xref: /freebsd/crypto/openssl/test/ssl-tests/20-cert-select.cnf (revision 6580f5c38dd5b01aeeaed16b370f1a12423437f0)
1# Generated with generate_ssl_tests.pl
2
3num_tests = 57
4
5test-0 = 0-ECDSA CipherString Selection
6test-1 = 1-ECDSA CipherString Selection
7test-2 = 2-ECDSA CipherString Selection
8test-3 = 3-RSA CipherString Selection
9test-4 = 4-P-256 CipherString and Signature Algorithm Selection
10test-5 = 5-ECDSA CipherString Selection, no ECDSA certificate
11test-6 = 6-ECDSA Signature Algorithm Selection
12test-7 = 7-ECDSA Signature Algorithm Selection SHA384
13test-8 = 8-ECDSA Signature Algorithm Selection compressed point
14test-9 = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate
15test-10 = 10-RSA Signature Algorithm Selection
16test-11 = 11-RSA-PSS Signature Algorithm Selection
17test-12 = 12-RSA key exchange with all RSA certificate types
18test-13 = 13-Suite B P-256 Hash Algorithm Selection
19test-14 = 14-Suite B P-384 Hash Algorithm Selection
20test-15 = 15-Ed25519 CipherString and Signature Algorithm Selection
21test-16 = 16-Ed448 CipherString and Signature Algorithm Selection
22test-17 = 17-Ed25519 CipherString and Curves Selection
23test-18 = 18-Ed448 CipherString and Curves Selection
24test-19 = 19-TLS 1.2 Ed25519 Client Auth
25test-20 = 20-TLS 1.2 Ed448 Client Auth
26test-21 = 21-ECDSA Signature Algorithm Selection SHA1
27test-22 = 22-ECDSA with brainpool
28test-23 = 23-RSA-PSS Certificate CipherString Selection
29test-24 = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection
30test-25 = 25-RSA-PSS Certificate Unified Signature Algorithm Selection
31test-26 = 26-Only RSA-PSS Certificate
32test-27 = 27-Only RSA-PSS Certificate Valid Signature Algorithms
33test-28 = 28-RSA-PSS Certificate, no PSS signature algorithms
34test-29 = 29-Only RSA-PSS Restricted Certificate
35test-30 = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms
36test-31 = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm
37test-32 = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms
38test-33 = 33-RSA key exchange with only RSA-PSS certificate
39test-34 = 34-Only RSA-PSS Certificate, TLS v1.1
40test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection
41test-36 = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
42test-37 = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
43test-38 = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
44test-39 = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
45test-40 = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
46test-41 = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS
47test-42 = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection
48test-43 = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection
49test-44 = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names
50test-45 = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
51test-46 = 46-TLS 1.3 Ed25519 Signature Algorithm Selection
52test-47 = 47-TLS 1.3 Ed448 Signature Algorithm Selection
53test-48 = 48-TLS 1.3 Ed25519 CipherString and Groups Selection
54test-49 = 49-TLS 1.3 Ed448 CipherString and Groups Selection
55test-50 = 50-TLS 1.3 Ed25519 Client Auth
56test-51 = 51-TLS 1.3 Ed448 Client Auth
57test-52 = 52-TLS 1.3 ECDSA with brainpool but no suitable groups
58test-53 = 53-TLS 1.3 ECDSA with brainpool
59test-54 = 54-TLS 1.2 DSA Certificate Test
60test-55 = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
61test-56 = 56-TLS 1.3 DSA Certificate Test
62# ===========================================================
63
64[0-ECDSA CipherString Selection]
65ssl_conf = 0-ECDSA CipherString Selection-ssl
66
67[0-ECDSA CipherString Selection-ssl]
68server = 0-ECDSA CipherString Selection-server
69client = 0-ECDSA CipherString Selection-client
70
71[0-ECDSA CipherString Selection-server]
72Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
73CipherString = DEFAULT
74ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
75ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
76Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
77Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
78Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
79Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
80MaxProtocol = TLSv1.2
81PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
82
83[0-ECDSA CipherString Selection-client]
84CipherString = aECDSA
85MaxProtocol = TLSv1.2
86RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
87VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
88VerifyMode = Peer
89
90[test-0]
91ExpectedResult = Success
92ExpectedServerCANames = empty
93ExpectedServerCertType = P-256
94ExpectedServerSignType = EC
95
96
97# ===========================================================
98
99[1-ECDSA CipherString Selection]
100ssl_conf = 1-ECDSA CipherString Selection-ssl
101
102[1-ECDSA CipherString Selection-ssl]
103server = 1-ECDSA CipherString Selection-server
104client = 1-ECDSA CipherString Selection-client
105
106[1-ECDSA CipherString Selection-server]
107Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
108CipherString = DEFAULT
109ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
110ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
111Groups = P-384
112MaxProtocol = TLSv1.2
113PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
114
115[1-ECDSA CipherString Selection-client]
116CipherString = aECDSA
117Groups = P-256:P-384
118MaxProtocol = TLSv1.2
119RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
120VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
121VerifyMode = Peer
122
123[test-1]
124ExpectedResult = Success
125ExpectedServerCANames = empty
126ExpectedServerCertType = P-256
127ExpectedServerSignType = EC
128
129
130# ===========================================================
131
132[2-ECDSA CipherString Selection]
133ssl_conf = 2-ECDSA CipherString Selection-ssl
134
135[2-ECDSA CipherString Selection-ssl]
136server = 2-ECDSA CipherString Selection-server
137client = 2-ECDSA CipherString Selection-client
138
139[2-ECDSA CipherString Selection-server]
140Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
141CipherString = DEFAULT
142ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
143ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
144Groups = P-256:P-384
145MaxProtocol = TLSv1.2
146PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
147
148[2-ECDSA CipherString Selection-client]
149CipherString = aECDSA
150Groups = P-384
151MaxProtocol = TLSv1.2
152RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
153VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
154VerifyMode = Peer
155
156[test-2]
157ExpectedResult = ServerFail
158
159
160# ===========================================================
161
162[3-RSA CipherString Selection]
163ssl_conf = 3-RSA CipherString Selection-ssl
164
165[3-RSA CipherString Selection-ssl]
166server = 3-RSA CipherString Selection-server
167client = 3-RSA CipherString Selection-client
168
169[3-RSA CipherString Selection-server]
170Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
171CipherString = DEFAULT
172ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
173ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
174Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
175Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
176Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
177Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
178MaxProtocol = TLSv1.2
179PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
180
181[3-RSA CipherString Selection-client]
182CipherString = aRSA
183MaxProtocol = TLSv1.2
184VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
185VerifyMode = Peer
186
187[test-3]
188ExpectedResult = Success
189ExpectedServerCertType = RSA
190ExpectedServerSignType = RSA-PSS
191
192
193# ===========================================================
194
195[4-P-256 CipherString and Signature Algorithm Selection]
196ssl_conf = 4-P-256 CipherString and Signature Algorithm Selection-ssl
197
198[4-P-256 CipherString and Signature Algorithm Selection-ssl]
199server = 4-P-256 CipherString and Signature Algorithm Selection-server
200client = 4-P-256 CipherString and Signature Algorithm Selection-client
201
202[4-P-256 CipherString and Signature Algorithm Selection-server]
203Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
204CipherString = DEFAULT
205ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
206ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
207Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
208Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
209Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
210Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
211MaxProtocol = TLSv1.2
212PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
213
214[4-P-256 CipherString and Signature Algorithm Selection-client]
215CipherString = aECDSA
216MaxProtocol = TLSv1.2
217SignatureAlgorithms = ECDSA+SHA256:ed25519
218VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
219VerifyMode = Peer
220
221[test-4]
222ExpectedResult = Success
223ExpectedServerCertType = P-256
224ExpectedServerSignHash = SHA256
225ExpectedServerSignType = EC
226
227
228# ===========================================================
229
230[5-ECDSA CipherString Selection, no ECDSA certificate]
231ssl_conf = 5-ECDSA CipherString Selection, no ECDSA certificate-ssl
232
233[5-ECDSA CipherString Selection, no ECDSA certificate-ssl]
234server = 5-ECDSA CipherString Selection, no ECDSA certificate-server
235client = 5-ECDSA CipherString Selection, no ECDSA certificate-client
236
237[5-ECDSA CipherString Selection, no ECDSA certificate-server]
238Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
239CipherString = DEFAULT
240MaxProtocol = TLSv1.2
241PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
242
243[5-ECDSA CipherString Selection, no ECDSA certificate-client]
244CipherString = aECDSA
245MaxProtocol = TLSv1.2
246VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
247VerifyMode = Peer
248
249[test-5]
250ExpectedResult = ServerFail
251
252
253# ===========================================================
254
255[6-ECDSA Signature Algorithm Selection]
256ssl_conf = 6-ECDSA Signature Algorithm Selection-ssl
257
258[6-ECDSA Signature Algorithm Selection-ssl]
259server = 6-ECDSA Signature Algorithm Selection-server
260client = 6-ECDSA Signature Algorithm Selection-client
261
262[6-ECDSA Signature Algorithm Selection-server]
263Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
264CipherString = DEFAULT
265ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
266ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
267Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
268Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
269Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
270Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
271MaxProtocol = TLSv1.2
272PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
273
274[6-ECDSA Signature Algorithm Selection-client]
275CipherString = DEFAULT
276SignatureAlgorithms = ECDSA+SHA256
277VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
278VerifyMode = Peer
279
280[test-6]
281ExpectedResult = Success
282ExpectedServerCertType = P-256
283ExpectedServerSignHash = SHA256
284ExpectedServerSignType = EC
285
286
287# ===========================================================
288
289[7-ECDSA Signature Algorithm Selection SHA384]
290ssl_conf = 7-ECDSA Signature Algorithm Selection SHA384-ssl
291
292[7-ECDSA Signature Algorithm Selection SHA384-ssl]
293server = 7-ECDSA Signature Algorithm Selection SHA384-server
294client = 7-ECDSA Signature Algorithm Selection SHA384-client
295
296[7-ECDSA Signature Algorithm Selection SHA384-server]
297Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
298CipherString = DEFAULT
299ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
300ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
301Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
302Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
303Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
304Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
305MaxProtocol = TLSv1.2
306PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
307
308[7-ECDSA Signature Algorithm Selection SHA384-client]
309CipherString = DEFAULT
310SignatureAlgorithms = ECDSA+SHA384
311VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
312VerifyMode = Peer
313
314[test-7]
315ExpectedResult = Success
316ExpectedServerCertType = P-256
317ExpectedServerSignHash = SHA384
318ExpectedServerSignType = EC
319
320
321# ===========================================================
322
323[8-ECDSA Signature Algorithm Selection compressed point]
324ssl_conf = 8-ECDSA Signature Algorithm Selection compressed point-ssl
325
326[8-ECDSA Signature Algorithm Selection compressed point-ssl]
327server = 8-ECDSA Signature Algorithm Selection compressed point-server
328client = 8-ECDSA Signature Algorithm Selection compressed point-client
329
330[8-ECDSA Signature Algorithm Selection compressed point-server]
331Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
332CipherString = DEFAULT
333ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
334ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
335MaxProtocol = TLSv1.2
336PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
337
338[8-ECDSA Signature Algorithm Selection compressed point-client]
339CipherString = DEFAULT
340SignatureAlgorithms = ECDSA+SHA256
341VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
342VerifyMode = Peer
343
344[test-8]
345ExpectedResult = Success
346ExpectedServerCertType = P-256
347ExpectedServerSignHash = SHA256
348ExpectedServerSignType = EC
349
350
351# ===========================================================
352
353[9-ECDSA Signature Algorithm Selection, no ECDSA certificate]
354ssl_conf = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
355
356[9-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
357server = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
358client = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
359
360[9-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
361Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
362CipherString = DEFAULT
363MaxProtocol = TLSv1.2
364PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
365
366[9-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
367CipherString = DEFAULT
368SignatureAlgorithms = ECDSA+SHA256
369VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
370VerifyMode = Peer
371
372[test-9]
373ExpectedResult = ServerFail
374
375
376# ===========================================================
377
378[10-RSA Signature Algorithm Selection]
379ssl_conf = 10-RSA Signature Algorithm Selection-ssl
380
381[10-RSA Signature Algorithm Selection-ssl]
382server = 10-RSA Signature Algorithm Selection-server
383client = 10-RSA Signature Algorithm Selection-client
384
385[10-RSA Signature Algorithm Selection-server]
386Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
387CipherString = DEFAULT
388ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
389ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
390Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
391Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
392Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
393Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
394MaxProtocol = TLSv1.2
395PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
396
397[10-RSA Signature Algorithm Selection-client]
398CipherString = DEFAULT
399SignatureAlgorithms = RSA+SHA256
400VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
401VerifyMode = Peer
402
403[test-10]
404ExpectedResult = Success
405ExpectedServerCertType = RSA
406ExpectedServerSignHash = SHA256
407ExpectedServerSignType = RSA
408
409
410# ===========================================================
411
412[11-RSA-PSS Signature Algorithm Selection]
413ssl_conf = 11-RSA-PSS Signature Algorithm Selection-ssl
414
415[11-RSA-PSS Signature Algorithm Selection-ssl]
416server = 11-RSA-PSS Signature Algorithm Selection-server
417client = 11-RSA-PSS Signature Algorithm Selection-client
418
419[11-RSA-PSS Signature Algorithm Selection-server]
420Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
421CipherString = DEFAULT
422ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
423ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
424Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
425Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
426Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
427Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
428MaxProtocol = TLSv1.2
429PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
430
431[11-RSA-PSS Signature Algorithm Selection-client]
432CipherString = DEFAULT
433SignatureAlgorithms = RSA-PSS+SHA256
434VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
435VerifyMode = Peer
436
437[test-11]
438ExpectedResult = Success
439ExpectedServerCertType = RSA
440ExpectedServerSignHash = SHA256
441ExpectedServerSignType = RSA-PSS
442
443
444# ===========================================================
445
446[12-RSA key exchange with all RSA certificate types]
447ssl_conf = 12-RSA key exchange with all RSA certificate types-ssl
448
449[12-RSA key exchange with all RSA certificate types-ssl]
450server = 12-RSA key exchange with all RSA certificate types-server
451client = 12-RSA key exchange with all RSA certificate types-client
452
453[12-RSA key exchange with all RSA certificate types-server]
454Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
455CipherString = DEFAULT
456PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
457PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
458PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
459
460[12-RSA key exchange with all RSA certificate types-client]
461CipherString = kRSA
462MaxProtocol = TLSv1.2
463VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
464VerifyMode = Peer
465
466[test-12]
467ExpectedResult = Success
468ExpectedServerCertType = RSA
469
470
471# ===========================================================
472
473[13-Suite B P-256 Hash Algorithm Selection]
474ssl_conf = 13-Suite B P-256 Hash Algorithm Selection-ssl
475
476[13-Suite B P-256 Hash Algorithm Selection-ssl]
477server = 13-Suite B P-256 Hash Algorithm Selection-server
478client = 13-Suite B P-256 Hash Algorithm Selection-client
479
480[13-Suite B P-256 Hash Algorithm Selection-server]
481Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
482CipherString = SUITEB128
483ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
484ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem
485MaxProtocol = TLSv1.2
486PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
487
488[13-Suite B P-256 Hash Algorithm Selection-client]
489CipherString = DEFAULT
490SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256
491VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
492VerifyMode = Peer
493
494[test-13]
495ExpectedResult = Success
496ExpectedServerCertType = P-256
497ExpectedServerSignHash = SHA256
498ExpectedServerSignType = EC
499
500
501# ===========================================================
502
503[14-Suite B P-384 Hash Algorithm Selection]
504ssl_conf = 14-Suite B P-384 Hash Algorithm Selection-ssl
505
506[14-Suite B P-384 Hash Algorithm Selection-ssl]
507server = 14-Suite B P-384 Hash Algorithm Selection-server
508client = 14-Suite B P-384 Hash Algorithm Selection-client
509
510[14-Suite B P-384 Hash Algorithm Selection-server]
511Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
512CipherString = SUITEB128
513ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
514ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
515MaxProtocol = TLSv1.2
516PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
517
518[14-Suite B P-384 Hash Algorithm Selection-client]
519CipherString = DEFAULT
520SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384
521VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
522VerifyMode = Peer
523
524[test-14]
525ExpectedResult = Success
526ExpectedServerCertType = P-384
527ExpectedServerSignHash = SHA384
528ExpectedServerSignType = EC
529
530
531# ===========================================================
532
533[15-Ed25519 CipherString and Signature Algorithm Selection]
534ssl_conf = 15-Ed25519 CipherString and Signature Algorithm Selection-ssl
535
536[15-Ed25519 CipherString and Signature Algorithm Selection-ssl]
537server = 15-Ed25519 CipherString and Signature Algorithm Selection-server
538client = 15-Ed25519 CipherString and Signature Algorithm Selection-client
539
540[15-Ed25519 CipherString and Signature Algorithm Selection-server]
541Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
542CipherString = DEFAULT
543ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
544ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
545Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
546Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
547Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
548Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
549MaxProtocol = TLSv1.2
550PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
551
552[15-Ed25519 CipherString and Signature Algorithm Selection-client]
553CipherString = aECDSA
554MaxProtocol = TLSv1.2
555RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
556SignatureAlgorithms = ed25519:ECDSA+SHA256
557VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
558VerifyMode = Peer
559
560[test-15]
561ExpectedResult = Success
562ExpectedServerCANames = empty
563ExpectedServerCertType = Ed25519
564ExpectedServerSignType = Ed25519
565
566
567# ===========================================================
568
569[16-Ed448 CipherString and Signature Algorithm Selection]
570ssl_conf = 16-Ed448 CipherString and Signature Algorithm Selection-ssl
571
572[16-Ed448 CipherString and Signature Algorithm Selection-ssl]
573server = 16-Ed448 CipherString and Signature Algorithm Selection-server
574client = 16-Ed448 CipherString and Signature Algorithm Selection-client
575
576[16-Ed448 CipherString and Signature Algorithm Selection-server]
577Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
578CipherString = DEFAULT
579ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
580ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
581Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
582Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
583Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
584Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
585MaxProtocol = TLSv1.2
586PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
587
588[16-Ed448 CipherString and Signature Algorithm Selection-client]
589CipherString = aECDSA
590MaxProtocol = TLSv1.2
591RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
592SignatureAlgorithms = ed448:ECDSA+SHA256
593VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
594VerifyMode = Peer
595
596[test-16]
597ExpectedResult = Success
598ExpectedServerCANames = empty
599ExpectedServerCertType = Ed448
600ExpectedServerSignType = Ed448
601
602
603# ===========================================================
604
605[17-Ed25519 CipherString and Curves Selection]
606ssl_conf = 17-Ed25519 CipherString and Curves Selection-ssl
607
608[17-Ed25519 CipherString and Curves Selection-ssl]
609server = 17-Ed25519 CipherString and Curves Selection-server
610client = 17-Ed25519 CipherString and Curves Selection-client
611
612[17-Ed25519 CipherString and Curves Selection-server]
613Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
614CipherString = DEFAULT
615ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
616ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
617Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
618Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
619Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
620Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
621MaxProtocol = TLSv1.2
622PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
623
624[17-Ed25519 CipherString and Curves Selection-client]
625CipherString = aECDSA
626Curves = X25519
627MaxProtocol = TLSv1.2
628SignatureAlgorithms = ECDSA+SHA256:ed25519
629VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
630VerifyMode = Peer
631
632[test-17]
633ExpectedResult = Success
634ExpectedServerCertType = Ed25519
635ExpectedServerSignType = Ed25519
636
637
638# ===========================================================
639
640[18-Ed448 CipherString and Curves Selection]
641ssl_conf = 18-Ed448 CipherString and Curves Selection-ssl
642
643[18-Ed448 CipherString and Curves Selection-ssl]
644server = 18-Ed448 CipherString and Curves Selection-server
645client = 18-Ed448 CipherString and Curves Selection-client
646
647[18-Ed448 CipherString and Curves Selection-server]
648Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
649CipherString = DEFAULT
650ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
651ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
652Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
653Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
654Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
655Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
656MaxProtocol = TLSv1.2
657PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
658
659[18-Ed448 CipherString and Curves Selection-client]
660CipherString = aECDSA
661Curves = X448
662MaxProtocol = TLSv1.2
663SignatureAlgorithms = ECDSA+SHA256:ed448
664VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
665VerifyMode = Peer
666
667[test-18]
668ExpectedResult = Success
669ExpectedServerCertType = Ed448
670ExpectedServerSignType = Ed448
671
672
673# ===========================================================
674
675[19-TLS 1.2 Ed25519 Client Auth]
676ssl_conf = 19-TLS 1.2 Ed25519 Client Auth-ssl
677
678[19-TLS 1.2 Ed25519 Client Auth-ssl]
679server = 19-TLS 1.2 Ed25519 Client Auth-server
680client = 19-TLS 1.2 Ed25519 Client Auth-client
681
682[19-TLS 1.2 Ed25519 Client Auth-server]
683Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
684CipherString = DEFAULT
685PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
686VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
687VerifyMode = Require
688
689[19-TLS 1.2 Ed25519 Client Auth-client]
690CipherString = DEFAULT
691Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
692Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
693MaxProtocol = TLSv1.2
694MinProtocol = TLSv1.2
695VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
696VerifyMode = Peer
697
698[test-19]
699ExpectedClientCertType = Ed25519
700ExpectedClientSignType = Ed25519
701ExpectedResult = Success
702
703
704# ===========================================================
705
706[20-TLS 1.2 Ed448 Client Auth]
707ssl_conf = 20-TLS 1.2 Ed448 Client Auth-ssl
708
709[20-TLS 1.2 Ed448 Client Auth-ssl]
710server = 20-TLS 1.2 Ed448 Client Auth-server
711client = 20-TLS 1.2 Ed448 Client Auth-client
712
713[20-TLS 1.2 Ed448 Client Auth-server]
714Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
715CipherString = DEFAULT
716PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
717VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
718VerifyMode = Require
719
720[20-TLS 1.2 Ed448 Client Auth-client]
721CipherString = DEFAULT
722Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
723Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
724MaxProtocol = TLSv1.2
725MinProtocol = TLSv1.2
726VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
727VerifyMode = Peer
728
729[test-20]
730ExpectedClientCertType = Ed448
731ExpectedClientSignType = Ed448
732ExpectedResult = Success
733
734
735# ===========================================================
736
737[21-ECDSA Signature Algorithm Selection SHA1]
738ssl_conf = 21-ECDSA Signature Algorithm Selection SHA1-ssl
739
740[21-ECDSA Signature Algorithm Selection SHA1-ssl]
741server = 21-ECDSA Signature Algorithm Selection SHA1-server
742client = 21-ECDSA Signature Algorithm Selection SHA1-client
743
744[21-ECDSA Signature Algorithm Selection SHA1-server]
745Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
746CipherString = DEFAULT:@SECLEVEL=0
747ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
748ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
749Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
750Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
751Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
752Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
753MaxProtocol = TLSv1.2
754PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
755
756[21-ECDSA Signature Algorithm Selection SHA1-client]
757CipherString = DEFAULT:@SECLEVEL=0
758SignatureAlgorithms = ECDSA+SHA1
759VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
760VerifyMode = Peer
761
762[test-21]
763ExpectedResult = Success
764ExpectedServerCertType = P-256
765ExpectedServerSignHash = SHA1
766ExpectedServerSignType = EC
767
768
769# ===========================================================
770
771[22-ECDSA with brainpool]
772ssl_conf = 22-ECDSA with brainpool-ssl
773
774[22-ECDSA with brainpool-ssl]
775server = 22-ECDSA with brainpool-server
776client = 22-ECDSA with brainpool-client
777
778[22-ECDSA with brainpool-server]
779Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
780CipherString = DEFAULT
781Groups = brainpoolP256r1
782PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
783
784[22-ECDSA with brainpool-client]
785CipherString = aECDSA
786Groups = brainpoolP256r1
787MaxProtocol = TLSv1.2
788RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
789VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
790VerifyMode = Peer
791
792[test-22]
793ExpectedResult = Success
794ExpectedServerCANames = empty
795ExpectedServerCertType = brainpoolP256r1
796ExpectedServerSignType = EC
797
798
799# ===========================================================
800
801[23-RSA-PSS Certificate CipherString Selection]
802ssl_conf = 23-RSA-PSS Certificate CipherString Selection-ssl
803
804[23-RSA-PSS Certificate CipherString Selection-ssl]
805server = 23-RSA-PSS Certificate CipherString Selection-server
806client = 23-RSA-PSS Certificate CipherString Selection-client
807
808[23-RSA-PSS Certificate CipherString Selection-server]
809Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
810CipherString = DEFAULT
811ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
812ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
813Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
814Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
815Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
816Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
817MaxProtocol = TLSv1.2
818PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
819PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
820PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
821
822[23-RSA-PSS Certificate CipherString Selection-client]
823CipherString = aRSA
824MaxProtocol = TLSv1.2
825VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
826VerifyMode = Peer
827
828[test-23]
829ExpectedResult = Success
830ExpectedServerCertType = RSA-PSS
831ExpectedServerSignType = RSA-PSS
832
833
834# ===========================================================
835
836[24-RSA-PSS Certificate Legacy Signature Algorithm Selection]
837ssl_conf = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl
838
839[24-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl]
840server = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection-server
841client = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection-client
842
843[24-RSA-PSS Certificate Legacy Signature Algorithm Selection-server]
844Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
845CipherString = DEFAULT
846ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
847ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
848Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
849Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
850Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
851Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
852MaxProtocol = TLSv1.2
853PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
854PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
855PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
856
857[24-RSA-PSS Certificate Legacy Signature Algorithm Selection-client]
858CipherString = DEFAULT
859SignatureAlgorithms = RSA-PSS+SHA256
860VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
861VerifyMode = Peer
862
863[test-24]
864ExpectedResult = Success
865ExpectedServerCertType = RSA
866ExpectedServerSignHash = SHA256
867ExpectedServerSignType = RSA-PSS
868
869
870# ===========================================================
871
872[25-RSA-PSS Certificate Unified Signature Algorithm Selection]
873ssl_conf = 25-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl
874
875[25-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl]
876server = 25-RSA-PSS Certificate Unified Signature Algorithm Selection-server
877client = 25-RSA-PSS Certificate Unified Signature Algorithm Selection-client
878
879[25-RSA-PSS Certificate Unified Signature Algorithm Selection-server]
880Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
881CipherString = DEFAULT
882ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
883ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
884Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
885Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
886Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
887Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
888MaxProtocol = TLSv1.2
889PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
890PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
891PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
892
893[25-RSA-PSS Certificate Unified Signature Algorithm Selection-client]
894CipherString = DEFAULT
895SignatureAlgorithms = rsa_pss_pss_sha256
896VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
897VerifyMode = Peer
898
899[test-25]
900ExpectedResult = Success
901ExpectedServerCertType = RSA-PSS
902ExpectedServerSignHash = SHA256
903ExpectedServerSignType = RSA-PSS
904
905
906# ===========================================================
907
908[26-Only RSA-PSS Certificate]
909ssl_conf = 26-Only RSA-PSS Certificate-ssl
910
911[26-Only RSA-PSS Certificate-ssl]
912server = 26-Only RSA-PSS Certificate-server
913client = 26-Only RSA-PSS Certificate-client
914
915[26-Only RSA-PSS Certificate-server]
916Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
917CipherString = DEFAULT
918PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
919
920[26-Only RSA-PSS Certificate-client]
921CipherString = DEFAULT
922VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
923VerifyMode = Peer
924
925[test-26]
926ExpectedResult = Success
927ExpectedServerCertType = RSA-PSS
928ExpectedServerSignHash = SHA256
929ExpectedServerSignType = RSA-PSS
930
931
932# ===========================================================
933
934[27-Only RSA-PSS Certificate Valid Signature Algorithms]
935ssl_conf = 27-Only RSA-PSS Certificate Valid Signature Algorithms-ssl
936
937[27-Only RSA-PSS Certificate Valid Signature Algorithms-ssl]
938server = 27-Only RSA-PSS Certificate Valid Signature Algorithms-server
939client = 27-Only RSA-PSS Certificate Valid Signature Algorithms-client
940
941[27-Only RSA-PSS Certificate Valid Signature Algorithms-server]
942Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
943CipherString = DEFAULT
944PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
945
946[27-Only RSA-PSS Certificate Valid Signature Algorithms-client]
947CipherString = DEFAULT
948SignatureAlgorithms = rsa_pss_pss_sha512
949VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
950VerifyMode = Peer
951
952[test-27]
953ExpectedResult = Success
954ExpectedServerCertType = RSA-PSS
955ExpectedServerSignHash = SHA512
956ExpectedServerSignType = RSA-PSS
957
958
959# ===========================================================
960
961[28-RSA-PSS Certificate, no PSS signature algorithms]
962ssl_conf = 28-RSA-PSS Certificate, no PSS signature algorithms-ssl
963
964[28-RSA-PSS Certificate, no PSS signature algorithms-ssl]
965server = 28-RSA-PSS Certificate, no PSS signature algorithms-server
966client = 28-RSA-PSS Certificate, no PSS signature algorithms-client
967
968[28-RSA-PSS Certificate, no PSS signature algorithms-server]
969Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
970CipherString = DEFAULT
971PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
972
973[28-RSA-PSS Certificate, no PSS signature algorithms-client]
974CipherString = DEFAULT
975SignatureAlgorithms = RSA+SHA256
976VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
977VerifyMode = Peer
978
979[test-28]
980ExpectedResult = ServerFail
981
982
983# ===========================================================
984
985[29-Only RSA-PSS Restricted Certificate]
986ssl_conf = 29-Only RSA-PSS Restricted Certificate-ssl
987
988[29-Only RSA-PSS Restricted Certificate-ssl]
989server = 29-Only RSA-PSS Restricted Certificate-server
990client = 29-Only RSA-PSS Restricted Certificate-client
991
992[29-Only RSA-PSS Restricted Certificate-server]
993Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
994CipherString = DEFAULT
995PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
996
997[29-Only RSA-PSS Restricted Certificate-client]
998CipherString = DEFAULT
999VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1000VerifyMode = Peer
1001
1002[test-29]
1003ExpectedResult = Success
1004ExpectedServerCertType = RSA-PSS
1005ExpectedServerSignHash = SHA256
1006ExpectedServerSignType = RSA-PSS
1007
1008
1009# ===========================================================
1010
1011[30-RSA-PSS Restricted Certificate Valid Signature Algorithms]
1012ssl_conf = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl
1013
1014[30-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl]
1015server = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms-server
1016client = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms-client
1017
1018[30-RSA-PSS Restricted Certificate Valid Signature Algorithms-server]
1019Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
1020CipherString = DEFAULT
1021PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
1022
1023[30-RSA-PSS Restricted Certificate Valid Signature Algorithms-client]
1024CipherString = DEFAULT
1025SignatureAlgorithms = rsa_pss_pss_sha256:rsa_pss_pss_sha512
1026VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1027VerifyMode = Peer
1028
1029[test-30]
1030ExpectedResult = Success
1031ExpectedServerCertType = RSA-PSS
1032ExpectedServerSignHash = SHA256
1033ExpectedServerSignType = RSA-PSS
1034
1035
1036# ===========================================================
1037
1038[31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm]
1039ssl_conf = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl
1040
1041[31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl]
1042server = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server
1043client = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client
1044
1045[31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server]
1046Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
1047CipherString = DEFAULT
1048PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
1049
1050[31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client]
1051CipherString = DEFAULT
1052SignatureAlgorithms = rsa_pss_pss_sha512:rsa_pss_pss_sha256
1053VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1054VerifyMode = Peer
1055
1056[test-31]
1057ExpectedResult = Success
1058ExpectedServerCertType = RSA-PSS
1059ExpectedServerSignHash = SHA256
1060ExpectedServerSignType = RSA-PSS
1061
1062
1063# ===========================================================
1064
1065[32-RSA-PSS Restricted Certificate Invalid Signature Algorithms]
1066ssl_conf = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl
1067
1068[32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl]
1069server = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server
1070client = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client
1071
1072[32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server]
1073Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
1074CipherString = DEFAULT
1075PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
1076
1077[32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client]
1078CipherString = DEFAULT
1079SignatureAlgorithms = rsa_pss_pss_sha512
1080VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1081VerifyMode = Peer
1082
1083[test-32]
1084ExpectedResult = ServerFail
1085
1086
1087# ===========================================================
1088
1089[33-RSA key exchange with only RSA-PSS certificate]
1090ssl_conf = 33-RSA key exchange with only RSA-PSS certificate-ssl
1091
1092[33-RSA key exchange with only RSA-PSS certificate-ssl]
1093server = 33-RSA key exchange with only RSA-PSS certificate-server
1094client = 33-RSA key exchange with only RSA-PSS certificate-client
1095
1096[33-RSA key exchange with only RSA-PSS certificate-server]
1097Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
1098CipherString = DEFAULT
1099PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
1100
1101[33-RSA key exchange with only RSA-PSS certificate-client]
1102CipherString = kRSA
1103MaxProtocol = TLSv1.2
1104VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1105VerifyMode = Peer
1106
1107[test-33]
1108ExpectedResult = ServerFail
1109
1110
1111# ===========================================================
1112
1113[34-Only RSA-PSS Certificate, TLS v1.1]
1114ssl_conf = 34-Only RSA-PSS Certificate, TLS v1.1-ssl
1115
1116[34-Only RSA-PSS Certificate, TLS v1.1-ssl]
1117server = 34-Only RSA-PSS Certificate, TLS v1.1-server
1118client = 34-Only RSA-PSS Certificate, TLS v1.1-client
1119
1120[34-Only RSA-PSS Certificate, TLS v1.1-server]
1121Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
1122CipherString = DEFAULT
1123PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
1124
1125[34-Only RSA-PSS Certificate, TLS v1.1-client]
1126CipherString = DEFAULT
1127MaxProtocol = TLSv1.1
1128VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1129VerifyMode = Peer
1130
1131[test-34]
1132ExpectedResult = ServerFail
1133
1134
1135# ===========================================================
1136
1137[35-TLS 1.3 ECDSA Signature Algorithm Selection]
1138ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl
1139
1140[35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl]
1141server = 35-TLS 1.3 ECDSA Signature Algorithm Selection-server
1142client = 35-TLS 1.3 ECDSA Signature Algorithm Selection-client
1143
1144[35-TLS 1.3 ECDSA Signature Algorithm Selection-server]
1145Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1146CipherString = DEFAULT
1147ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1148ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1149Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1150Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1151Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1152Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1153MaxProtocol = TLSv1.3
1154MinProtocol = TLSv1.3
1155PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1156
1157[35-TLS 1.3 ECDSA Signature Algorithm Selection-client]
1158CipherString = DEFAULT
1159SignatureAlgorithms = ECDSA+SHA256
1160VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1161VerifyMode = Peer
1162
1163[test-35]
1164ExpectedResult = Success
1165ExpectedServerCANames = empty
1166ExpectedServerCertType = P-256
1167ExpectedServerSignHash = SHA256
1168ExpectedServerSignType = EC
1169
1170
1171# ===========================================================
1172
1173[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point]
1174ssl_conf = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl
1175
1176[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl]
1177server = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server
1178client = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client
1179
1180[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server]
1181Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1182CipherString = DEFAULT
1183ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
1184ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
1185MaxProtocol = TLSv1.3
1186MinProtocol = TLSv1.3
1187PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1188
1189[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client]
1190CipherString = DEFAULT
1191SignatureAlgorithms = ECDSA+SHA256
1192VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1193VerifyMode = Peer
1194
1195[test-36]
1196ExpectedResult = Success
1197ExpectedServerCANames = empty
1198ExpectedServerCertType = P-256
1199ExpectedServerSignHash = SHA256
1200ExpectedServerSignType = EC
1201
1202
1203# ===========================================================
1204
1205[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1]
1206ssl_conf = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl
1207
1208[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl]
1209server = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server
1210client = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
1211
1212[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
1213Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1214CipherString = DEFAULT:@SECLEVEL=0
1215ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1216ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1217Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1218Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1219Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1220Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1221MaxProtocol = TLSv1.3
1222MinProtocol = TLSv1.3
1223PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1224
1225[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
1226CipherString = DEFAULT:@SECLEVEL=0
1227SignatureAlgorithms = ECDSA+SHA1
1228VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1229VerifyMode = Peer
1230
1231[test-37]
1232ExpectedResult = ServerFail
1233
1234
1235# ===========================================================
1236
1237[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS]
1238ssl_conf = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl
1239
1240[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl]
1241server = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server
1242client = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client
1243
1244[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server]
1245Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1246CipherString = DEFAULT
1247ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1248ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1249Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1250Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1251Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1252Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1253MaxProtocol = TLSv1.3
1254MinProtocol = TLSv1.3
1255PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1256
1257[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client]
1258CipherString = DEFAULT
1259RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1260SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256
1261VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1262VerifyMode = Peer
1263
1264[test-38]
1265ExpectedResult = Success
1266ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1267ExpectedServerCertType = P-256
1268ExpectedServerSignHash = SHA256
1269ExpectedServerSignType = EC
1270
1271
1272# ===========================================================
1273
1274[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS]
1275ssl_conf = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl
1276
1277[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl]
1278server = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server
1279client = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client
1280
1281[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server]
1282Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1283CipherString = DEFAULT
1284ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1285ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1286Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1287Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1288Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1289Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1290MaxProtocol = TLSv1.3
1291MinProtocol = TLSv1.3
1292PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1293
1294[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client]
1295CipherString = DEFAULT
1296SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384
1297VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1298VerifyMode = Peer
1299
1300[test-39]
1301ExpectedResult = Success
1302ExpectedServerCertType = RSA
1303ExpectedServerSignHash = SHA384
1304ExpectedServerSignType = RSA-PSS
1305
1306
1307# ===========================================================
1308
1309[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate]
1310ssl_conf = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
1311
1312[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
1313server = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server
1314client = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client
1315
1316[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
1317Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1318CipherString = DEFAULT
1319MaxProtocol = TLSv1.3
1320MinProtocol = TLSv1.3
1321PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1322
1323[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
1324CipherString = DEFAULT
1325SignatureAlgorithms = ECDSA+SHA256
1326VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1327VerifyMode = Peer
1328
1329[test-40]
1330ExpectedResult = ServerFail
1331
1332
1333# ===========================================================
1334
1335[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS]
1336ssl_conf = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl
1337
1338[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl]
1339server = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server
1340client = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client
1341
1342[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server]
1343Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1344CipherString = DEFAULT
1345ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1346ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1347Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1348Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1349Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1350Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1351MaxProtocol = TLSv1.3
1352MinProtocol = TLSv1.3
1353PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1354
1355[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client]
1356CipherString = DEFAULT
1357SignatureAlgorithms = RSA+SHA256
1358VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1359VerifyMode = Peer
1360
1361[test-41]
1362ExpectedResult = ServerFail
1363
1364
1365# ===========================================================
1366
1367[42-TLS 1.3 RSA-PSS Signature Algorithm Selection]
1368ssl_conf = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl
1369
1370[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl]
1371server = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server
1372client = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client
1373
1374[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server]
1375Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1376CipherString = DEFAULT
1377ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1378ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1379Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1380Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1381Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1382Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1383MaxProtocol = TLSv1.3
1384MinProtocol = TLSv1.3
1385PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1386
1387[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client]
1388CipherString = DEFAULT
1389SignatureAlgorithms = RSA-PSS+SHA256
1390VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1391VerifyMode = Peer
1392
1393[test-42]
1394ExpectedResult = Success
1395ExpectedServerCertType = RSA
1396ExpectedServerSignHash = SHA256
1397ExpectedServerSignType = RSA-PSS
1398
1399
1400# ===========================================================
1401
1402[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection]
1403ssl_conf = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl
1404
1405[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl]
1406server = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server
1407client = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client
1408
1409[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server]
1410Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1411CipherString = DEFAULT
1412ClientSignatureAlgorithms = PSS+SHA256
1413PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1414VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1415VerifyMode = Require
1416
1417[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client]
1418CipherString = DEFAULT
1419ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1420ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1421MaxProtocol = TLSv1.3
1422MinProtocol = TLSv1.3
1423RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1424RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1425VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1426VerifyMode = Peer
1427
1428[test-43]
1429ExpectedClientCANames = empty
1430ExpectedClientCertType = RSA
1431ExpectedClientSignHash = SHA256
1432ExpectedClientSignType = RSA-PSS
1433ExpectedResult = Success
1434
1435
1436# ===========================================================
1437
1438[44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names]
1439ssl_conf = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl
1440
1441[44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl]
1442server = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server
1443client = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client
1444
1445[44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server]
1446Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1447CipherString = DEFAULT
1448ClientSignatureAlgorithms = PSS+SHA256
1449PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1450RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1451VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1452VerifyMode = Require
1453
1454[44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client]
1455CipherString = DEFAULT
1456ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1457ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1458MaxProtocol = TLSv1.3
1459MinProtocol = TLSv1.3
1460RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1461RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1462VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1463VerifyMode = Peer
1464
1465[test-44]
1466ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1467ExpectedClientCertType = RSA
1468ExpectedClientSignHash = SHA256
1469ExpectedClientSignType = RSA-PSS
1470ExpectedResult = Success
1471
1472
1473# ===========================================================
1474
1475[45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection]
1476ssl_conf = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl
1477
1478[45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl]
1479server = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server
1480client = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client
1481
1482[45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server]
1483Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1484CipherString = DEFAULT
1485ClientSignatureAlgorithms = ECDSA+SHA256
1486PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1487VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1488VerifyMode = Require
1489
1490[45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client]
1491CipherString = DEFAULT
1492ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1493ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1494MaxProtocol = TLSv1.3
1495MinProtocol = TLSv1.3
1496RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1497RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1498VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1499VerifyMode = Peer
1500
1501[test-45]
1502ExpectedClientCertType = P-256
1503ExpectedClientSignHash = SHA256
1504ExpectedClientSignType = EC
1505ExpectedResult = Success
1506
1507
1508# ===========================================================
1509
1510[46-TLS 1.3 Ed25519 Signature Algorithm Selection]
1511ssl_conf = 46-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl
1512
1513[46-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl]
1514server = 46-TLS 1.3 Ed25519 Signature Algorithm Selection-server
1515client = 46-TLS 1.3 Ed25519 Signature Algorithm Selection-client
1516
1517[46-TLS 1.3 Ed25519 Signature Algorithm Selection-server]
1518Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1519CipherString = DEFAULT
1520ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1521ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1522Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1523Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1524Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1525Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1526MaxProtocol = TLSv1.3
1527MinProtocol = TLSv1.3
1528PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1529
1530[46-TLS 1.3 Ed25519 Signature Algorithm Selection-client]
1531CipherString = DEFAULT
1532SignatureAlgorithms = ed25519
1533VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1534VerifyMode = Peer
1535
1536[test-46]
1537ExpectedResult = Success
1538ExpectedServerCertType = Ed25519
1539ExpectedServerSignType = Ed25519
1540
1541
1542# ===========================================================
1543
1544[47-TLS 1.3 Ed448 Signature Algorithm Selection]
1545ssl_conf = 47-TLS 1.3 Ed448 Signature Algorithm Selection-ssl
1546
1547[47-TLS 1.3 Ed448 Signature Algorithm Selection-ssl]
1548server = 47-TLS 1.3 Ed448 Signature Algorithm Selection-server
1549client = 47-TLS 1.3 Ed448 Signature Algorithm Selection-client
1550
1551[47-TLS 1.3 Ed448 Signature Algorithm Selection-server]
1552Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1553CipherString = DEFAULT
1554ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1555ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1556Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1557Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1558Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1559Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1560MaxProtocol = TLSv1.3
1561MinProtocol = TLSv1.3
1562PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1563
1564[47-TLS 1.3 Ed448 Signature Algorithm Selection-client]
1565CipherString = DEFAULT
1566SignatureAlgorithms = ed448
1567VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
1568VerifyMode = Peer
1569
1570[test-47]
1571ExpectedResult = Success
1572ExpectedServerCertType = Ed448
1573ExpectedServerSignType = Ed448
1574
1575
1576# ===========================================================
1577
1578[48-TLS 1.3 Ed25519 CipherString and Groups Selection]
1579ssl_conf = 48-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl
1580
1581[48-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl]
1582server = 48-TLS 1.3 Ed25519 CipherString and Groups Selection-server
1583client = 48-TLS 1.3 Ed25519 CipherString and Groups Selection-client
1584
1585[48-TLS 1.3 Ed25519 CipherString and Groups Selection-server]
1586Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1587CipherString = DEFAULT
1588ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1589ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1590Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1591Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1592Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1593Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1594MaxProtocol = TLSv1.3
1595MinProtocol = TLSv1.3
1596PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1597
1598[48-TLS 1.3 Ed25519 CipherString and Groups Selection-client]
1599CipherString = DEFAULT
1600Groups = X25519
1601SignatureAlgorithms = ECDSA+SHA256:ed25519
1602VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1603VerifyMode = Peer
1604
1605[test-48]
1606ExpectedResult = Success
1607ExpectedServerCertType = P-256
1608ExpectedServerSignType = EC
1609
1610
1611# ===========================================================
1612
1613[49-TLS 1.3 Ed448 CipherString and Groups Selection]
1614ssl_conf = 49-TLS 1.3 Ed448 CipherString and Groups Selection-ssl
1615
1616[49-TLS 1.3 Ed448 CipherString and Groups Selection-ssl]
1617server = 49-TLS 1.3 Ed448 CipherString and Groups Selection-server
1618client = 49-TLS 1.3 Ed448 CipherString and Groups Selection-client
1619
1620[49-TLS 1.3 Ed448 CipherString and Groups Selection-server]
1621Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1622CipherString = DEFAULT
1623ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1624ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1625Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1626Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1627Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1628Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1629MaxProtocol = TLSv1.3
1630MinProtocol = TLSv1.3
1631PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1632
1633[49-TLS 1.3 Ed448 CipherString and Groups Selection-client]
1634CipherString = DEFAULT
1635Groups = X448
1636SignatureAlgorithms = ECDSA+SHA256:ed448
1637VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1638VerifyMode = Peer
1639
1640[test-49]
1641ExpectedResult = Success
1642ExpectedServerCertType = P-256
1643ExpectedServerSignType = EC
1644
1645
1646# ===========================================================
1647
1648[50-TLS 1.3 Ed25519 Client Auth]
1649ssl_conf = 50-TLS 1.3 Ed25519 Client Auth-ssl
1650
1651[50-TLS 1.3 Ed25519 Client Auth-ssl]
1652server = 50-TLS 1.3 Ed25519 Client Auth-server
1653client = 50-TLS 1.3 Ed25519 Client Auth-client
1654
1655[50-TLS 1.3 Ed25519 Client Auth-server]
1656Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1657CipherString = DEFAULT
1658PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1659VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1660VerifyMode = Require
1661
1662[50-TLS 1.3 Ed25519 Client Auth-client]
1663CipherString = DEFAULT
1664EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
1665EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
1666MaxProtocol = TLSv1.3
1667MinProtocol = TLSv1.3
1668VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1669VerifyMode = Peer
1670
1671[test-50]
1672ExpectedClientCertType = Ed25519
1673ExpectedClientSignType = Ed25519
1674ExpectedResult = Success
1675
1676
1677# ===========================================================
1678
1679[51-TLS 1.3 Ed448 Client Auth]
1680ssl_conf = 51-TLS 1.3 Ed448 Client Auth-ssl
1681
1682[51-TLS 1.3 Ed448 Client Auth-ssl]
1683server = 51-TLS 1.3 Ed448 Client Auth-server
1684client = 51-TLS 1.3 Ed448 Client Auth-client
1685
1686[51-TLS 1.3 Ed448 Client Auth-server]
1687Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1688CipherString = DEFAULT
1689PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1690VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1691VerifyMode = Require
1692
1693[51-TLS 1.3 Ed448 Client Auth-client]
1694CipherString = DEFAULT
1695EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
1696EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
1697MaxProtocol = TLSv1.3
1698MinProtocol = TLSv1.3
1699VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1700VerifyMode = Peer
1701
1702[test-51]
1703ExpectedClientCertType = Ed448
1704ExpectedClientSignType = Ed448
1705ExpectedResult = Success
1706
1707
1708# ===========================================================
1709
1710[52-TLS 1.3 ECDSA with brainpool but no suitable groups]
1711ssl_conf = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-ssl
1712
1713[52-TLS 1.3 ECDSA with brainpool but no suitable groups-ssl]
1714server = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-server
1715client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client
1716
1717[52-TLS 1.3 ECDSA with brainpool but no suitable groups-server]
1718Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
1719CipherString = DEFAULT
1720Groups = brainpoolP256r1
1721PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
1722
1723[52-TLS 1.3 ECDSA with brainpool but no suitable groups-client]
1724CipherString = aECDSA
1725Groups = brainpoolP256r1
1726RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1727VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1728VerifyMode = Peer
1729
1730[test-52]
1731ExpectedResult = ClientFail
1732
1733
1734# ===========================================================
1735
1736[53-TLS 1.3 ECDSA with brainpool]
1737ssl_conf = 53-TLS 1.3 ECDSA with brainpool-ssl
1738
1739[53-TLS 1.3 ECDSA with brainpool-ssl]
1740server = 53-TLS 1.3 ECDSA with brainpool-server
1741client = 53-TLS 1.3 ECDSA with brainpool-client
1742
1743[53-TLS 1.3 ECDSA with brainpool-server]
1744Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
1745CipherString = DEFAULT
1746PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
1747
1748[53-TLS 1.3 ECDSA with brainpool-client]
1749CipherString = DEFAULT
1750MaxProtocol = TLSv1.3
1751MinProtocol = TLSv1.3
1752RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1753VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1754VerifyMode = Peer
1755
1756[test-53]
1757ExpectedResult = ServerFail
1758
1759
1760# ===========================================================
1761
1762[54-TLS 1.2 DSA Certificate Test]
1763ssl_conf = 54-TLS 1.2 DSA Certificate Test-ssl
1764
1765[54-TLS 1.2 DSA Certificate Test-ssl]
1766server = 54-TLS 1.2 DSA Certificate Test-server
1767client = 54-TLS 1.2 DSA Certificate Test-client
1768
1769[54-TLS 1.2 DSA Certificate Test-server]
1770Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1771CipherString = ALL
1772DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
1773DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
1774DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
1775MaxProtocol = TLSv1.2
1776MinProtocol = TLSv1.2
1777PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1778
1779[54-TLS 1.2 DSA Certificate Test-client]
1780CipherString = ALL
1781SignatureAlgorithms = DSA+SHA256:DSA+SHA1
1782VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1783VerifyMode = Peer
1784
1785[test-54]
1786ExpectedResult = Success
1787
1788
1789# ===========================================================
1790
1791[55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms]
1792ssl_conf = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl
1793
1794[55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl]
1795server = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server
1796client = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client
1797
1798[55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server]
1799Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1800CipherString = DEFAULT
1801ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256
1802PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1803VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1804VerifyMode = Request
1805
1806[55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client]
1807CipherString = DEFAULT
1808VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1809VerifyMode = Peer
1810
1811[test-55]
1812ExpectedResult = ServerFail
1813
1814
1815# ===========================================================
1816
1817[56-TLS 1.3 DSA Certificate Test]
1818ssl_conf = 56-TLS 1.3 DSA Certificate Test-ssl
1819
1820[56-TLS 1.3 DSA Certificate Test-ssl]
1821server = 56-TLS 1.3 DSA Certificate Test-server
1822client = 56-TLS 1.3 DSA Certificate Test-client
1823
1824[56-TLS 1.3 DSA Certificate Test-server]
1825Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1826CipherString = ALL
1827DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
1828DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
1829MaxProtocol = TLSv1.3
1830MinProtocol = TLSv1.3
1831PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1832
1833[56-TLS 1.3 DSA Certificate Test-client]
1834CipherString = ALL
1835SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256
1836VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1837VerifyMode = Peer
1838
1839[test-56]
1840ExpectedResult = ServerFail
1841
1842
1843