• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Generated with generate_ssl_tests.pl
2
3num_tests = 56
4
5test-0 = 0-ECDSA CipherString Selection
6test-1 = 1-ECDSA CipherString Selection
7test-2 = 2-ECDSA CipherString Selection
8test-3 = 3-Ed25519 CipherString and Signature Algorithm Selection
9test-4 = 4-Ed448 CipherString and Signature Algorithm Selection
10test-5 = 5-ECDSA with brainpool
11test-6 = 6-RSA CipherString Selection
12test-7 = 7-RSA-PSS Certificate CipherString Selection
13test-8 = 8-P-256 CipherString and Signature Algorithm Selection
14test-9 = 9-Ed25519 CipherString and Curves Selection
15test-10 = 10-Ed448 CipherString and Curves Selection
16test-11 = 11-ECDSA CipherString Selection, no ECDSA certificate
17test-12 = 12-ECDSA Signature Algorithm Selection
18test-13 = 13-ECDSA Signature Algorithm Selection SHA384
19test-14 = 14-ECDSA Signature Algorithm Selection SHA1
20test-15 = 15-ECDSA Signature Algorithm Selection compressed point
21test-16 = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate
22test-17 = 17-RSA Signature Algorithm Selection
23test-18 = 18-RSA-PSS Signature Algorithm Selection
24test-19 = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection
25test-20 = 20-RSA-PSS Certificate Unified Signature Algorithm Selection
26test-21 = 21-Only RSA-PSS Certificate
27test-22 = 22-Only RSA-PSS Certificate Valid Signature Algorithms
28test-23 = 23-RSA-PSS Certificate, no PSS signature algorithms
29test-24 = 24-Only RSA-PSS Restricted Certificate
30test-25 = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms
31test-26 = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm
32test-27 = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms
33test-28 = 28-RSA key exchange with all RSA certificate types
34test-29 = 29-RSA key exchange with only RSA-PSS certificate
35test-30 = 30-Suite B P-256 Hash Algorithm Selection
36test-31 = 31-Suite B P-384 Hash Algorithm Selection
37test-32 = 32-TLS 1.2 Ed25519 Client Auth
38test-33 = 33-TLS 1.2 Ed448 Client Auth
39test-34 = 34-Only RSA-PSS Certificate, TLS v1.1
40test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection
41test-36 = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
42test-37 = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
43test-38 = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
44test-39 = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
45test-40 = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
46test-41 = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS
47test-42 = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection
48test-43 = 43-TLS 1.3 Ed25519 Signature Algorithm Selection
49test-44 = 44-TLS 1.3 Ed448 Signature Algorithm Selection
50test-45 = 45-TLS 1.3 Ed25519 CipherString and Groups Selection
51test-46 = 46-TLS 1.3 Ed448 CipherString and Groups Selection
52test-47 = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection
53test-48 = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names
54test-49 = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
55test-50 = 50-TLS 1.3 Ed25519 Client Auth
56test-51 = 51-TLS 1.3 Ed448 Client Auth
57test-52 = 52-TLS 1.3 ECDSA with brainpool
58test-53 = 53-TLS 1.2 DSA Certificate Test
59test-54 = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
60test-55 = 55-TLS 1.3 DSA Certificate Test
61# ===========================================================
62
63[0-ECDSA CipherString Selection]
64ssl_conf = 0-ECDSA CipherString Selection-ssl
65
66[0-ECDSA CipherString Selection-ssl]
67server = 0-ECDSA CipherString Selection-server
68client = 0-ECDSA CipherString Selection-client
69
70[0-ECDSA CipherString Selection-server]
71Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
72CipherString = DEFAULT
73ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
74ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
75Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
76Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
77Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
78Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
79MaxProtocol = TLSv1.2
80PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
81
82[0-ECDSA CipherString Selection-client]
83CipherString = aECDSA
84MaxProtocol = TLSv1.2
85RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
86VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
87VerifyMode = Peer
88
89[test-0]
90ExpectedResult = Success
91ExpectedServerCANames = empty
92ExpectedServerCertType = P-256
93ExpectedServerSignType = EC
94
95
96# ===========================================================
97
98[1-ECDSA CipherString Selection]
99ssl_conf = 1-ECDSA CipherString Selection-ssl
100
101[1-ECDSA CipherString Selection-ssl]
102server = 1-ECDSA CipherString Selection-server
103client = 1-ECDSA CipherString Selection-client
104
105[1-ECDSA CipherString Selection-server]
106Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
107CipherString = DEFAULT
108ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
109ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
110Groups = P-384
111MaxProtocol = TLSv1.2
112PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
113
114[1-ECDSA CipherString Selection-client]
115CipherString = aECDSA
116Groups = P-256:P-384
117MaxProtocol = TLSv1.2
118RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
119VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
120VerifyMode = Peer
121
122[test-1]
123ExpectedResult = Success
124ExpectedServerCANames = empty
125ExpectedServerCertType = P-256
126ExpectedServerSignType = EC
127
128
129# ===========================================================
130
131[2-ECDSA CipherString Selection]
132ssl_conf = 2-ECDSA CipherString Selection-ssl
133
134[2-ECDSA CipherString Selection-ssl]
135server = 2-ECDSA CipherString Selection-server
136client = 2-ECDSA CipherString Selection-client
137
138[2-ECDSA CipherString Selection-server]
139Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
140CipherString = DEFAULT
141ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
142ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
143Groups = P-256:P-384
144MaxProtocol = TLSv1.2
145PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
146
147[2-ECDSA CipherString Selection-client]
148CipherString = aECDSA
149Groups = P-384
150MaxProtocol = TLSv1.2
151RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
152VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
153VerifyMode = Peer
154
155[test-2]
156ExpectedResult = ServerFail
157
158
159# ===========================================================
160
161[3-Ed25519 CipherString and Signature Algorithm Selection]
162ssl_conf = 3-Ed25519 CipherString and Signature Algorithm Selection-ssl
163
164[3-Ed25519 CipherString and Signature Algorithm Selection-ssl]
165server = 3-Ed25519 CipherString and Signature Algorithm Selection-server
166client = 3-Ed25519 CipherString and Signature Algorithm Selection-client
167
168[3-Ed25519 CipherString and Signature Algorithm Selection-server]
169Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
170CipherString = DEFAULT
171ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
172ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
173Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
174Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
175Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
176Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
177MaxProtocol = TLSv1.2
178PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
179
180[3-Ed25519 CipherString and Signature Algorithm Selection-client]
181CipherString = aECDSA
182MaxProtocol = TLSv1.2
183RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
184SignatureAlgorithms = ed25519:ECDSA+SHA256
185VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
186VerifyMode = Peer
187
188[test-3]
189ExpectedResult = Success
190ExpectedServerCANames = empty
191ExpectedServerCertType = Ed25519
192ExpectedServerSignType = Ed25519
193
194
195# ===========================================================
196
197[4-Ed448 CipherString and Signature Algorithm Selection]
198ssl_conf = 4-Ed448 CipherString and Signature Algorithm Selection-ssl
199
200[4-Ed448 CipherString and Signature Algorithm Selection-ssl]
201server = 4-Ed448 CipherString and Signature Algorithm Selection-server
202client = 4-Ed448 CipherString and Signature Algorithm Selection-client
203
204[4-Ed448 CipherString and Signature Algorithm Selection-server]
205Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
206CipherString = DEFAULT
207ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
208ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
209Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
210Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
211Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
212Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
213MaxProtocol = TLSv1.2
214PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
215
216[4-Ed448 CipherString and Signature Algorithm Selection-client]
217CipherString = aECDSA
218MaxProtocol = TLSv1.2
219RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
220SignatureAlgorithms = ed448:ECDSA+SHA256
221VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
222VerifyMode = Peer
223
224[test-4]
225ExpectedResult = Success
226ExpectedServerCANames = empty
227ExpectedServerCertType = Ed448
228ExpectedServerSignType = Ed448
229
230
231# ===========================================================
232
233[5-ECDSA with brainpool]
234ssl_conf = 5-ECDSA with brainpool-ssl
235
236[5-ECDSA with brainpool-ssl]
237server = 5-ECDSA with brainpool-server
238client = 5-ECDSA with brainpool-client
239
240[5-ECDSA with brainpool-server]
241Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
242CipherString = DEFAULT
243Groups = brainpoolP256r1
244PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
245
246[5-ECDSA with brainpool-client]
247CipherString = aECDSA
248Groups = brainpoolP256r1
249RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
250VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
251VerifyMode = Peer
252
253[test-5]
254ExpectedResult = Success
255ExpectedServerCANames = empty
256ExpectedServerCertType = brainpoolP256r1
257ExpectedServerSignType = EC
258
259
260# ===========================================================
261
262[6-RSA CipherString Selection]
263ssl_conf = 6-RSA CipherString Selection-ssl
264
265[6-RSA CipherString Selection-ssl]
266server = 6-RSA CipherString Selection-server
267client = 6-RSA CipherString Selection-client
268
269[6-RSA CipherString Selection-server]
270Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
271CipherString = DEFAULT
272ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
273ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
274Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
275Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
276Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
277Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
278MaxProtocol = TLSv1.2
279PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
280
281[6-RSA CipherString Selection-client]
282CipherString = aRSA
283MaxProtocol = TLSv1.2
284VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
285VerifyMode = Peer
286
287[test-6]
288ExpectedResult = Success
289ExpectedServerCertType = RSA
290ExpectedServerSignType = RSA-PSS
291
292
293# ===========================================================
294
295[7-RSA-PSS Certificate CipherString Selection]
296ssl_conf = 7-RSA-PSS Certificate CipherString Selection-ssl
297
298[7-RSA-PSS Certificate CipherString Selection-ssl]
299server = 7-RSA-PSS Certificate CipherString Selection-server
300client = 7-RSA-PSS Certificate CipherString Selection-client
301
302[7-RSA-PSS Certificate CipherString Selection-server]
303Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
304CipherString = DEFAULT
305ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
306ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
307Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
308Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
309Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
310Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
311MaxProtocol = TLSv1.2
312PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
313PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
314PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
315
316[7-RSA-PSS Certificate CipherString Selection-client]
317CipherString = aRSA
318MaxProtocol = TLSv1.2
319VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
320VerifyMode = Peer
321
322[test-7]
323ExpectedResult = Success
324ExpectedServerCertType = RSA-PSS
325ExpectedServerSignType = RSA-PSS
326
327
328# ===========================================================
329
330[8-P-256 CipherString and Signature Algorithm Selection]
331ssl_conf = 8-P-256 CipherString and Signature Algorithm Selection-ssl
332
333[8-P-256 CipherString and Signature Algorithm Selection-ssl]
334server = 8-P-256 CipherString and Signature Algorithm Selection-server
335client = 8-P-256 CipherString and Signature Algorithm Selection-client
336
337[8-P-256 CipherString and Signature Algorithm Selection-server]
338Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
339CipherString = DEFAULT
340ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
341ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
342Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
343Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
344Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
345Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
346MaxProtocol = TLSv1.2
347PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
348
349[8-P-256 CipherString and Signature Algorithm Selection-client]
350CipherString = aECDSA
351MaxProtocol = TLSv1.2
352SignatureAlgorithms = ECDSA+SHA256:ed25519
353VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
354VerifyMode = Peer
355
356[test-8]
357ExpectedResult = Success
358ExpectedServerCertType = P-256
359ExpectedServerSignHash = SHA256
360ExpectedServerSignType = EC
361
362
363# ===========================================================
364
365[9-Ed25519 CipherString and Curves Selection]
366ssl_conf = 9-Ed25519 CipherString and Curves Selection-ssl
367
368[9-Ed25519 CipherString and Curves Selection-ssl]
369server = 9-Ed25519 CipherString and Curves Selection-server
370client = 9-Ed25519 CipherString and Curves Selection-client
371
372[9-Ed25519 CipherString and Curves Selection-server]
373Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
374CipherString = DEFAULT
375ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
376ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
377Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
378Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
379Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
380Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
381MaxProtocol = TLSv1.2
382PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
383
384[9-Ed25519 CipherString and Curves Selection-client]
385CipherString = aECDSA
386Curves = X25519
387MaxProtocol = TLSv1.2
388SignatureAlgorithms = ECDSA+SHA256:ed25519
389VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
390VerifyMode = Peer
391
392[test-9]
393ExpectedResult = Success
394ExpectedServerCertType = Ed25519
395ExpectedServerSignType = Ed25519
396
397
398# ===========================================================
399
400[10-Ed448 CipherString and Curves Selection]
401ssl_conf = 10-Ed448 CipherString and Curves Selection-ssl
402
403[10-Ed448 CipherString and Curves Selection-ssl]
404server = 10-Ed448 CipherString and Curves Selection-server
405client = 10-Ed448 CipherString and Curves Selection-client
406
407[10-Ed448 CipherString and Curves Selection-server]
408Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
409CipherString = DEFAULT
410ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
411ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
412Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
413Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
414Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
415Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
416MaxProtocol = TLSv1.2
417PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
418
419[10-Ed448 CipherString and Curves Selection-client]
420CipherString = aECDSA
421Curves = X448
422MaxProtocol = TLSv1.2
423SignatureAlgorithms = ECDSA+SHA256:ed448
424VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
425VerifyMode = Peer
426
427[test-10]
428ExpectedResult = Success
429ExpectedServerCertType = Ed448
430ExpectedServerSignType = Ed448
431
432
433# ===========================================================
434
435[11-ECDSA CipherString Selection, no ECDSA certificate]
436ssl_conf = 11-ECDSA CipherString Selection, no ECDSA certificate-ssl
437
438[11-ECDSA CipherString Selection, no ECDSA certificate-ssl]
439server = 11-ECDSA CipherString Selection, no ECDSA certificate-server
440client = 11-ECDSA CipherString Selection, no ECDSA certificate-client
441
442[11-ECDSA CipherString Selection, no ECDSA certificate-server]
443Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
444CipherString = DEFAULT
445MaxProtocol = TLSv1.2
446PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
447
448[11-ECDSA CipherString Selection, no ECDSA certificate-client]
449CipherString = aECDSA
450MaxProtocol = TLSv1.2
451VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
452VerifyMode = Peer
453
454[test-11]
455ExpectedResult = ServerFail
456
457
458# ===========================================================
459
460[12-ECDSA Signature Algorithm Selection]
461ssl_conf = 12-ECDSA Signature Algorithm Selection-ssl
462
463[12-ECDSA Signature Algorithm Selection-ssl]
464server = 12-ECDSA Signature Algorithm Selection-server
465client = 12-ECDSA Signature Algorithm Selection-client
466
467[12-ECDSA Signature Algorithm Selection-server]
468Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
469CipherString = DEFAULT
470ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
471ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
472Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
473Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
474Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
475Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
476MaxProtocol = TLSv1.2
477PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
478
479[12-ECDSA Signature Algorithm Selection-client]
480CipherString = DEFAULT
481SignatureAlgorithms = ECDSA+SHA256
482VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
483VerifyMode = Peer
484
485[test-12]
486ExpectedResult = Success
487ExpectedServerCertType = P-256
488ExpectedServerSignHash = SHA256
489ExpectedServerSignType = EC
490
491
492# ===========================================================
493
494[13-ECDSA Signature Algorithm Selection SHA384]
495ssl_conf = 13-ECDSA Signature Algorithm Selection SHA384-ssl
496
497[13-ECDSA Signature Algorithm Selection SHA384-ssl]
498server = 13-ECDSA Signature Algorithm Selection SHA384-server
499client = 13-ECDSA Signature Algorithm Selection SHA384-client
500
501[13-ECDSA Signature Algorithm Selection SHA384-server]
502Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
503CipherString = DEFAULT
504ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
505ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
506Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
507Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
508Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
509Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
510MaxProtocol = TLSv1.2
511PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
512
513[13-ECDSA Signature Algorithm Selection SHA384-client]
514CipherString = DEFAULT
515SignatureAlgorithms = ECDSA+SHA384
516VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
517VerifyMode = Peer
518
519[test-13]
520ExpectedResult = Success
521ExpectedServerCertType = P-256
522ExpectedServerSignHash = SHA384
523ExpectedServerSignType = EC
524
525
526# ===========================================================
527
528[14-ECDSA Signature Algorithm Selection SHA1]
529ssl_conf = 14-ECDSA Signature Algorithm Selection SHA1-ssl
530
531[14-ECDSA Signature Algorithm Selection SHA1-ssl]
532server = 14-ECDSA Signature Algorithm Selection SHA1-server
533client = 14-ECDSA Signature Algorithm Selection SHA1-client
534
535[14-ECDSA Signature Algorithm Selection SHA1-server]
536Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
537CipherString = DEFAULT
538ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
539ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
540Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
541Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
542Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
543Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
544MaxProtocol = TLSv1.2
545PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
546
547[14-ECDSA Signature Algorithm Selection SHA1-client]
548CipherString = DEFAULT
549SignatureAlgorithms = ECDSA+SHA1
550VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
551VerifyMode = Peer
552
553[test-14]
554ExpectedResult = Success
555ExpectedServerCertType = P-256
556ExpectedServerSignHash = SHA1
557ExpectedServerSignType = EC
558
559
560# ===========================================================
561
562[15-ECDSA Signature Algorithm Selection compressed point]
563ssl_conf = 15-ECDSA Signature Algorithm Selection compressed point-ssl
564
565[15-ECDSA Signature Algorithm Selection compressed point-ssl]
566server = 15-ECDSA Signature Algorithm Selection compressed point-server
567client = 15-ECDSA Signature Algorithm Selection compressed point-client
568
569[15-ECDSA Signature Algorithm Selection compressed point-server]
570Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
571CipherString = DEFAULT
572ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
573ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
574MaxProtocol = TLSv1.2
575PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
576
577[15-ECDSA Signature Algorithm Selection compressed point-client]
578CipherString = DEFAULT
579SignatureAlgorithms = ECDSA+SHA256
580VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
581VerifyMode = Peer
582
583[test-15]
584ExpectedResult = Success
585ExpectedServerCertType = P-256
586ExpectedServerSignHash = SHA256
587ExpectedServerSignType = EC
588
589
590# ===========================================================
591
592[16-ECDSA Signature Algorithm Selection, no ECDSA certificate]
593ssl_conf = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
594
595[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
596server = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
597client = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
598
599[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
600Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
601CipherString = DEFAULT
602MaxProtocol = TLSv1.2
603PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
604
605[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
606CipherString = DEFAULT
607SignatureAlgorithms = ECDSA+SHA256
608VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
609VerifyMode = Peer
610
611[test-16]
612ExpectedResult = ServerFail
613
614
615# ===========================================================
616
617[17-RSA Signature Algorithm Selection]
618ssl_conf = 17-RSA Signature Algorithm Selection-ssl
619
620[17-RSA Signature Algorithm Selection-ssl]
621server = 17-RSA Signature Algorithm Selection-server
622client = 17-RSA Signature Algorithm Selection-client
623
624[17-RSA Signature Algorithm Selection-server]
625Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
626CipherString = DEFAULT
627ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
628ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
629Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
630Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
631Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
632Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
633MaxProtocol = TLSv1.2
634PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
635
636[17-RSA Signature Algorithm Selection-client]
637CipherString = DEFAULT
638SignatureAlgorithms = RSA+SHA256
639VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
640VerifyMode = Peer
641
642[test-17]
643ExpectedResult = Success
644ExpectedServerCertType = RSA
645ExpectedServerSignHash = SHA256
646ExpectedServerSignType = RSA
647
648
649# ===========================================================
650
651[18-RSA-PSS Signature Algorithm Selection]
652ssl_conf = 18-RSA-PSS Signature Algorithm Selection-ssl
653
654[18-RSA-PSS Signature Algorithm Selection-ssl]
655server = 18-RSA-PSS Signature Algorithm Selection-server
656client = 18-RSA-PSS Signature Algorithm Selection-client
657
658[18-RSA-PSS Signature Algorithm Selection-server]
659Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
660CipherString = DEFAULT
661ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
662ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
663Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
664Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
665Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
666Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
667MaxProtocol = TLSv1.2
668PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
669
670[18-RSA-PSS Signature Algorithm Selection-client]
671CipherString = DEFAULT
672SignatureAlgorithms = RSA-PSS+SHA256
673VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
674VerifyMode = Peer
675
676[test-18]
677ExpectedResult = Success
678ExpectedServerCertType = RSA
679ExpectedServerSignHash = SHA256
680ExpectedServerSignType = RSA-PSS
681
682
683# ===========================================================
684
685[19-RSA-PSS Certificate Legacy Signature Algorithm Selection]
686ssl_conf = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl
687
688[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl]
689server = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server
690client = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client
691
692[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server]
693Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
694CipherString = DEFAULT
695ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
696ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
697Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
698Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
699Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
700Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
701MaxProtocol = TLSv1.2
702PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
703PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
704PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
705
706[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client]
707CipherString = DEFAULT
708SignatureAlgorithms = RSA-PSS+SHA256
709VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
710VerifyMode = Peer
711
712[test-19]
713ExpectedResult = Success
714ExpectedServerCertType = RSA
715ExpectedServerSignHash = SHA256
716ExpectedServerSignType = RSA-PSS
717
718
719# ===========================================================
720
721[20-RSA-PSS Certificate Unified Signature Algorithm Selection]
722ssl_conf = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl
723
724[20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl]
725server = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-server
726client = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-client
727
728[20-RSA-PSS Certificate Unified Signature Algorithm Selection-server]
729Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
730CipherString = DEFAULT
731ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
732ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
733Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
734Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
735Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
736Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
737MaxProtocol = TLSv1.2
738PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
739PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
740PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
741
742[20-RSA-PSS Certificate Unified Signature Algorithm Selection-client]
743CipherString = DEFAULT
744SignatureAlgorithms = rsa_pss_pss_sha256
745VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
746VerifyMode = Peer
747
748[test-20]
749ExpectedResult = Success
750ExpectedServerCertType = RSA-PSS
751ExpectedServerSignHash = SHA256
752ExpectedServerSignType = RSA-PSS
753
754
755# ===========================================================
756
757[21-Only RSA-PSS Certificate]
758ssl_conf = 21-Only RSA-PSS Certificate-ssl
759
760[21-Only RSA-PSS Certificate-ssl]
761server = 21-Only RSA-PSS Certificate-server
762client = 21-Only RSA-PSS Certificate-client
763
764[21-Only RSA-PSS Certificate-server]
765Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
766CipherString = DEFAULT
767PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
768
769[21-Only RSA-PSS Certificate-client]
770CipherString = DEFAULT
771VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
772VerifyMode = Peer
773
774[test-21]
775ExpectedResult = Success
776ExpectedServerCertType = RSA-PSS
777ExpectedServerSignHash = SHA256
778ExpectedServerSignType = RSA-PSS
779
780
781# ===========================================================
782
783[22-Only RSA-PSS Certificate Valid Signature Algorithms]
784ssl_conf = 22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl
785
786[22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl]
787server = 22-Only RSA-PSS Certificate Valid Signature Algorithms-server
788client = 22-Only RSA-PSS Certificate Valid Signature Algorithms-client
789
790[22-Only RSA-PSS Certificate Valid Signature Algorithms-server]
791Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
792CipherString = DEFAULT
793PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
794
795[22-Only RSA-PSS Certificate Valid Signature Algorithms-client]
796CipherString = DEFAULT
797SignatureAlgorithms = rsa_pss_pss_sha512
798VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
799VerifyMode = Peer
800
801[test-22]
802ExpectedResult = Success
803ExpectedServerCertType = RSA-PSS
804ExpectedServerSignHash = SHA512
805ExpectedServerSignType = RSA-PSS
806
807
808# ===========================================================
809
810[23-RSA-PSS Certificate, no PSS signature algorithms]
811ssl_conf = 23-RSA-PSS Certificate, no PSS signature algorithms-ssl
812
813[23-RSA-PSS Certificate, no PSS signature algorithms-ssl]
814server = 23-RSA-PSS Certificate, no PSS signature algorithms-server
815client = 23-RSA-PSS Certificate, no PSS signature algorithms-client
816
817[23-RSA-PSS Certificate, no PSS signature algorithms-server]
818Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
819CipherString = DEFAULT
820PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
821
822[23-RSA-PSS Certificate, no PSS signature algorithms-client]
823CipherString = DEFAULT
824SignatureAlgorithms = RSA+SHA256
825VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
826VerifyMode = Peer
827
828[test-23]
829ExpectedResult = ServerFail
830
831
832# ===========================================================
833
834[24-Only RSA-PSS Restricted Certificate]
835ssl_conf = 24-Only RSA-PSS Restricted Certificate-ssl
836
837[24-Only RSA-PSS Restricted Certificate-ssl]
838server = 24-Only RSA-PSS Restricted Certificate-server
839client = 24-Only RSA-PSS Restricted Certificate-client
840
841[24-Only RSA-PSS Restricted Certificate-server]
842Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
843CipherString = DEFAULT
844PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
845
846[24-Only RSA-PSS Restricted Certificate-client]
847CipherString = DEFAULT
848VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
849VerifyMode = Peer
850
851[test-24]
852ExpectedResult = Success
853ExpectedServerCertType = RSA-PSS
854ExpectedServerSignHash = SHA256
855ExpectedServerSignType = RSA-PSS
856
857
858# ===========================================================
859
860[25-RSA-PSS Restricted Certificate Valid Signature Algorithms]
861ssl_conf = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl
862
863[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl]
864server = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server
865client = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client
866
867[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server]
868Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
869CipherString = DEFAULT
870PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
871
872[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client]
873CipherString = DEFAULT
874SignatureAlgorithms = rsa_pss_pss_sha256:rsa_pss_pss_sha512
875VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
876VerifyMode = Peer
877
878[test-25]
879ExpectedResult = Success
880ExpectedServerCertType = RSA-PSS
881ExpectedServerSignHash = SHA256
882ExpectedServerSignType = RSA-PSS
883
884
885# ===========================================================
886
887[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm]
888ssl_conf = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl
889
890[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl]
891server = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server
892client = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client
893
894[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server]
895Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
896CipherString = DEFAULT
897PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
898
899[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client]
900CipherString = DEFAULT
901SignatureAlgorithms = rsa_pss_pss_sha512:rsa_pss_pss_sha256
902VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
903VerifyMode = Peer
904
905[test-26]
906ExpectedResult = Success
907ExpectedServerCertType = RSA-PSS
908ExpectedServerSignHash = SHA256
909ExpectedServerSignType = RSA-PSS
910
911
912# ===========================================================
913
914[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms]
915ssl_conf = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl
916
917[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl]
918server = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server
919client = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client
920
921[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server]
922Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
923CipherString = DEFAULT
924PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
925
926[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client]
927CipherString = DEFAULT
928SignatureAlgorithms = rsa_pss_pss_sha512
929VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
930VerifyMode = Peer
931
932[test-27]
933ExpectedResult = ServerFail
934
935
936# ===========================================================
937
938[28-RSA key exchange with all RSA certificate types]
939ssl_conf = 28-RSA key exchange with all RSA certificate types-ssl
940
941[28-RSA key exchange with all RSA certificate types-ssl]
942server = 28-RSA key exchange with all RSA certificate types-server
943client = 28-RSA key exchange with all RSA certificate types-client
944
945[28-RSA key exchange with all RSA certificate types-server]
946Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
947CipherString = DEFAULT
948PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
949PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
950PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
951
952[28-RSA key exchange with all RSA certificate types-client]
953CipherString = kRSA
954MaxProtocol = TLSv1.2
955VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
956VerifyMode = Peer
957
958[test-28]
959ExpectedResult = Success
960ExpectedServerCertType = RSA
961
962
963# ===========================================================
964
965[29-RSA key exchange with only RSA-PSS certificate]
966ssl_conf = 29-RSA key exchange with only RSA-PSS certificate-ssl
967
968[29-RSA key exchange with only RSA-PSS certificate-ssl]
969server = 29-RSA key exchange with only RSA-PSS certificate-server
970client = 29-RSA key exchange with only RSA-PSS certificate-client
971
972[29-RSA key exchange with only RSA-PSS certificate-server]
973Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
974CipherString = DEFAULT
975PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
976
977[29-RSA key exchange with only RSA-PSS certificate-client]
978CipherString = kRSA
979MaxProtocol = TLSv1.2
980VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
981VerifyMode = Peer
982
983[test-29]
984ExpectedResult = ServerFail
985
986
987# ===========================================================
988
989[30-Suite B P-256 Hash Algorithm Selection]
990ssl_conf = 30-Suite B P-256 Hash Algorithm Selection-ssl
991
992[30-Suite B P-256 Hash Algorithm Selection-ssl]
993server = 30-Suite B P-256 Hash Algorithm Selection-server
994client = 30-Suite B P-256 Hash Algorithm Selection-client
995
996[30-Suite B P-256 Hash Algorithm Selection-server]
997Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
998CipherString = SUITEB128
999ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
1000ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem
1001MaxProtocol = TLSv1.2
1002PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1003
1004[30-Suite B P-256 Hash Algorithm Selection-client]
1005CipherString = DEFAULT
1006SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256
1007VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
1008VerifyMode = Peer
1009
1010[test-30]
1011ExpectedResult = Success
1012ExpectedServerCertType = P-256
1013ExpectedServerSignHash = SHA256
1014ExpectedServerSignType = EC
1015
1016
1017# ===========================================================
1018
1019[31-Suite B P-384 Hash Algorithm Selection]
1020ssl_conf = 31-Suite B P-384 Hash Algorithm Selection-ssl
1021
1022[31-Suite B P-384 Hash Algorithm Selection-ssl]
1023server = 31-Suite B P-384 Hash Algorithm Selection-server
1024client = 31-Suite B P-384 Hash Algorithm Selection-client
1025
1026[31-Suite B P-384 Hash Algorithm Selection-server]
1027Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1028CipherString = SUITEB128
1029ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
1030ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
1031MaxProtocol = TLSv1.2
1032PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1033
1034[31-Suite B P-384 Hash Algorithm Selection-client]
1035CipherString = DEFAULT
1036SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384
1037VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
1038VerifyMode = Peer
1039
1040[test-31]
1041ExpectedResult = Success
1042ExpectedServerCertType = P-384
1043ExpectedServerSignHash = SHA384
1044ExpectedServerSignType = EC
1045
1046
1047# ===========================================================
1048
1049[32-TLS 1.2 Ed25519 Client Auth]
1050ssl_conf = 32-TLS 1.2 Ed25519 Client Auth-ssl
1051
1052[32-TLS 1.2 Ed25519 Client Auth-ssl]
1053server = 32-TLS 1.2 Ed25519 Client Auth-server
1054client = 32-TLS 1.2 Ed25519 Client Auth-client
1055
1056[32-TLS 1.2 Ed25519 Client Auth-server]
1057Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1058CipherString = DEFAULT
1059PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1060VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1061VerifyMode = Require
1062
1063[32-TLS 1.2 Ed25519 Client Auth-client]
1064CipherString = DEFAULT
1065Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
1066Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
1067MaxProtocol = TLSv1.2
1068MinProtocol = TLSv1.2
1069VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1070VerifyMode = Peer
1071
1072[test-32]
1073ExpectedClientCertType = Ed25519
1074ExpectedClientSignType = Ed25519
1075ExpectedResult = Success
1076
1077
1078# ===========================================================
1079
1080[33-TLS 1.2 Ed448 Client Auth]
1081ssl_conf = 33-TLS 1.2 Ed448 Client Auth-ssl
1082
1083[33-TLS 1.2 Ed448 Client Auth-ssl]
1084server = 33-TLS 1.2 Ed448 Client Auth-server
1085client = 33-TLS 1.2 Ed448 Client Auth-client
1086
1087[33-TLS 1.2 Ed448 Client Auth-server]
1088Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1089CipherString = DEFAULT
1090PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1091VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1092VerifyMode = Require
1093
1094[33-TLS 1.2 Ed448 Client Auth-client]
1095CipherString = DEFAULT
1096Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
1097Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
1098MaxProtocol = TLSv1.2
1099MinProtocol = TLSv1.2
1100VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1101VerifyMode = Peer
1102
1103[test-33]
1104ExpectedClientCertType = Ed448
1105ExpectedClientSignType = Ed448
1106ExpectedResult = Success
1107
1108
1109# ===========================================================
1110
1111[34-Only RSA-PSS Certificate, TLS v1.1]
1112ssl_conf = 34-Only RSA-PSS Certificate, TLS v1.1-ssl
1113
1114[34-Only RSA-PSS Certificate, TLS v1.1-ssl]
1115server = 34-Only RSA-PSS Certificate, TLS v1.1-server
1116client = 34-Only RSA-PSS Certificate, TLS v1.1-client
1117
1118[34-Only RSA-PSS Certificate, TLS v1.1-server]
1119Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
1120CipherString = DEFAULT
1121PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
1122
1123[34-Only RSA-PSS Certificate, TLS v1.1-client]
1124CipherString = DEFAULT
1125MaxProtocol = TLSv1.1
1126VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1127VerifyMode = Peer
1128
1129[test-34]
1130ExpectedResult = ServerFail
1131
1132
1133# ===========================================================
1134
1135[35-TLS 1.3 ECDSA Signature Algorithm Selection]
1136ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl
1137
1138[35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl]
1139server = 35-TLS 1.3 ECDSA Signature Algorithm Selection-server
1140client = 35-TLS 1.3 ECDSA Signature Algorithm Selection-client
1141
1142[35-TLS 1.3 ECDSA Signature Algorithm Selection-server]
1143Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1144CipherString = DEFAULT
1145ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1146ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1147Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1148Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1149Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1150Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1151MaxProtocol = TLSv1.3
1152MinProtocol = TLSv1.3
1153PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1154
1155[35-TLS 1.3 ECDSA Signature Algorithm Selection-client]
1156CipherString = DEFAULT
1157SignatureAlgorithms = ECDSA+SHA256
1158VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1159VerifyMode = Peer
1160
1161[test-35]
1162ExpectedResult = Success
1163ExpectedServerCANames = empty
1164ExpectedServerCertType = P-256
1165ExpectedServerSignHash = SHA256
1166ExpectedServerSignType = EC
1167
1168
1169# ===========================================================
1170
1171[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point]
1172ssl_conf = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl
1173
1174[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl]
1175server = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server
1176client = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client
1177
1178[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server]
1179Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1180CipherString = DEFAULT
1181ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
1182ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
1183MaxProtocol = TLSv1.3
1184MinProtocol = TLSv1.3
1185PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1186
1187[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client]
1188CipherString = DEFAULT
1189SignatureAlgorithms = ECDSA+SHA256
1190VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1191VerifyMode = Peer
1192
1193[test-36]
1194ExpectedResult = Success
1195ExpectedServerCANames = empty
1196ExpectedServerCertType = P-256
1197ExpectedServerSignHash = SHA256
1198ExpectedServerSignType = EC
1199
1200
1201# ===========================================================
1202
1203[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1]
1204ssl_conf = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl
1205
1206[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl]
1207server = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server
1208client = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
1209
1210[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
1211Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1212CipherString = DEFAULT
1213ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1214ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1215Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1216Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1217Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1218Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1219MaxProtocol = TLSv1.3
1220MinProtocol = TLSv1.3
1221PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1222
1223[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
1224CipherString = DEFAULT
1225SignatureAlgorithms = ECDSA+SHA1
1226VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1227VerifyMode = Peer
1228
1229[test-37]
1230ExpectedResult = ServerFail
1231
1232
1233# ===========================================================
1234
1235[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS]
1236ssl_conf = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl
1237
1238[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl]
1239server = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server
1240client = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client
1241
1242[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server]
1243Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1244CipherString = DEFAULT
1245ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1246ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1247Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1248Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1249Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1250Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1251MaxProtocol = TLSv1.3
1252MinProtocol = TLSv1.3
1253PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1254
1255[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client]
1256CipherString = DEFAULT
1257RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1258SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256
1259VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1260VerifyMode = Peer
1261
1262[test-38]
1263ExpectedResult = Success
1264ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1265ExpectedServerCertType = P-256
1266ExpectedServerSignHash = SHA256
1267ExpectedServerSignType = EC
1268
1269
1270# ===========================================================
1271
1272[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS]
1273ssl_conf = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl
1274
1275[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl]
1276server = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server
1277client = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client
1278
1279[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server]
1280Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1281CipherString = DEFAULT
1282ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1283ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1284Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1285Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1286Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1287Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1288MaxProtocol = TLSv1.3
1289MinProtocol = TLSv1.3
1290PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1291
1292[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client]
1293CipherString = DEFAULT
1294SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384
1295VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1296VerifyMode = Peer
1297
1298[test-39]
1299ExpectedResult = Success
1300ExpectedServerCertType = RSA
1301ExpectedServerSignHash = SHA384
1302ExpectedServerSignType = RSA-PSS
1303
1304
1305# ===========================================================
1306
1307[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate]
1308ssl_conf = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
1309
1310[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
1311server = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server
1312client = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client
1313
1314[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
1315Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1316CipherString = DEFAULT
1317MaxProtocol = TLSv1.3
1318MinProtocol = TLSv1.3
1319PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1320
1321[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
1322CipherString = DEFAULT
1323SignatureAlgorithms = ECDSA+SHA256
1324VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1325VerifyMode = Peer
1326
1327[test-40]
1328ExpectedResult = ServerFail
1329
1330
1331# ===========================================================
1332
1333[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS]
1334ssl_conf = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl
1335
1336[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl]
1337server = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server
1338client = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client
1339
1340[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server]
1341Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1342CipherString = DEFAULT
1343ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1344ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1345Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1346Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1347Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1348Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1349MaxProtocol = TLSv1.3
1350MinProtocol = TLSv1.3
1351PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1352
1353[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client]
1354CipherString = DEFAULT
1355SignatureAlgorithms = RSA+SHA256
1356VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1357VerifyMode = Peer
1358
1359[test-41]
1360ExpectedResult = ServerFail
1361
1362
1363# ===========================================================
1364
1365[42-TLS 1.3 RSA-PSS Signature Algorithm Selection]
1366ssl_conf = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl
1367
1368[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl]
1369server = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server
1370client = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client
1371
1372[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server]
1373Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1374CipherString = DEFAULT
1375ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1376ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1377Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1378Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1379Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1380Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1381MaxProtocol = TLSv1.3
1382MinProtocol = TLSv1.3
1383PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1384
1385[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client]
1386CipherString = DEFAULT
1387SignatureAlgorithms = RSA-PSS+SHA256
1388VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1389VerifyMode = Peer
1390
1391[test-42]
1392ExpectedResult = Success
1393ExpectedServerCertType = RSA
1394ExpectedServerSignHash = SHA256
1395ExpectedServerSignType = RSA-PSS
1396
1397
1398# ===========================================================
1399
1400[43-TLS 1.3 Ed25519 Signature Algorithm Selection]
1401ssl_conf = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl
1402
1403[43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl]
1404server = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-server
1405client = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-client
1406
1407[43-TLS 1.3 Ed25519 Signature Algorithm Selection-server]
1408Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1409CipherString = DEFAULT
1410ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1411ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1412Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1413Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1414Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1415Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1416MaxProtocol = TLSv1.3
1417MinProtocol = TLSv1.3
1418PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1419
1420[43-TLS 1.3 Ed25519 Signature Algorithm Selection-client]
1421CipherString = DEFAULT
1422SignatureAlgorithms = ed25519
1423VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1424VerifyMode = Peer
1425
1426[test-43]
1427ExpectedResult = Success
1428ExpectedServerCertType = Ed25519
1429ExpectedServerSignType = Ed25519
1430
1431
1432# ===========================================================
1433
1434[44-TLS 1.3 Ed448 Signature Algorithm Selection]
1435ssl_conf = 44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl
1436
1437[44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl]
1438server = 44-TLS 1.3 Ed448 Signature Algorithm Selection-server
1439client = 44-TLS 1.3 Ed448 Signature Algorithm Selection-client
1440
1441[44-TLS 1.3 Ed448 Signature Algorithm Selection-server]
1442Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1443CipherString = DEFAULT
1444ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1445ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1446Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1447Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1448Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1449Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1450MaxProtocol = TLSv1.3
1451MinProtocol = TLSv1.3
1452PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1453
1454[44-TLS 1.3 Ed448 Signature Algorithm Selection-client]
1455CipherString = DEFAULT
1456SignatureAlgorithms = ed448
1457VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
1458VerifyMode = Peer
1459
1460[test-44]
1461ExpectedResult = Success
1462ExpectedServerCertType = Ed448
1463ExpectedServerSignType = Ed448
1464
1465
1466# ===========================================================
1467
1468[45-TLS 1.3 Ed25519 CipherString and Groups Selection]
1469ssl_conf = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl
1470
1471[45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl]
1472server = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-server
1473client = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-client
1474
1475[45-TLS 1.3 Ed25519 CipherString and Groups Selection-server]
1476Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1477CipherString = DEFAULT
1478ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1479ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1480Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1481Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1482Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1483Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1484MaxProtocol = TLSv1.3
1485MinProtocol = TLSv1.3
1486PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1487
1488[45-TLS 1.3 Ed25519 CipherString and Groups Selection-client]
1489CipherString = DEFAULT
1490Groups = X25519
1491SignatureAlgorithms = ECDSA+SHA256:ed25519
1492VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1493VerifyMode = Peer
1494
1495[test-45]
1496ExpectedResult = Success
1497ExpectedServerCertType = P-256
1498ExpectedServerSignType = EC
1499
1500
1501# ===========================================================
1502
1503[46-TLS 1.3 Ed448 CipherString and Groups Selection]
1504ssl_conf = 46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl
1505
1506[46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl]
1507server = 46-TLS 1.3 Ed448 CipherString and Groups Selection-server
1508client = 46-TLS 1.3 Ed448 CipherString and Groups Selection-client
1509
1510[46-TLS 1.3 Ed448 CipherString and Groups Selection-server]
1511Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1512CipherString = DEFAULT
1513ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1514ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1515Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1516Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1517Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1518Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1519MaxProtocol = TLSv1.3
1520MinProtocol = TLSv1.3
1521PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1522
1523[46-TLS 1.3 Ed448 CipherString and Groups Selection-client]
1524CipherString = DEFAULT
1525Groups = X448
1526SignatureAlgorithms = ECDSA+SHA256:ed448
1527VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1528VerifyMode = Peer
1529
1530[test-46]
1531ExpectedResult = Success
1532ExpectedServerCertType = P-256
1533ExpectedServerSignType = EC
1534
1535
1536# ===========================================================
1537
1538[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection]
1539ssl_conf = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl
1540
1541[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl]
1542server = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server
1543client = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client
1544
1545[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server]
1546Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1547CipherString = DEFAULT
1548ClientSignatureAlgorithms = PSS+SHA256
1549PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1550VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1551VerifyMode = Require
1552
1553[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client]
1554CipherString = DEFAULT
1555ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1556ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1557MaxProtocol = TLSv1.3
1558MinProtocol = TLSv1.3
1559RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1560RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1561VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1562VerifyMode = Peer
1563
1564[test-47]
1565ExpectedClientCANames = empty
1566ExpectedClientCertType = RSA
1567ExpectedClientSignHash = SHA256
1568ExpectedClientSignType = RSA-PSS
1569ExpectedResult = Success
1570
1571
1572# ===========================================================
1573
1574[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names]
1575ssl_conf = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl
1576
1577[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl]
1578server = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server
1579client = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client
1580
1581[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server]
1582Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1583CipherString = DEFAULT
1584ClientSignatureAlgorithms = PSS+SHA256
1585PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1586RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1587VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1588VerifyMode = Require
1589
1590[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client]
1591CipherString = DEFAULT
1592ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1593ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1594MaxProtocol = TLSv1.3
1595MinProtocol = TLSv1.3
1596RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1597RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1598VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1599VerifyMode = Peer
1600
1601[test-48]
1602ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1603ExpectedClientCertType = RSA
1604ExpectedClientSignHash = SHA256
1605ExpectedClientSignType = RSA-PSS
1606ExpectedResult = Success
1607
1608
1609# ===========================================================
1610
1611[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection]
1612ssl_conf = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl
1613
1614[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl]
1615server = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server
1616client = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client
1617
1618[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server]
1619Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1620CipherString = DEFAULT
1621ClientSignatureAlgorithms = ECDSA+SHA256
1622PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1623VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1624VerifyMode = Require
1625
1626[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client]
1627CipherString = DEFAULT
1628ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1629ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1630MaxProtocol = TLSv1.3
1631MinProtocol = TLSv1.3
1632RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1633RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1634VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1635VerifyMode = Peer
1636
1637[test-49]
1638ExpectedClientCertType = P-256
1639ExpectedClientSignHash = SHA256
1640ExpectedClientSignType = EC
1641ExpectedResult = Success
1642
1643
1644# ===========================================================
1645
1646[50-TLS 1.3 Ed25519 Client Auth]
1647ssl_conf = 50-TLS 1.3 Ed25519 Client Auth-ssl
1648
1649[50-TLS 1.3 Ed25519 Client Auth-ssl]
1650server = 50-TLS 1.3 Ed25519 Client Auth-server
1651client = 50-TLS 1.3 Ed25519 Client Auth-client
1652
1653[50-TLS 1.3 Ed25519 Client Auth-server]
1654Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1655CipherString = DEFAULT
1656PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1657VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1658VerifyMode = Require
1659
1660[50-TLS 1.3 Ed25519 Client Auth-client]
1661CipherString = DEFAULT
1662EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
1663EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
1664MaxProtocol = TLSv1.3
1665MinProtocol = TLSv1.3
1666VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1667VerifyMode = Peer
1668
1669[test-50]
1670ExpectedClientCertType = Ed25519
1671ExpectedClientSignType = Ed25519
1672ExpectedResult = Success
1673
1674
1675# ===========================================================
1676
1677[51-TLS 1.3 Ed448 Client Auth]
1678ssl_conf = 51-TLS 1.3 Ed448 Client Auth-ssl
1679
1680[51-TLS 1.3 Ed448 Client Auth-ssl]
1681server = 51-TLS 1.3 Ed448 Client Auth-server
1682client = 51-TLS 1.3 Ed448 Client Auth-client
1683
1684[51-TLS 1.3 Ed448 Client Auth-server]
1685Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1686CipherString = DEFAULT
1687PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1688VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1689VerifyMode = Require
1690
1691[51-TLS 1.3 Ed448 Client Auth-client]
1692CipherString = DEFAULT
1693EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
1694EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
1695MaxProtocol = TLSv1.3
1696MinProtocol = TLSv1.3
1697VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1698VerifyMode = Peer
1699
1700[test-51]
1701ExpectedClientCertType = Ed448
1702ExpectedClientSignType = Ed448
1703ExpectedResult = Success
1704
1705
1706# ===========================================================
1707
1708[52-TLS 1.3 ECDSA with brainpool]
1709ssl_conf = 52-TLS 1.3 ECDSA with brainpool-ssl
1710
1711[52-TLS 1.3 ECDSA with brainpool-ssl]
1712server = 52-TLS 1.3 ECDSA with brainpool-server
1713client = 52-TLS 1.3 ECDSA with brainpool-client
1714
1715[52-TLS 1.3 ECDSA with brainpool-server]
1716Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
1717CipherString = DEFAULT
1718Groups = brainpoolP256r1
1719PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
1720
1721[52-TLS 1.3 ECDSA with brainpool-client]
1722CipherString = DEFAULT
1723Groups = brainpoolP256r1
1724MaxProtocol = TLSv1.3
1725MinProtocol = TLSv1.3
1726RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1727VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1728VerifyMode = Peer
1729
1730[test-52]
1731ExpectedResult = ServerFail
1732
1733
1734# ===========================================================
1735
1736[53-TLS 1.2 DSA Certificate Test]
1737ssl_conf = 53-TLS 1.2 DSA Certificate Test-ssl
1738
1739[53-TLS 1.2 DSA Certificate Test-ssl]
1740server = 53-TLS 1.2 DSA Certificate Test-server
1741client = 53-TLS 1.2 DSA Certificate Test-client
1742
1743[53-TLS 1.2 DSA Certificate Test-server]
1744Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1745CipherString = ALL
1746DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
1747DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
1748DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
1749MaxProtocol = TLSv1.2
1750MinProtocol = TLSv1.2
1751PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1752
1753[53-TLS 1.2 DSA Certificate Test-client]
1754CipherString = ALL
1755SignatureAlgorithms = DSA+SHA256:DSA+SHA1
1756VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1757VerifyMode = Peer
1758
1759[test-53]
1760ExpectedResult = Success
1761
1762
1763# ===========================================================
1764
1765[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms]
1766ssl_conf = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl
1767
1768[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl]
1769server = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server
1770client = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client
1771
1772[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server]
1773Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1774CipherString = DEFAULT
1775ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256
1776PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1777VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1778VerifyMode = Request
1779
1780[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client]
1781CipherString = DEFAULT
1782VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1783VerifyMode = Peer
1784
1785[test-54]
1786ExpectedResult = ServerFail
1787
1788
1789# ===========================================================
1790
1791[55-TLS 1.3 DSA Certificate Test]
1792ssl_conf = 55-TLS 1.3 DSA Certificate Test-ssl
1793
1794[55-TLS 1.3 DSA Certificate Test-ssl]
1795server = 55-TLS 1.3 DSA Certificate Test-server
1796client = 55-TLS 1.3 DSA Certificate Test-client
1797
1798[55-TLS 1.3 DSA Certificate Test-server]
1799Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1800CipherString = ALL
1801DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
1802DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
1803MaxProtocol = TLSv1.3
1804MinProtocol = TLSv1.3
1805PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1806
1807[55-TLS 1.3 DSA Certificate Test-client]
1808CipherString = ALL
1809SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256
1810VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1811VerifyMode = Peer
1812
1813[test-55]
1814ExpectedResult = ServerFail
1815
1816
1817