xref: /freebsd/crypto/openssl/test/ssl-tests/17-renegotiate.cnf (revision 59c8e88e72633afbc47a4ace0d2170d00d51f7dc)
1# Generated with generate_ssl_tests.pl
2
3num_tests = 18
4
5test-0 = 0-renegotiate-client-no-resume
6test-1 = 1-renegotiate-client-resume
7test-2 = 2-renegotiate-server-no-resume
8test-3 = 3-renegotiate-server-resume
9test-4 = 4-renegotiate-client-auth-require
10test-5 = 5-renegotiate-client-auth-once
11test-6 = 6-renegotiate-client-legacy-connect
12test-7 = 7-renegotiate-aead-to-non-aead
13test-8 = 8-renegotiate-non-aead-to-aead
14test-9 = 9-renegotiate-non-aead-to-non-aead
15test-10 = 10-renegotiate-aead-to-aead
16test-11 = 11-no-renegotiation-server-by-client
17test-12 = 12-no-renegotiation-server-by-server
18test-13 = 13-no-renegotiation-client-by-server
19test-14 = 14-no-renegotiation-client-by-client
20test-15 = 15-no-extms-on-renegotiation
21test-16 = 16-allow-client-renegotiation
22test-17 = 17-no-client-renegotiation
23# ===========================================================
24
25[0-renegotiate-client-no-resume]
26ssl_conf = 0-renegotiate-client-no-resume-ssl
27
28[0-renegotiate-client-no-resume-ssl]
29server = 0-renegotiate-client-no-resume-server
30client = 0-renegotiate-client-no-resume-client
31
32[0-renegotiate-client-no-resume-server]
33Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
34CipherString = DEFAULT
35MaxProtocol = TLSv1.2
36Options = NoResumptionOnRenegotiation
37PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
38
39[0-renegotiate-client-no-resume-client]
40CipherString = DEFAULT
41VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
42VerifyMode = Peer
43
44[test-0]
45ExpectedResult = Success
46HandshakeMode = RenegotiateClient
47Method = TLS
48ResumptionExpected = No
49
50
51# ===========================================================
52
53[1-renegotiate-client-resume]
54ssl_conf = 1-renegotiate-client-resume-ssl
55
56[1-renegotiate-client-resume-ssl]
57server = 1-renegotiate-client-resume-server
58client = 1-renegotiate-client-resume-client
59
60[1-renegotiate-client-resume-server]
61Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
62CipherString = DEFAULT
63MaxProtocol = TLSv1.2
64PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
65
66[1-renegotiate-client-resume-client]
67CipherString = DEFAULT
68VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
69VerifyMode = Peer
70
71[test-1]
72ExpectedResult = Success
73HandshakeMode = RenegotiateClient
74Method = TLS
75ResumptionExpected = Yes
76
77
78# ===========================================================
79
80[2-renegotiate-server-no-resume]
81ssl_conf = 2-renegotiate-server-no-resume-ssl
82
83[2-renegotiate-server-no-resume-ssl]
84server = 2-renegotiate-server-no-resume-server
85client = 2-renegotiate-server-no-resume-client
86
87[2-renegotiate-server-no-resume-server]
88Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
89CipherString = DEFAULT
90MaxProtocol = TLSv1.2
91Options = NoResumptionOnRenegotiation
92PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
93
94[2-renegotiate-server-no-resume-client]
95CipherString = DEFAULT
96VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
97VerifyMode = Peer
98
99[test-2]
100ExpectedResult = Success
101HandshakeMode = RenegotiateServer
102Method = TLS
103ResumptionExpected = No
104
105
106# ===========================================================
107
108[3-renegotiate-server-resume]
109ssl_conf = 3-renegotiate-server-resume-ssl
110
111[3-renegotiate-server-resume-ssl]
112server = 3-renegotiate-server-resume-server
113client = 3-renegotiate-server-resume-client
114
115[3-renegotiate-server-resume-server]
116Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
117CipherString = DEFAULT
118MaxProtocol = TLSv1.2
119PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
120
121[3-renegotiate-server-resume-client]
122CipherString = DEFAULT
123VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
124VerifyMode = Peer
125
126[test-3]
127ExpectedResult = Success
128HandshakeMode = RenegotiateServer
129Method = TLS
130ResumptionExpected = Yes
131
132
133# ===========================================================
134
135[4-renegotiate-client-auth-require]
136ssl_conf = 4-renegotiate-client-auth-require-ssl
137
138[4-renegotiate-client-auth-require-ssl]
139server = 4-renegotiate-client-auth-require-server
140client = 4-renegotiate-client-auth-require-client
141
142[4-renegotiate-client-auth-require-server]
143Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
144CipherString = DEFAULT
145MaxProtocol = TLSv1.2
146Options = NoResumptionOnRenegotiation
147PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
148VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
149VerifyMode = Require
150
151[4-renegotiate-client-auth-require-client]
152Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
153CipherString = DEFAULT
154PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
155VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
156VerifyMode = Peer
157
158[test-4]
159ExpectedResult = Success
160HandshakeMode = RenegotiateServer
161Method = TLS
162ResumptionExpected = No
163
164
165# ===========================================================
166
167[5-renegotiate-client-auth-once]
168ssl_conf = 5-renegotiate-client-auth-once-ssl
169
170[5-renegotiate-client-auth-once-ssl]
171server = 5-renegotiate-client-auth-once-server
172client = 5-renegotiate-client-auth-once-client
173
174[5-renegotiate-client-auth-once-server]
175Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
176CipherString = DEFAULT
177MaxProtocol = TLSv1.2
178Options = NoResumptionOnRenegotiation
179PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
180VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
181VerifyMode = Once
182
183[5-renegotiate-client-auth-once-client]
184Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
185CipherString = DEFAULT
186PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
187VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
188VerifyMode = Peer
189
190[test-5]
191ExpectedResult = Success
192HandshakeMode = RenegotiateServer
193Method = TLS
194ResumptionExpected = No
195
196
197# ===========================================================
198
199[6-renegotiate-client-legacy-connect]
200ssl_conf = 6-renegotiate-client-legacy-connect-ssl
201
202[6-renegotiate-client-legacy-connect-ssl]
203server = 6-renegotiate-client-legacy-connect-server
204client = 6-renegotiate-client-legacy-connect-client
205
206[6-renegotiate-client-legacy-connect-server]
207Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
208CipherString = DEFAULT
209MaxProtocol = TLSv1.2
210PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
211
212[6-renegotiate-client-legacy-connect-client]
213CipherString = DEFAULT
214Options = UnsafeLegacyServerConnect
215VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
216VerifyMode = Peer
217
218[test-6]
219ExpectedResult = Success
220HandshakeMode = RenegotiateClient
221Method = TLS
222ResumptionExpected = Yes
223
224
225# ===========================================================
226
227[7-renegotiate-aead-to-non-aead]
228ssl_conf = 7-renegotiate-aead-to-non-aead-ssl
229
230[7-renegotiate-aead-to-non-aead-ssl]
231server = 7-renegotiate-aead-to-non-aead-server
232client = 7-renegotiate-aead-to-non-aead-client
233
234[7-renegotiate-aead-to-non-aead-server]
235Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
236CipherString = DEFAULT
237Options = NoResumptionOnRenegotiation
238PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
239
240[7-renegotiate-aead-to-non-aead-client]
241CipherString = AES128-GCM-SHA256
242MaxProtocol = TLSv1.2
243VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
244VerifyMode = Peer
245
246[test-7]
247ExpectedResult = Success
248HandshakeMode = RenegotiateClient
249Method = TLS
250ResumptionExpected = No
251client = 7-renegotiate-aead-to-non-aead-client-extra
252
253[7-renegotiate-aead-to-non-aead-client-extra]
254RenegotiateCiphers = AES128-SHA
255
256
257# ===========================================================
258
259[8-renegotiate-non-aead-to-aead]
260ssl_conf = 8-renegotiate-non-aead-to-aead-ssl
261
262[8-renegotiate-non-aead-to-aead-ssl]
263server = 8-renegotiate-non-aead-to-aead-server
264client = 8-renegotiate-non-aead-to-aead-client
265
266[8-renegotiate-non-aead-to-aead-server]
267Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
268CipherString = DEFAULT
269Options = NoResumptionOnRenegotiation
270PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
271
272[8-renegotiate-non-aead-to-aead-client]
273CipherString = AES128-SHA
274MaxProtocol = TLSv1.2
275VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
276VerifyMode = Peer
277
278[test-8]
279ExpectedResult = Success
280HandshakeMode = RenegotiateClient
281Method = TLS
282ResumptionExpected = No
283client = 8-renegotiate-non-aead-to-aead-client-extra
284
285[8-renegotiate-non-aead-to-aead-client-extra]
286RenegotiateCiphers = AES128-GCM-SHA256
287
288
289# ===========================================================
290
291[9-renegotiate-non-aead-to-non-aead]
292ssl_conf = 9-renegotiate-non-aead-to-non-aead-ssl
293
294[9-renegotiate-non-aead-to-non-aead-ssl]
295server = 9-renegotiate-non-aead-to-non-aead-server
296client = 9-renegotiate-non-aead-to-non-aead-client
297
298[9-renegotiate-non-aead-to-non-aead-server]
299Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
300CipherString = DEFAULT
301Options = NoResumptionOnRenegotiation
302PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
303
304[9-renegotiate-non-aead-to-non-aead-client]
305CipherString = AES128-SHA
306MaxProtocol = TLSv1.2
307VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
308VerifyMode = Peer
309
310[test-9]
311ExpectedResult = Success
312HandshakeMode = RenegotiateClient
313Method = TLS
314ResumptionExpected = No
315client = 9-renegotiate-non-aead-to-non-aead-client-extra
316
317[9-renegotiate-non-aead-to-non-aead-client-extra]
318RenegotiateCiphers = AES256-SHA
319
320
321# ===========================================================
322
323[10-renegotiate-aead-to-aead]
324ssl_conf = 10-renegotiate-aead-to-aead-ssl
325
326[10-renegotiate-aead-to-aead-ssl]
327server = 10-renegotiate-aead-to-aead-server
328client = 10-renegotiate-aead-to-aead-client
329
330[10-renegotiate-aead-to-aead-server]
331Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
332CipherString = DEFAULT
333Options = NoResumptionOnRenegotiation
334PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
335
336[10-renegotiate-aead-to-aead-client]
337CipherString = AES128-GCM-SHA256
338MaxProtocol = TLSv1.2
339VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
340VerifyMode = Peer
341
342[test-10]
343ExpectedResult = Success
344HandshakeMode = RenegotiateClient
345Method = TLS
346ResumptionExpected = No
347client = 10-renegotiate-aead-to-aead-client-extra
348
349[10-renegotiate-aead-to-aead-client-extra]
350RenegotiateCiphers = AES256-GCM-SHA384
351
352
353# ===========================================================
354
355[11-no-renegotiation-server-by-client]
356ssl_conf = 11-no-renegotiation-server-by-client-ssl
357
358[11-no-renegotiation-server-by-client-ssl]
359server = 11-no-renegotiation-server-by-client-server
360client = 11-no-renegotiation-server-by-client-client
361
362[11-no-renegotiation-server-by-client-server]
363Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
364CipherString = DEFAULT
365MaxProtocol = TLSv1.2
366Options = NoRenegotiation
367PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
368
369[11-no-renegotiation-server-by-client-client]
370CipherString = DEFAULT
371VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
372VerifyMode = Peer
373
374[test-11]
375ExpectedResult = ClientFail
376HandshakeMode = RenegotiateClient
377Method = TLS
378ResumptionExpected = No
379
380
381# ===========================================================
382
383[12-no-renegotiation-server-by-server]
384ssl_conf = 12-no-renegotiation-server-by-server-ssl
385
386[12-no-renegotiation-server-by-server-ssl]
387server = 12-no-renegotiation-server-by-server-server
388client = 12-no-renegotiation-server-by-server-client
389
390[12-no-renegotiation-server-by-server-server]
391Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
392CipherString = DEFAULT
393MaxProtocol = TLSv1.2
394Options = NoRenegotiation
395PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
396
397[12-no-renegotiation-server-by-server-client]
398CipherString = DEFAULT
399VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
400VerifyMode = Peer
401
402[test-12]
403ExpectedResult = ServerFail
404HandshakeMode = RenegotiateServer
405Method = TLS
406ResumptionExpected = No
407
408
409# ===========================================================
410
411[13-no-renegotiation-client-by-server]
412ssl_conf = 13-no-renegotiation-client-by-server-ssl
413
414[13-no-renegotiation-client-by-server-ssl]
415server = 13-no-renegotiation-client-by-server-server
416client = 13-no-renegotiation-client-by-server-client
417
418[13-no-renegotiation-client-by-server-server]
419Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
420CipherString = DEFAULT
421MaxProtocol = TLSv1.2
422PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
423
424[13-no-renegotiation-client-by-server-client]
425CipherString = DEFAULT
426Options = NoRenegotiation
427VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
428VerifyMode = Peer
429
430[test-13]
431ExpectedResult = ServerFail
432HandshakeMode = RenegotiateServer
433Method = TLS
434ResumptionExpected = No
435
436
437# ===========================================================
438
439[14-no-renegotiation-client-by-client]
440ssl_conf = 14-no-renegotiation-client-by-client-ssl
441
442[14-no-renegotiation-client-by-client-ssl]
443server = 14-no-renegotiation-client-by-client-server
444client = 14-no-renegotiation-client-by-client-client
445
446[14-no-renegotiation-client-by-client-server]
447Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
448CipherString = DEFAULT
449MaxProtocol = TLSv1.2
450PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
451
452[14-no-renegotiation-client-by-client-client]
453CipherString = DEFAULT
454Options = NoRenegotiation
455VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
456VerifyMode = Peer
457
458[test-14]
459ExpectedResult = ClientFail
460HandshakeMode = RenegotiateClient
461Method = TLS
462ResumptionExpected = No
463
464
465# ===========================================================
466
467[15-no-extms-on-renegotiation]
468ssl_conf = 15-no-extms-on-renegotiation-ssl
469
470[15-no-extms-on-renegotiation-ssl]
471server = 15-no-extms-on-renegotiation-server
472client = 15-no-extms-on-renegotiation-client
473
474[15-no-extms-on-renegotiation-server]
475Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
476CipherString = DEFAULT
477MaxProtocol = TLSv1.2
478PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
479
480[15-no-extms-on-renegotiation-client]
481CipherString = DEFAULT
482MaxProtocol = TLSv1.2
483VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
484VerifyMode = Peer
485
486[test-15]
487ExpectedResult = ServerFail
488HandshakeMode = RenegotiateClient
489Method = TLS
490ResumptionExpected = No
491client = 15-no-extms-on-renegotiation-client-extra
492
493[15-no-extms-on-renegotiation-client-extra]
494RenegotiateNoExtms = Yes
495
496
497# ===========================================================
498
499[16-allow-client-renegotiation]
500ssl_conf = 16-allow-client-renegotiation-ssl
501
502[16-allow-client-renegotiation-ssl]
503server = 16-allow-client-renegotiation-server
504client = 16-allow-client-renegotiation-client
505
506[16-allow-client-renegotiation-server]
507Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
508CipherString = DEFAULT
509MaxProtocol = TLSv1.2
510PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
511
512[16-allow-client-renegotiation-client]
513CipherString = DEFAULT
514MaxProtocol = TLSv1.2
515VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
516VerifyMode = Peer
517
518[test-16]
519ExpectedResult = Success
520HandshakeMode = RenegotiateClient
521Method = TLS
522ResumptionExpected = Yes
523
524
525# ===========================================================
526
527[17-no-client-renegotiation]
528ssl_conf = 17-no-client-renegotiation-ssl
529
530[17-no-client-renegotiation-ssl]
531server = 17-no-client-renegotiation-server
532client = 17-no-client-renegotiation-client
533
534[17-no-client-renegotiation-server]
535Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
536CipherString = DEFAULT
537MaxProtocol = TLSv1.2
538Options = -ClientRenegotiation
539PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
540
541[17-no-client-renegotiation-client]
542CipherString = DEFAULT
543MaxProtocol = TLSv1.2
544VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
545VerifyMode = Peer
546
547[test-17]
548ExpectedResult = ClientFail
549ExpectedServerAlert = NoRenegotiation
550HandshakeMode = RenegotiateClient
551Method = TLS
552ResumptionExpected = No
553
554
555