 1
+-l PSK-AES256-CBC-SHA384
+
+# server TLSv1.1 PSK-AES256-SHA384
+-s
+-v 2
+-l PSK-AES256-CBC-SHA384
+
+# client TLSv1.1 PSK-AES256-SHA384
+-s
+-v 2
+-l PSK-AES256-CBC-SHA384
+
+# server TLSv1.0 RSA-NULL-SHA256
+-v 1
+-l NULL-SHA256
+
+# client TLSv1.0 RSA-NULL-SHA256
+-v 1
+-l NULL-SHA256
+
+# server TLSv1.1 RSA-NULL-SHA256
+-v 2
+-l NULL-SHA256
+
+# client TLSv1.1 RSA-NULL-SHA256
+-v 2
+-l NULL-SHA256
+
+# server TLSv1 CAMELLIA128-SHA256
+-v 1
+-l CAMELLIA128-SHA256
+
+# client TLSv1 CAMELLIA128-SHA256
+-v 1
+-l CAMELLIA128-SHA256
+
+# server TLSv1 CAMELLIA256-SHA256
+-v 1
+-l CAMELLIA256-SHA256
+
+# client TLSv1 CAMELLIA256-SHA256
+-v 1
+-l CAMELLIA256-SHA256
+
+# server TLSv1.1 CAMELLIA128-SHA256
+-v 2
+-l CAMELLIA128-SHA256
+
+# client TLSv1.1 CAMELLIA128-SHA256
+-v 2
+-l CAMELLIA128-SHA256
+
+# server TLSv1.1 CAMELLIA256-SHA256
+-v 2
+-l CAMELLIA256-SHA256
+
+# client TLSv1.1 CAMELLIA256-SHA256
+-v 2
+-l CAMELLIA256-SHA256
+
+# server TLSv1 DHE-RSA-CAMELLIA128-SHA256
+-v 1
+-l DHE-RSA-CAMELLIA128-SHA256
+
+# client TLSv1 DHE-RSA-CAMELLIA128-SHA256
+-v 1
+-l DHE-RSA-CAMELLIA128-SHA256
+
+# server TLSv1 DHE-RSA-CAMELLIA256-SHA256
+-v 1
+-l DHE-RSA-CAMELLIA256-SHA256
+
+# client TLSv1 DHE-RSA-CAMELLIA256-SHA256
+-v 1
+-l DHE-RSA-CAMELLIA256-SHA256
+
+# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
+-v 2
+-l DHE-RSA-CAMELLIA128-SHA256
+
+# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
+-v 2
+-l DHE-RSA-CAMELLIA128-SHA256
+
+# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
+-v 2
+-l DHE-RSA-CAMELLIA256-SHA256
+
+# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
+-v 2
+-l DHE-RSA-CAMELLIA256-SHA256
+
+# server TLSv1.0 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 1
+-l DHE-PSK-AES128-CBC-SHA256
+
+# client TLSv1.0 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 1
+-l DHE-PSK-AES128-CBC-SHA256
+
+# server TLSv1.1 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 2
+-l DHE-PSK-AES128-CBC-SHA256
+
+# client TLSv1.1 DHE-PSK-AES128-CBC-SHA256
+-s
+-v 2
+-l DHE-PSK-AES128-CBC-SHA256
+
+# server TLSv1.0 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 1
+-l DHE-PSK-AES256-CBC-SHA384
+
+# client TLSv1.0 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 1
+-l DHE-PSK-AES256-CBC-SHA384
+
+# server TLSv1.1 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 2
+-l DHE-PSK-AES256-CBC-SHA384
+
+# client TLSv1.1 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 2
+-l DHE-PSK-AES256-CBC-SHA384
+
+# server TLSv1.0 DHE-PSK-NULL-SHA256
+-s
+-v 1
+-l DHE-PSK-NULL-SHA256
+
+# client TLSv1.0 DHE-PSK-NULL-SHA256
+-s
+-v 1
+-l DHE-PSK-NULL-SHA256
+
+# server TLSv1.1 DHE-PSK-NULL-SHA256
+-s
+-v 2
+-l DHE-PSK-NULL-SHA256
+
+# client TLSv1.1 DHE-PSK-NULL-SHA256
+-s
+-v 2
+-l DHE-PSK-NULL-SHA256
+
+# server TLSv1.0 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 1
+-l DHE-PSK-AES256-CBC-SHA384
+
+# client TLSv1.0 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 1
+-l DHE-PSK-AES256-CBC-SHA384
+
+# server TLSv1.1 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 2
+-l DHE-PSK-AES256-CBC-SHA384
+
+# client TLSv1.1 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 2
+-l DHE-PSK-AES256-CBC-SHA384
+
+# server TLSv1.0 DHE-PSK-NULL-SHA256
+-s
+-v 1
+-l DHE-PSK-NULL-SHA256
+
+# client TLSv1.0 DHE-PSK-NULL-SHA256
+-s
+-v 1
+-l DHE-PSK-NULL-SHA256
+
+# server TLSv1.1 DHE-PSK-NULL-SHA256
+-s
+-v 2
+-l DHE-PSK-NULL-SHA256
+
+# client TLSv1.1 DHE-PSK-NULL-SHA256
+-s
+-v 2
+-l DHE-PSK-NULL-SHA256
+
+# server TLSv1.0 DHE-PSK-NULL-SHA384
+-s
+-v 1
+-l DHE-PSK-NULL-SHA384
+
+# client TLSv1.0 DHE-PSK-NULL-SHA384
+-s
+-v 1
+-l DHE-PSK-NULL-SHA384
+
+# server TLSv1.1 DHE-PSK-NULL-SHA384
+-s
+-v 2
+-l DHE-PSK-NULL-SHA384
+
+# client TLSv1.1 DHE-PSK-NULL-SHA384
+-s
+-v 2
+-l DHE-PSK-NULL-SHA384
+
+# server TLSv1.0 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 1
+-l DHE-PSK-AES256-CBC-SHA384
+
+# client TLSv1.0 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 1
+-l DHE-PSK-AES256-CBC-SHA384
+
+# server TLSv1.1 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 2
+-l DHE-PSK-AES256-CBC-SHA384
+
+# client TLSv1.1 DHE-PSK-AES256-CBC-SHA384
+-s
+-v 2
+-l DHE-PSK-AES256-CBC-SHA384
+
+# server TLSv1.0 DHE-PSK-NULL-SHA256
+-s
+-v 1
+-l DHE-PSK-NULL-SHA256
+
+# client TLSv1.0 DHE-PSK-NULL-SHA256
+-s
+-v 1
+-l DHE-PSK-NULL-SHA256
+
+# server TLSv1.1 DHE-PSK-NULL-SHA256
+-s
+-v 2
+-l DHE-PSK-NULL-SHA256
+
+# client TLSv1.1 DHE-PSK-NULL-SHA256
+-s
+-v 2
+-l DHE-PSK-NULL-SHA256
+
+# server TLSv1.0 DHE-PSK-NULL-SHA384
+-s
+-v 1
+-l DHE-PSK-NULL-SHA384
+
+# client TLSv1.0 DHE-PSK-NULL-SHA384
+-s
+-v 1
+-l DHE-PSK-NULL-SHA384
+
+# server TLSv1.1 DHE-PSK-NULL-SHA384
+-s
+-v 2
+-l DHE-PSK-NULL-SHA384
+
+# client TLSv1.1 DHE-PSK-NULL-SHA384
+-s
+-v 2
+-l DHE-PSK-NULL-SHA384

+ 0 - 304
tests/test.conf

@@ -162,22 +162,6 @@
 -v 1
 -l AES256-SHA
 
-# server TLSv1 AES128-SHA256
--v 1
--l AES128-SHA256
-
-# client TLSv1 AES128-SHA256
--v 1
--l AES128-SHA256
-
-# server TLSv1 AES256-SHA256
--v 1
--l AES256-SHA256
-
-# client TLSv1 AES256-SHA256
--v 1
--l AES256-SHA256
-
 # server TLSv1.1 RC4-SHA
 -v 2
 -l RC4-SHA
@@ -226,22 +210,6 @@
 -v 2
 -l AES256-SHA
 
-# server TLSv1.1 AES128-SHA256
--v 2
--l AES128-SHA256
-
-# client TLSv1.1 AES128-SHA256
--v 2
--l AES128-SHA256
-
-# server TLSv1.1 AES256-SHA256
--v 2
--l AES256-SHA256
-
-# client TLSv1.1 AES256-SHA256
--v 2
--l AES256-SHA256
-
 # server TLSv1.2 RC4-SHA
 -v 3
 -l RC4-SHA
@@ -1051,22 +1019,6 @@
 -v 1
 -l DHE-RSA-AES256-SHA
 
-# server TLSv1 DHE AES128-SHA256
--v 1
--l DHE-RSA-AES128-SHA256
-
-# client TLSv1 DHE AES128-SHA256
--v 1
--l DHE-RSA-AES128-SHA256
-
-# server TLSv1 DHE AES256-SHA256
--v 1
--l DHE-RSA-AES256-SHA256
-
-# client TLSv1 DHE AES256-SHA256
--v 1
--l DHE-RSA-AES256-SHA256
-
 # server TLSv1.1 DHE AES128
 -v 2
 -l DHE-RSA-AES128-SHA
@@ -1083,22 +1035,6 @@
 -v 2
 -l DHE-RSA-AES256-SHA
 
-# server TLSv1.1 DHE AES128-SHA256
--v 2
--l DHE-RSA-AES128-SHA256
-
-# client TLSv1.1 DHE AES128-SHA256
--v 2
--l DHE-RSA-AES128-SHA256
-
-# server TLSv1.1 DHE AES256-SHA256
--v 2
--l DHE-RSA-AES256-SHA256
-
-# client TLSv1.1 DHE AES256-SHA256
--v 2
--l DHE-RSA-AES256-SHA256
-
 # server TLSv1.1 DHE 3DES
 -v 2
 -l EDH-RSA-DES-CBC3-SHA
@@ -1147,26 +1083,6 @@
 -v 3
 -l DHE-RSA-AES256-SHA256
 
-# server TLSv1 ECDHE-PSK-NULL-SHA256
--s
--v 1
--l ECDHE-PSK-NULL-SHA256
-
-# client TLSv1 ECDHE-PSK-NULL-SHA256
--s
--v 1
--l ECDHE-PSK-NULL-SHA256
-
-# server TLSv1.1 ECDHE-PSK-NULL-SHA256
--s
--v 2
--l ECDHE-PSK-NULL-SHA256
-
-# client TLSv1.1 ECDHE-PSK-NULL-SHA256
--s
--v 2
--l ECDHE-PSK-NULL-SHA256
-
 # server TLSv1.2 ECDHE-PSK-NULL-SHA256
 -s
 -v 3
@@ -1177,26 +1093,6 @@
 -v 3
 -l ECDHE-PSK-NULL-SHA256
 
-# server TLSv1 ECDHE-PSK-AES128-SHA256
--s
--v 1
--l ECDHE-PSK-AES128-SHA256
-
-# client TLSv1 ECDHE-PSK-AES128-SHA256
--s
--v 1
--l ECDHE-PSK-AES128-SHA256
-
-# server TLSv1.1 ECDHE-PSK-AES128-SHA256
--s
--v 2
--l ECDHE-PSK-AES128-SHA256
-
-# client TLSv1.1 ECDHE-PSK-AES128-SHA256
--s
--v 2
--l ECDHE-PSK-AES128-SHA256
-
 # server TLSv1.2 ECDHE-PSK-AES128-SHA256
 -s
 -v 3
@@ -1267,26 +1163,6 @@
 -v 3
 -l PSK-AES256-CBC-SHA
 
-# server TLSv1.0 PSK-AES128-SHA256
--s
--v 1
--l PSK-AES128-CBC-SHA256
-
-# client TLSv1.0 PSK-AES128-SHA256
--s
--v 1
--l PSK-AES128-CBC-SHA256
-
-# server TLSv1.1 PSK-AES128-SHA256
--s
--v 2
--l PSK-AES128-CBC-SHA256
-
-# client TLSv1.1 PSK-AES128-SHA256
--s
--v 2
--l PSK-AES128-CBC-SHA256
-
 # server TLSv1.2 PSK-AES128-SHA256
 -s
 -v 3
@@ -1297,26 +1173,6 @@
 -v 3
 -l PSK-AES128-CBC-SHA256
 
-# server TLSv1.0 PSK-AES256-SHA384
--s
--v 1
--l PSK-AES256-CBC-SHA384
-
-# client TLSv1.0 PSK-AES256-SHA384
--s
--v 1
--l PSK-AES256-CBC-SHA384
-
-# server TLSv1.1 PSK-AES256-SHA384
--s
--v 2
--l PSK-AES256-CBC-SHA384
-
-# client TLSv1.1 PSK-AES256-SHA384
--s
--v 2
--l PSK-AES256-CBC-SHA384
-
 # server TLSv1.2 PSK-AES256-SHA384
 -s
 -v 3
@@ -1445,22 +1301,6 @@
 -v 3
 -l NULL-SHA
 
-# server TLSv1.0 RSA-NULL-SHA256
--v 1
--l NULL-SHA256
-
-# client TLSv1.0 RSA-NULL-SHA256
--v 1
--l NULL-SHA256
-
-# server TLSv1.1 RSA-NULL-SHA256
--v 2
--l NULL-SHA256
-
-# client TLSv1.1 RSA-NULL-SHA256
--v 2
--l NULL-SHA256
-
 # server TLSv1.2 RSA-NULL-SHA256
 -v 3
 -l NULL-SHA256
@@ -1485,22 +1325,6 @@
 -v 1
 -l CAMELLIA256-SHA
 
-# server TLSv1 CAMELLIA128-SHA256
--v 1
--l CAMELLIA128-SHA256
-
-# client TLSv1 CAMELLIA128-SHA256
--v 1
--l CAMELLIA128-SHA256
-
-# server TLSv1 CAMELLIA256-SHA256
--v 1
--l CAMELLIA256-SHA256
-
-# client TLSv1 CAMELLIA256-SHA256
--v 1
--l CAMELLIA256-SHA256
-
 # server TLSv1.1 CAMELLIA128-SHA
 -v 2
 -l CAMELLIA128-SHA
@@ -1517,22 +1341,6 @@
 -v 2
 -l CAMELLIA256-SHA
 
-# server TLSv1.1 CAMELLIA128-SHA256
--v 2
--l CAMELLIA128-SHA256
-
-# client TLSv1.1 CAMELLIA128-SHA256
--v 2
--l CAMELLIA128-SHA256
-
-# server TLSv1.1 CAMELLIA256-SHA256
--v 2
--l CAMELLIA256-SHA256
-
-# client TLSv1.1 CAMELLIA256-SHA256
--v 2
--l CAMELLIA256-SHA256
-
 # server TLSv1.2 CAMELLIA128-SHA
 -v 3
 -l CAMELLIA128-SHA
@@ -1581,22 +1389,6 @@
 -v 1
 -l DHE-RSA-CAMELLIA256-SHA
 
-# server TLSv1 DHE-RSA-CAMELLIA128-SHA256
--v 1
--l DHE-RSA-CAMELLIA128-SHA256
-
-# client TLSv1 DHE-RSA-CAMELLIA128-SHA256
--v 1
--l DHE-RSA-CAMELLIA128-SHA256
-
-# server TLSv1 DHE-RSA-CAMELLIA256-SHA256
--v 1
--l DHE-RSA-CAMELLIA256-SHA256
-
-# client TLSv1 DHE-RSA-CAMELLIA256-SHA256
--v 1
--l DHE-RSA-CAMELLIA256-SHA256
-
 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA
 -v 2
 -l DHE-RSA-CAMELLIA128-SHA
@@ -1613,22 +1405,6 @@
 -v 2
 -l DHE-RSA-CAMELLIA256-SHA
 
-# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
--v 2
--l DHE-RSA-CAMELLIA128-SHA256
-
-# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
--v 2
--l DHE-RSA-CAMELLIA128-SHA256
-
-# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
--v 2
--l DHE-RSA-CAMELLIA256-SHA256
-
-# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
--v 2
--l DHE-RSA-CAMELLIA256-SHA256
-
 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA
 -v 3
 -l DHE-RSA-CAMELLIA128-SHA
@@ -1882,26 +1658,6 @@
 -v 3
 -l PSK-AES256-CCM-8
 
-# server TLSv1.0 DHE-PSK-AES128-CBC-SHA256
--s
--v 1
--l DHE-PSK-AES128-CBC-SHA256
-
-# client TLSv1.0 DHE-PSK-AES128-CBC-SHA256
--s
--v 1
--l DHE-PSK-AES128-CBC-SHA256
-
-# server TLSv1.1 DHE-PSK-AES128-CBC-SHA256
--s
--v 2
--l DHE-PSK-AES128-CBC-SHA256
-
-# client TLSv1.1 DHE-PSK-AES128-CBC-SHA256
--s
--v 2
--l DHE-PSK-AES128-CBC-SHA256
-
 # server TLSv1.2 DHE-PSK-AES128-CBC-SHA256
 -s
 -v 3
@@ -1912,26 +1668,6 @@
 -v 3
 -l DHE-PSK-AES128-CBC-SHA256
 
-# server TLSv1.0 DHE-PSK-AES256-CBC-SHA384
--s
--v 1
--l DHE-PSK-AES256-CBC-SHA384
-
-# client TLSv1.0 DHE-PSK-AES256-CBC-SHA384
--s
--v 1
--l DHE-PSK-AES256-CBC-SHA384
-
-# server TLSv1.1 DHE-PSK-AES256-CBC-SHA384
--s
--v 2
--l DHE-PSK-AES256-CBC-SHA384
-
-# client TLSv1.1 DHE-PSK-AES256-CBC-SHA384
--s
--v 2
--l DHE-PSK-AES256-CBC-SHA384
-
 # server TLSv1.2 DHE-PSK-AES256-CBC-SHA384
 -s
 -v 3
@@ -1942,26 +1678,6 @@
 -v 3
 -l DHE-PSK-AES256-CBC-SHA384
 
-# server TLSv1.0 DHE-PSK-NULL-SHA256
--s
--v 1
--l DHE-PSK-NULL-SHA256
-
-# client TLSv1.0 DHE-PSK-NULL-SHA256
--s
--v 1
--l DHE-PSK-NULL-SHA256
-
-# server TLSv1.1 DHE-PSK-NULL-SHA256
--s
--v 2
--l DHE-PSK-NULL-SHA256
-
-# client TLSv1.1 DHE-PSK-NULL-SHA256
--s
--v 2
--l DHE-PSK-NULL-SHA256
-
 # server TLSv1.2 DHE-PSK-NULL-SHA256
 -s
 -v 3
@@ -1972,26 +1688,6 @@
 -v 3
 -l DHE-PSK-NULL-SHA256
 
-# server TLSv1.0 DHE-PSK-NULL-SHA384
--s
--v 1
--l DHE-PSK-NULL-SHA384
-
-# client TLSv1.0 DHE-PSK-NULL-SHA384
--s
--v 1
--l DHE-PSK-NULL-SHA384
-
-# server TLSv1.1 DHE-PSK-NULL-SHA384
--s
--v 2
--l DHE-PSK-NULL-SHA384
-
-# client TLSv1.1 DHE-PSK-NULL-SHA384
--s
--v 2
--l DHE-PSK-NULL-SHA384
-
 # server TLSv1.2 DHE-PSK-NULL-SHA384
 -s
 -v 3