1# -*- mode: perl; -*- 2# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10## SSL test configurations 11 12package ssltests; 13 14use OpenSSL::Test::Utils; 15 16our $fips_mode; 17our $fips_3_4; 18 19# Nothing to test with newer fips providers 20return if $fips_3_4; 21 22our @tests = ( 23 { 24 name => "disable-encrypt-then-mac-server-sha", 25 server => { 26 "Options" => "-EncryptThenMac", 27 }, 28 client => { 29 "CipherString" => "AES128-SHA", 30 "MaxProtocol" => "TLSv1.2" 31 }, 32 test => { 33 "ExpectedResult" => "Success", 34 }, 35 }, 36 { 37 name => "disable-encrypt-then-mac-client-sha", 38 server => { 39 }, 40 client => { 41 "CipherString" => "AES128-SHA", 42 "Options" => "-EncryptThenMac", 43 "MaxProtocol" => "TLSv1.2" 44 }, 45 test => { 46 "ExpectedResult" => "Success", 47 }, 48 }, 49 { 50 name => "disable-encrypt-then-mac-both-sha", 51 server => { 52 "Options" => "-EncryptThenMac", 53 }, 54 client => { 55 "CipherString" => "AES128-SHA", 56 "Options" => "-EncryptThenMac", 57 "MaxProtocol" => "TLSv1.2" 58 }, 59 test => { 60 "ExpectedResult" => "Success", 61 }, 62 }, 63); 64 65my @tests_tls1_2 = ( 66 { 67 name => "disable-encrypt-then-mac-server-sha2", 68 server => { 69 "Options" => "-EncryptThenMac", 70 }, 71 client => { 72 "CipherString" => "AES128-SHA256", 73 "MaxProtocol" => "TLSv1.2" 74 }, 75 test => { 76 "ExpectedResult" => "Success", 77 }, 78 }, 79 { 80 name => "disable-encrypt-then-mac-client-sha2", 81 server => { 82 }, 83 client => { 84 "CipherString" => "AES128-SHA256", 85 "Options" => "-EncryptThenMac", 86 "MaxProtocol" => "TLSv1.2" 87 }, 88 test => { 89 "ExpectedResult" => "Success", 90 }, 91 }, 92 { 93 name => "disable-encrypt-then-mac-both-sha2", 94 server => { 95 "Options" => "-EncryptThenMac", 96 }, 97 client => { 98 "CipherString" => "AES128-SHA256", 99 "Options" => "-EncryptThenMac", 100 "MaxProtocol" => "TLSv1.2" 101 }, 102 test => { 103 "ExpectedResult" => "Success", 104 }, 105 }, 106); 107 108our @tests_tls1 = ( 109 { 110 name => "disable-encrypt-then-mac-server-sha-tls1", 111 server => { 112 "CipherString" => 'DEFAULT:@SECLEVEL=0', 113 "Options" => "-EncryptThenMac", 114 }, 115 client => { 116 "CipherString" => 'AES128-SHA@SECLEVEL=0', 117 "MinProtocol" => "TLSv1", 118 "MaxProtocol" => "TLSv1" 119 }, 120 test => { 121 "ExpectedResult" => "Success", 122 }, 123 }, 124 { 125 name => "disable-encrypt-then-mac-client-sha-tls1", 126 server => { 127 "CipherString" => 'DEFAULT:@SECLEVEL=0', 128 }, 129 client => { 130 "CipherString" => 'AES128-SHA@SECLEVEL=0', 131 "Options" => "-EncryptThenMac", 132 "MinProtocol" => "TLSv1", 133 "MaxProtocol" => "TLSv1" 134 }, 135 test => { 136 "ExpectedResult" => "Success", 137 }, 138 }, 139 { 140 name => "disable-encrypt-then-mac-both-sha-tls1", 141 server => { 142 "CipherString" => 'DEFAULT:@SECLEVEL=0', 143 "Options" => "-EncryptThenMac", 144 }, 145 client => { 146 "CipherString" => 'AES128-SHA@SECLEVEL=0', 147 "Options" => "-EncryptThenMac", 148 "MinProtocol" => "TLSv1", 149 "MaxProtocol" => "TLSv1" 150 }, 151 test => { 152 "ExpectedResult" => "Success", 153 }, 154 }, 155); 156 157 158push @tests, @tests_tls1_2 unless disabled("tls1_2"); 159push @tests, @tests_tls1 unless disabled("tls1") || $fips_mode; 160