1# -*- mode: perl; -*- 2# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10## SSL test configurations 11 12package ssltests; 13 14use OpenSSL::Test::Utils; 15 16our $fips_mode; 17 18our @tests = ( 19 { 20 name => "disable-encrypt-then-mac-server-sha", 21 server => { 22 "Options" => "-EncryptThenMac", 23 }, 24 client => { 25 "CipherString" => "AES128-SHA", 26 "MaxProtocol" => "TLSv1.2" 27 }, 28 test => { 29 "ExpectedResult" => "Success", 30 }, 31 }, 32 { 33 name => "disable-encrypt-then-mac-client-sha", 34 server => { 35 }, 36 client => { 37 "CipherString" => "AES128-SHA", 38 "Options" => "-EncryptThenMac", 39 "MaxProtocol" => "TLSv1.2" 40 }, 41 test => { 42 "ExpectedResult" => "Success", 43 }, 44 }, 45 { 46 name => "disable-encrypt-then-mac-both-sha", 47 server => { 48 "Options" => "-EncryptThenMac", 49 }, 50 client => { 51 "CipherString" => "AES128-SHA", 52 "Options" => "-EncryptThenMac", 53 "MaxProtocol" => "TLSv1.2" 54 }, 55 test => { 56 "ExpectedResult" => "Success", 57 }, 58 }, 59); 60 61my @tests_tls1_2 = ( 62 { 63 name => "disable-encrypt-then-mac-server-sha2", 64 server => { 65 "Options" => "-EncryptThenMac", 66 }, 67 client => { 68 "CipherString" => "AES128-SHA256", 69 "MaxProtocol" => "TLSv1.2" 70 }, 71 test => { 72 "ExpectedResult" => "Success", 73 }, 74 }, 75 { 76 name => "disable-encrypt-then-mac-client-sha2", 77 server => { 78 }, 79 client => { 80 "CipherString" => "AES128-SHA256", 81 "Options" => "-EncryptThenMac", 82 "MaxProtocol" => "TLSv1.2" 83 }, 84 test => { 85 "ExpectedResult" => "Success", 86 }, 87 }, 88 { 89 name => "disable-encrypt-then-mac-both-sha2", 90 server => { 91 "Options" => "-EncryptThenMac", 92 }, 93 client => { 94 "CipherString" => "AES128-SHA256", 95 "Options" => "-EncryptThenMac", 96 "MaxProtocol" => "TLSv1.2" 97 }, 98 test => { 99 "ExpectedResult" => "Success", 100 }, 101 }, 102); 103 104our @tests_tls1 = ( 105 { 106 name => "disable-encrypt-then-mac-server-sha-tls1", 107 server => { 108 "CipherString" => 'DEFAULT:@SECLEVEL=0', 109 "Options" => "-EncryptThenMac", 110 }, 111 client => { 112 "CipherString" => 'AES128-SHA@SECLEVEL=0', 113 "MinProtocol" => "TLSv1", 114 "MaxProtocol" => "TLSv1" 115 }, 116 test => { 117 "ExpectedResult" => "Success", 118 }, 119 }, 120 { 121 name => "disable-encrypt-then-mac-client-sha-tls1", 122 server => { 123 "CipherString" => 'DEFAULT:@SECLEVEL=0', 124 }, 125 client => { 126 "CipherString" => 'AES128-SHA@SECLEVEL=0', 127 "Options" => "-EncryptThenMac", 128 "MinProtocol" => "TLSv1", 129 "MaxProtocol" => "TLSv1" 130 }, 131 test => { 132 "ExpectedResult" => "Success", 133 }, 134 }, 135 { 136 name => "disable-encrypt-then-mac-both-sha-tls1", 137 server => { 138 "CipherString" => 'DEFAULT:@SECLEVEL=0', 139 "Options" => "-EncryptThenMac", 140 }, 141 client => { 142 "CipherString" => 'AES128-SHA@SECLEVEL=0', 143 "Options" => "-EncryptThenMac", 144 "MinProtocol" => "TLSv1", 145 "MaxProtocol" => "TLSv1" 146 }, 147 test => { 148 "ExpectedResult" => "Success", 149 }, 150 }, 151); 152 153 154push @tests, @tests_tls1_2 unless disabled("tls1_2"); 155push @tests, @tests_tls1 unless disabled("tls1") || $fips_mode; 156