1
0

test-tls13-down.conf 1.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121
  1. # THIS TEST IS BROKEN
  2. # server TLSv1.3 downgrade
  3. #-v d
  4. #-l TLS13-CHACHA20-POLY1305-SHA256
  5. # client TLSv1.2
  6. #-v 3
  7. # server TLSv1.2
  8. -v 3
  9. # client TLSv1.3 downgrade
  10. -v d
  11. # server TLSv1.3 downgrade
  12. -v d
  13. # client TLSv1.3 downgrade
  14. -v d
  15. # server TLSv1.3 downgrade but don't and resume
  16. -v d
  17. -r
  18. # client TLSv1.3 downgrade but don't and resume
  19. -v d
  20. -r
  21. # server TLSv1.3 downgrade and resume
  22. -v d
  23. -r
  24. # client TLSv1.2 and resume
  25. -v 3
  26. -r
  27. # server TLSv1.2 and resume
  28. -v d
  29. -r
  30. # cient TLSv1.3 downgrade and resume
  31. -v 3
  32. -r
  33. # server TLSv1.3
  34. -v 4
  35. -l TLS13-AES128-GCM-SHA256
  36. -H exitWithRet
  37. # client TLSv1.2, should fail
  38. -v 3
  39. -H exitWithRet
  40. # server TLSv1.2
  41. -v 3
  42. -l ECDHE-RSA-AES256-GCM-SHA384
  43. -H exitWithRet
  44. # client TLSv1.3, should fail
  45. -v 4
  46. -H exitWithRet
  47. # server TLSv1.2
  48. -v 3
  49. -l ECDHE-RSA-AES256-GCM-SHA384
  50. -H exitWithRet
  51. # client
  52. # enable downgrade
  53. # minimum downgradable TLSv 1.3
  54. # expect to be failure
  55. -7 4
  56. -v d
  57. -H exitWithRet
  58. # server
  59. # enable downgrade
  60. # minimum downgradable TLSv 1.3
  61. -7 4
  62. -v d
  63. -l TLS13-AES128-GCM-SHA256
  64. # client
  65. # enable downgrade
  66. # minimum downgradable TLSv 1.3
  67. -7 4
  68. -v d
  69. # server
  70. # enable downgrade
  71. # minimum downgradable TLSv 1.2
  72. -7 3
  73. -v d
  74. -l ECDHE-RSA-AES256-GCM-SHA384
  75. # client TLSv 1.2
  76. -v 3
  77. # server
  78. # enable downgrade
  79. # minimum downgradable TLSv 1.3
  80. # expect to be failure
  81. -7 4
  82. -v d
  83. -l TLS13-AES128-GCM-SHA256
  84. -H exitWithRet
  85. # client TLSv 1.2
  86. -v 3
  87. -H exitWithRet
  88. # server TLSv1.2 - PSK
  89. -v 3
  90. -s
  91. -l ECDHE-PSK-AES128-GCM-SHA256
  92. # client TLS PSK multiversion, allow downgrade
  93. -v d
  94. -7 3
  95. -s
  96. -l ECDHE-PSK-AES128-GCM-SHA256