1# -*- mode: perl; -*- 2# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10## Test Renegotiation 11 12use strict; 13use warnings; 14 15package ssltests; 16use OpenSSL::Test::Utils; 17 18our @tests = ( 19 { 20 name => "renegotiate-client-no-resume", 21 server => { 22 "Options" => "NoResumptionOnRenegotiation", 23 "MaxProtocol" => "TLSv1.2" 24 }, 25 client => {}, 26 test => { 27 "Method" => "TLS", 28 "HandshakeMode" => "RenegotiateClient", 29 "ResumptionExpected" => "No", 30 "ExpectedResult" => "Success" 31 } 32 }, 33 { 34 name => "renegotiate-client-resume", 35 server => { 36 "MaxProtocol" => "TLSv1.2" 37 }, 38 client => {}, 39 test => { 40 "Method" => "TLS", 41 "HandshakeMode" => "RenegotiateClient", 42 "ResumptionExpected" => "Yes", 43 "ExpectedResult" => "Success" 44 } 45 }, 46 { 47 name => "renegotiate-server-no-resume", 48 server => { 49 "Options" => "NoResumptionOnRenegotiation", 50 "MaxProtocol" => "TLSv1.2" 51 }, 52 client => {}, 53 test => { 54 "Method" => "TLS", 55 "HandshakeMode" => "RenegotiateServer", 56 "ResumptionExpected" => "No", 57 "ExpectedResult" => "Success" 58 } 59 }, 60 { 61 name => "renegotiate-server-resume", 62 server => { 63 "MaxProtocol" => "TLSv1.2" 64 }, 65 client => {}, 66 test => { 67 "Method" => "TLS", 68 "HandshakeMode" => "RenegotiateServer", 69 "ResumptionExpected" => "Yes", 70 "ExpectedResult" => "Success" 71 } 72 }, 73 { 74 name => "renegotiate-client-auth-require", 75 server => { 76 "Options" => "NoResumptionOnRenegotiation", 77 "MaxProtocol" => "TLSv1.2", 78 "VerifyCAFile" => test_pem("root-cert.pem"), 79 "VerifyMode" => "Require", 80 }, 81 client => { 82 "Certificate" => test_pem("ee-client-chain.pem"), 83 "PrivateKey" => test_pem("ee-key.pem"), 84 }, 85 test => { 86 "Method" => "TLS", 87 "HandshakeMode" => "RenegotiateServer", 88 "ResumptionExpected" => "No", 89 "ExpectedResult" => "Success" 90 } 91 }, 92 { 93 name => "renegotiate-client-auth-once", 94 server => { 95 "Options" => "NoResumptionOnRenegotiation", 96 "MaxProtocol" => "TLSv1.2", 97 "VerifyCAFile" => test_pem("root-cert.pem"), 98 "VerifyMode" => "Once", 99 }, 100 client => { 101 "Certificate" => test_pem("ee-client-chain.pem"), 102 "PrivateKey" => test_pem("ee-key.pem"), 103 }, 104 test => { 105 "Method" => "TLS", 106 "HandshakeMode" => "RenegotiateServer", 107 "ResumptionExpected" => "No", 108 "ExpectedResult" => "Success" 109 } 110 }, 111 { 112# Just test that UnsafeLegacyServerConnect option 113# exists, it won't have any real effect here 114 name => "renegotiate-client-legacy-connect", 115 server => { 116 "MaxProtocol" => "TLSv1.2" 117 }, 118 client => { 119 "Options" => "UnsafeLegacyServerConnect", 120 }, 121 test => { 122 "Method" => "TLS", 123 "HandshakeMode" => "RenegotiateClient", 124 "ResumptionExpected" => "Yes", 125 "ExpectedResult" => "Success" 126 } 127 }, 128); 129our @tests_tls1_2 = ( 130 { 131 name => "renegotiate-aead-to-non-aead", 132 server => { 133 "Options" => "NoResumptionOnRenegotiation", 134 }, 135 client => { 136 "CipherString" => "AES128-GCM-SHA256", 137 "MaxProtocol" => "TLSv1.2", 138 extra => { 139 "RenegotiateCiphers" => "AES128-SHA" 140 } 141 }, 142 test => { 143 "Method" => "TLS", 144 "HandshakeMode" => "RenegotiateClient", 145 "ResumptionExpected" => "No", 146 "ExpectedResult" => "Success" 147 } 148 }, 149 { 150 name => "renegotiate-non-aead-to-aead", 151 server => { 152 "Options" => "NoResumptionOnRenegotiation", 153 }, 154 client => { 155 "CipherString" => "AES128-SHA", 156 "MaxProtocol" => "TLSv1.2", 157 extra => { 158 "RenegotiateCiphers" => "AES128-GCM-SHA256" 159 } 160 }, 161 test => { 162 "Method" => "TLS", 163 "HandshakeMode" => "RenegotiateClient", 164 "ResumptionExpected" => "No", 165 "ExpectedResult" => "Success" 166 } 167 }, 168 { 169 name => "renegotiate-non-aead-to-non-aead", 170 server => { 171 "Options" => "NoResumptionOnRenegotiation", 172 }, 173 client => { 174 "CipherString" => "AES128-SHA", 175 "MaxProtocol" => "TLSv1.2", 176 extra => { 177 "RenegotiateCiphers" => "AES256-SHA" 178 } 179 }, 180 test => { 181 "Method" => "TLS", 182 "HandshakeMode" => "RenegotiateClient", 183 "ResumptionExpected" => "No", 184 "ExpectedResult" => "Success" 185 } 186 }, 187 { 188 name => "renegotiate-aead-to-aead", 189 server => { 190 "Options" => "NoResumptionOnRenegotiation", 191 }, 192 client => { 193 "CipherString" => "AES128-GCM-SHA256", 194 "MaxProtocol" => "TLSv1.2", 195 extra => { 196 "RenegotiateCiphers" => "AES256-GCM-SHA384" 197 } 198 }, 199 test => { 200 "Method" => "TLS", 201 "HandshakeMode" => "RenegotiateClient", 202 "ResumptionExpected" => "No", 203 "ExpectedResult" => "Success" 204 } 205 }, 206 { 207 name => "no-renegotiation-server-by-client", 208 server => { 209 "Options" => "NoRenegotiation", 210 "MaxProtocol" => "TLSv1.2" 211 }, 212 client => { }, 213 test => { 214 "Method" => "TLS", 215 "HandshakeMode" => "RenegotiateClient", 216 "ResumptionExpected" => "No", 217 "ExpectedResult" => "ClientFail" 218 } 219 }, 220 { 221 name => "no-renegotiation-server-by-server", 222 server => { 223 "Options" => "NoRenegotiation", 224 "MaxProtocol" => "TLSv1.2" 225 }, 226 client => { }, 227 test => { 228 "Method" => "TLS", 229 "HandshakeMode" => "RenegotiateServer", 230 "ResumptionExpected" => "No", 231 "ExpectedResult" => "ServerFail" 232 } 233 }, 234 { 235 name => "no-renegotiation-client-by-server", 236 server => { 237 "MaxProtocol" => "TLSv1.2" 238 }, 239 client => { 240 "Options" => "NoRenegotiation", 241 }, 242 test => { 243 "Method" => "TLS", 244 "HandshakeMode" => "RenegotiateServer", 245 "ResumptionExpected" => "No", 246 "ExpectedResult" => "ServerFail" 247 } 248 }, 249 { 250 name => "no-renegotiation-client-by-client", 251 server => { 252 "MaxProtocol" => "TLSv1.2" 253 }, 254 client => { 255 "Options" => "NoRenegotiation", 256 }, 257 test => { 258 "Method" => "TLS", 259 "HandshakeMode" => "RenegotiateClient", 260 "ResumptionExpected" => "No", 261 "ExpectedResult" => "ClientFail" 262 } 263 }, 264 { 265 name => "no-extms-on-renegotiation", 266 server => { 267 "MaxProtocol" => "TLSv1.2" 268 }, 269 client => { 270 "MaxProtocol" => "TLSv1.2", 271 extra => { 272 "RenegotiateNoExtms" => "Yes" 273 } 274 }, 275 test => { 276 "Method" => "TLS", 277 "HandshakeMode" => "RenegotiateClient", 278 "ResumptionExpected" => "No", 279 "ExpectedResult" => "ServerFail" 280 } 281 }, 282 { 283 name => "allow-client-renegotiation", 284 server => { 285 "MaxProtocol" => "TLSv1.2", 286 }, 287 client => { 288 "MaxProtocol" => "TLSv1.2" 289 }, 290 test => { 291 "Method" => "TLS", 292 "HandshakeMode" => "RenegotiateClient", 293 "ResumptionExpected" => "Yes", 294 "ExpectedResult" => "Success" 295 } 296 }, 297 { 298 name => "no-client-renegotiation", 299 server => { 300 "MaxProtocol" => "TLSv1.2", 301 "Options" => "-ClientRenegotiation" 302 }, 303 client => { 304 "MaxProtocol" => "TLSv1.2", 305 }, 306 test => { 307 "Method" => "TLS", 308 "HandshakeMode" => "RenegotiateClient", 309 "ResumptionExpected" => "No", 310 "ExpectedResult" => "ClientFail", 311 "ExpectedServerAlert" => "NoRenegotiation" 312 } 313 } 314); 315 316push @tests, @tests_tls1_2 unless disabled("tls1_2"); 317