1# Generated with generate_ssl_tests.pl 2 3num_tests = 57 4 5test-0 = 0-ECDSA CipherString Selection 6test-1 = 1-ECDSA CipherString Selection 7test-2 = 2-ECDSA CipherString Selection 8test-3 = 3-RSA CipherString Selection 9test-4 = 4-P-256 CipherString and Signature Algorithm Selection 10test-5 = 5-ECDSA CipherString Selection, no ECDSA certificate 11test-6 = 6-ECDSA Signature Algorithm Selection 12test-7 = 7-ECDSA Signature Algorithm Selection SHA384 13test-8 = 8-ECDSA Signature Algorithm Selection compressed point 14test-9 = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate 15test-10 = 10-RSA Signature Algorithm Selection 16test-11 = 11-RSA-PSS Signature Algorithm Selection 17test-12 = 12-RSA key exchange with all RSA certificate types 18test-13 = 13-Suite B P-256 Hash Algorithm Selection 19test-14 = 14-Suite B P-384 Hash Algorithm Selection 20test-15 = 15-Ed25519 CipherString and Signature Algorithm Selection 21test-16 = 16-Ed448 CipherString and Signature Algorithm Selection 22test-17 = 17-TLS 1.2 Ed25519 Client Auth 23test-18 = 18-TLS 1.2 Ed448 Client Auth 24test-19 = 19-ECDSA Signature Algorithm Selection SHA1 25test-20 = 20-ECDSA with brainpool 26test-21 = 21-Ed25519 CipherString and Curves Selection 27test-22 = 22-Ed448 CipherString and Curves Selection 28test-23 = 23-RSA-PSS Certificate CipherString Selection 29test-24 = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection 30test-25 = 25-RSA-PSS Certificate Unified Signature Algorithm Selection 31test-26 = 26-Only RSA-PSS Certificate 32test-27 = 27-Only RSA-PSS Certificate Valid Signature Algorithms 33test-28 = 28-RSA-PSS Certificate, no PSS signature algorithms 34test-29 = 29-Only RSA-PSS Restricted Certificate 35test-30 = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms 36test-31 = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm 37test-32 = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms 38test-33 = 33-RSA key exchange with only RSA-PSS certificate 39test-34 = 34-Only RSA-PSS Certificate, TLS v1.1 40test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection 41test-36 = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point 42test-37 = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1 43test-38 = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS 44test-39 = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS 45test-40 = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate 46test-41 = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS 47test-42 = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection 48test-43 = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection 49test-44 = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names 50test-45 = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection 51test-46 = 46-TLS 1.3 Ed25519 Signature Algorithm Selection 52test-47 = 47-TLS 1.3 Ed448 Signature Algorithm Selection 53test-48 = 48-TLS 1.3 Ed25519 CipherString and Groups Selection 54test-49 = 49-TLS 1.3 Ed448 CipherString and Groups Selection 55test-50 = 50-TLS 1.3 Ed25519 Client Auth 56test-51 = 51-TLS 1.3 Ed448 Client Auth 57test-52 = 52-TLS 1.3 ECDSA with brainpool but no suitable groups 58test-53 = 53-TLS 1.3 ECDSA with brainpool 59test-54 = 54-TLS 1.2 DSA Certificate Test 60test-55 = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms 61test-56 = 56-TLS 1.3 DSA Certificate Test 62# =========================================================== 63 64[0-ECDSA CipherString Selection] 65ssl_conf = 0-ECDSA CipherString Selection-ssl 66 67[0-ECDSA CipherString Selection-ssl] 68server = 0-ECDSA CipherString Selection-server 69client = 0-ECDSA CipherString Selection-client 70 71[0-ECDSA CipherString Selection-server] 72Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 73CipherString = DEFAULT 74ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 75ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 76Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 77Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 78Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 79Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 80MaxProtocol = TLSv1.2 81PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 82 83[0-ECDSA CipherString Selection-client] 84CipherString = aECDSA 85MaxProtocol = TLSv1.2 86RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 87VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 88VerifyMode = Peer 89 90[test-0] 91ExpectedResult = Success 92ExpectedServerCANames = empty 93ExpectedServerCertType = P-256 94ExpectedServerSignType = EC 95 96 97# =========================================================== 98 99[1-ECDSA CipherString Selection] 100ssl_conf = 1-ECDSA CipherString Selection-ssl 101 102[1-ECDSA CipherString Selection-ssl] 103server = 1-ECDSA CipherString Selection-server 104client = 1-ECDSA CipherString Selection-client 105 106[1-ECDSA CipherString Selection-server] 107Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 108CipherString = DEFAULT 109ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 110ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 111Groups = P-384 112MaxProtocol = TLSv1.2 113PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 114 115[1-ECDSA CipherString Selection-client] 116CipherString = aECDSA 117Groups = P-256:P-384 118MaxProtocol = TLSv1.2 119RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 120VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 121VerifyMode = Peer 122 123[test-1] 124ExpectedResult = Success 125ExpectedServerCANames = empty 126ExpectedServerCertType = P-256 127ExpectedServerSignType = EC 128 129 130# =========================================================== 131 132[2-ECDSA CipherString Selection] 133ssl_conf = 2-ECDSA CipherString Selection-ssl 134 135[2-ECDSA CipherString Selection-ssl] 136server = 2-ECDSA CipherString Selection-server 137client = 2-ECDSA CipherString Selection-client 138 139[2-ECDSA CipherString Selection-server] 140Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 141CipherString = DEFAULT 142ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 143ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 144Groups = P-256:P-384 145MaxProtocol = TLSv1.2 146PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 147 148[2-ECDSA CipherString Selection-client] 149CipherString = aECDSA 150Groups = P-384 151MaxProtocol = TLSv1.2 152RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 153VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 154VerifyMode = Peer 155 156[test-2] 157ExpectedResult = ServerFail 158 159 160# =========================================================== 161 162[3-RSA CipherString Selection] 163ssl_conf = 3-RSA CipherString Selection-ssl 164 165[3-RSA CipherString Selection-ssl] 166server = 3-RSA CipherString Selection-server 167client = 3-RSA CipherString Selection-client 168 169[3-RSA CipherString Selection-server] 170Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 171CipherString = DEFAULT 172ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 173ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 174Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 175Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 176Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 177Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 178MaxProtocol = TLSv1.2 179PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 180 181[3-RSA CipherString Selection-client] 182CipherString = aRSA 183MaxProtocol = TLSv1.2 184VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 185VerifyMode = Peer 186 187[test-3] 188ExpectedResult = Success 189ExpectedServerCertType = RSA 190ExpectedServerSignType = RSA-PSS 191 192 193# =========================================================== 194 195[4-P-256 CipherString and Signature Algorithm Selection] 196ssl_conf = 4-P-256 CipherString and Signature Algorithm Selection-ssl 197 198[4-P-256 CipherString and Signature Algorithm Selection-ssl] 199server = 4-P-256 CipherString and Signature Algorithm Selection-server 200client = 4-P-256 CipherString and Signature Algorithm Selection-client 201 202[4-P-256 CipherString and Signature Algorithm Selection-server] 203Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 204CipherString = DEFAULT 205ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 206ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 207Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 208Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 209Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 210Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 211MaxProtocol = TLSv1.2 212PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 213 214[4-P-256 CipherString and Signature Algorithm Selection-client] 215CipherString = aECDSA 216MaxProtocol = TLSv1.2 217SignatureAlgorithms = ECDSA+SHA256:ed25519 218VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 219VerifyMode = Peer 220 221[test-4] 222ExpectedResult = Success 223ExpectedServerCertType = P-256 224ExpectedServerSignHash = SHA256 225ExpectedServerSignType = EC 226 227 228# =========================================================== 229 230[5-ECDSA CipherString Selection, no ECDSA certificate] 231ssl_conf = 5-ECDSA CipherString Selection, no ECDSA certificate-ssl 232 233[5-ECDSA CipherString Selection, no ECDSA certificate-ssl] 234server = 5-ECDSA CipherString Selection, no ECDSA certificate-server 235client = 5-ECDSA CipherString Selection, no ECDSA certificate-client 236 237[5-ECDSA CipherString Selection, no ECDSA certificate-server] 238Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 239CipherString = DEFAULT 240MaxProtocol = TLSv1.2 241PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 242 243[5-ECDSA CipherString Selection, no ECDSA certificate-client] 244CipherString = aECDSA 245MaxProtocol = TLSv1.2 246VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 247VerifyMode = Peer 248 249[test-5] 250ExpectedResult = ServerFail 251 252 253# =========================================================== 254 255[6-ECDSA Signature Algorithm Selection] 256ssl_conf = 6-ECDSA Signature Algorithm Selection-ssl 257 258[6-ECDSA Signature Algorithm Selection-ssl] 259server = 6-ECDSA Signature Algorithm Selection-server 260client = 6-ECDSA Signature Algorithm Selection-client 261 262[6-ECDSA Signature Algorithm Selection-server] 263Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 264CipherString = DEFAULT 265ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 266ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 267Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 268Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 269Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 270Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 271MaxProtocol = TLSv1.2 272PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 273 274[6-ECDSA Signature Algorithm Selection-client] 275CipherString = DEFAULT 276SignatureAlgorithms = ECDSA+SHA256 277VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 278VerifyMode = Peer 279 280[test-6] 281ExpectedResult = Success 282ExpectedServerCertType = P-256 283ExpectedServerSignHash = SHA256 284ExpectedServerSignType = EC 285 286 287# =========================================================== 288 289[7-ECDSA Signature Algorithm Selection SHA384] 290ssl_conf = 7-ECDSA Signature Algorithm Selection SHA384-ssl 291 292[7-ECDSA Signature Algorithm Selection SHA384-ssl] 293server = 7-ECDSA Signature Algorithm Selection SHA384-server 294client = 7-ECDSA Signature Algorithm Selection SHA384-client 295 296[7-ECDSA Signature Algorithm Selection SHA384-server] 297Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 298CipherString = DEFAULT 299ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 300ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 301Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 302Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 303Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 304Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 305MaxProtocol = TLSv1.2 306PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 307 308[7-ECDSA Signature Algorithm Selection SHA384-client] 309CipherString = DEFAULT 310SignatureAlgorithms = ECDSA+SHA384 311VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 312VerifyMode = Peer 313 314[test-7] 315ExpectedResult = Success 316ExpectedServerCertType = P-256 317ExpectedServerSignHash = SHA384 318ExpectedServerSignType = EC 319 320 321# =========================================================== 322 323[8-ECDSA Signature Algorithm Selection compressed point] 324ssl_conf = 8-ECDSA Signature Algorithm Selection compressed point-ssl 325 326[8-ECDSA Signature Algorithm Selection compressed point-ssl] 327server = 8-ECDSA Signature Algorithm Selection compressed point-server 328client = 8-ECDSA Signature Algorithm Selection compressed point-client 329 330[8-ECDSA Signature Algorithm Selection compressed point-server] 331Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 332CipherString = DEFAULT 333ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem 334ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem 335MaxProtocol = TLSv1.2 336PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 337 338[8-ECDSA Signature Algorithm Selection compressed point-client] 339CipherString = DEFAULT 340SignatureAlgorithms = ECDSA+SHA256 341VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 342VerifyMode = Peer 343 344[test-8] 345ExpectedResult = Success 346ExpectedServerCertType = P-256 347ExpectedServerSignHash = SHA256 348ExpectedServerSignType = EC 349 350 351# =========================================================== 352 353[9-ECDSA Signature Algorithm Selection, no ECDSA certificate] 354ssl_conf = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl 355 356[9-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] 357server = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-server 358client = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-client 359 360[9-ECDSA Signature Algorithm Selection, no ECDSA certificate-server] 361Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 362CipherString = DEFAULT 363MaxProtocol = TLSv1.2 364PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 365 366[9-ECDSA Signature Algorithm Selection, no ECDSA certificate-client] 367CipherString = DEFAULT 368SignatureAlgorithms = ECDSA+SHA256 369VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 370VerifyMode = Peer 371 372[test-9] 373ExpectedResult = ServerFail 374 375 376# =========================================================== 377 378[10-RSA Signature Algorithm Selection] 379ssl_conf = 10-RSA Signature Algorithm Selection-ssl 380 381[10-RSA Signature Algorithm Selection-ssl] 382server = 10-RSA Signature Algorithm Selection-server 383client = 10-RSA Signature Algorithm Selection-client 384 385[10-RSA Signature Algorithm Selection-server] 386Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 387CipherString = DEFAULT 388ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 389ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 390Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 391Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 392Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 393Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 394MaxProtocol = TLSv1.2 395PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 396 397[10-RSA Signature Algorithm Selection-client] 398CipherString = DEFAULT 399SignatureAlgorithms = RSA+SHA256 400VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 401VerifyMode = Peer 402 403[test-10] 404ExpectedResult = Success 405ExpectedServerCertType = RSA 406ExpectedServerSignHash = SHA256 407ExpectedServerSignType = RSA 408 409 410# =========================================================== 411 412[11-RSA-PSS Signature Algorithm Selection] 413ssl_conf = 11-RSA-PSS Signature Algorithm Selection-ssl 414 415[11-RSA-PSS Signature Algorithm Selection-ssl] 416server = 11-RSA-PSS Signature Algorithm Selection-server 417client = 11-RSA-PSS Signature Algorithm Selection-client 418 419[11-RSA-PSS Signature Algorithm Selection-server] 420Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 421CipherString = DEFAULT 422ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 423ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 424Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 425Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 426Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 427Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 428MaxProtocol = TLSv1.2 429PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 430 431[11-RSA-PSS Signature Algorithm Selection-client] 432CipherString = DEFAULT 433SignatureAlgorithms = RSA-PSS+SHA256 434VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 435VerifyMode = Peer 436 437[test-11] 438ExpectedResult = Success 439ExpectedServerCertType = RSA 440ExpectedServerSignHash = SHA256 441ExpectedServerSignType = RSA-PSS 442 443 444# =========================================================== 445 446[12-RSA key exchange with all RSA certificate types] 447ssl_conf = 12-RSA key exchange with all RSA certificate types-ssl 448 449[12-RSA key exchange with all RSA certificate types-ssl] 450server = 12-RSA key exchange with all RSA certificate types-server 451client = 12-RSA key exchange with all RSA certificate types-client 452 453[12-RSA key exchange with all RSA certificate types-server] 454Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 455CipherString = DEFAULT 456PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 457PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 458PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 459 460[12-RSA key exchange with all RSA certificate types-client] 461CipherString = kRSA 462MaxProtocol = TLSv1.2 463VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 464VerifyMode = Peer 465 466[test-12] 467ExpectedResult = Success 468ExpectedServerCertType = RSA 469 470 471# =========================================================== 472 473[13-Suite B P-256 Hash Algorithm Selection] 474ssl_conf = 13-Suite B P-256 Hash Algorithm Selection-ssl 475 476[13-Suite B P-256 Hash Algorithm Selection-ssl] 477server = 13-Suite B P-256 Hash Algorithm Selection-server 478client = 13-Suite B P-256 Hash Algorithm Selection-client 479 480[13-Suite B P-256 Hash Algorithm Selection-server] 481Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 482CipherString = SUITEB128 483ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem 484ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem 485MaxProtocol = TLSv1.2 486PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 487 488[13-Suite B P-256 Hash Algorithm Selection-client] 489CipherString = DEFAULT 490SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256 491VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem 492VerifyMode = Peer 493 494[test-13] 495ExpectedResult = Success 496ExpectedServerCertType = P-256 497ExpectedServerSignHash = SHA256 498ExpectedServerSignType = EC 499 500 501# =========================================================== 502 503[14-Suite B P-384 Hash Algorithm Selection] 504ssl_conf = 14-Suite B P-384 Hash Algorithm Selection-ssl 505 506[14-Suite B P-384 Hash Algorithm Selection-ssl] 507server = 14-Suite B P-384 Hash Algorithm Selection-server 508client = 14-Suite B P-384 Hash Algorithm Selection-client 509 510[14-Suite B P-384 Hash Algorithm Selection-server] 511Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 512CipherString = SUITEB128 513ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem 514ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem 515MaxProtocol = TLSv1.2 516PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 517 518[14-Suite B P-384 Hash Algorithm Selection-client] 519CipherString = DEFAULT 520SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384 521VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem 522VerifyMode = Peer 523 524[test-14] 525ExpectedResult = Success 526ExpectedServerCertType = P-384 527ExpectedServerSignHash = SHA384 528ExpectedServerSignType = EC 529 530 531# =========================================================== 532 533[15-Ed25519 CipherString and Signature Algorithm Selection] 534ssl_conf = 15-Ed25519 CipherString and Signature Algorithm Selection-ssl 535 536[15-Ed25519 CipherString and Signature Algorithm Selection-ssl] 537server = 15-Ed25519 CipherString and Signature Algorithm Selection-server 538client = 15-Ed25519 CipherString and Signature Algorithm Selection-client 539 540[15-Ed25519 CipherString and Signature Algorithm Selection-server] 541Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 542CipherString = DEFAULT 543ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 544ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 545Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 546Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 547Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 548Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 549MaxProtocol = TLSv1.2 550PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 551 552[15-Ed25519 CipherString and Signature Algorithm Selection-client] 553CipherString = aECDSA 554MaxProtocol = TLSv1.2 555RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 556SignatureAlgorithms = ed25519:ECDSA+SHA256 557VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 558VerifyMode = Peer 559 560[test-15] 561ExpectedResult = Success 562ExpectedServerCANames = empty 563ExpectedServerCertType = Ed25519 564ExpectedServerSignType = Ed25519 565 566 567# =========================================================== 568 569[16-Ed448 CipherString and Signature Algorithm Selection] 570ssl_conf = 16-Ed448 CipherString and Signature Algorithm Selection-ssl 571 572[16-Ed448 CipherString and Signature Algorithm Selection-ssl] 573server = 16-Ed448 CipherString and Signature Algorithm Selection-server 574client = 16-Ed448 CipherString and Signature Algorithm Selection-client 575 576[16-Ed448 CipherString and Signature Algorithm Selection-server] 577Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 578CipherString = DEFAULT 579ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 580ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 581Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 582Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 583Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 584Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 585MaxProtocol = TLSv1.2 586PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 587 588[16-Ed448 CipherString and Signature Algorithm Selection-client] 589CipherString = aECDSA 590MaxProtocol = TLSv1.2 591RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem 592SignatureAlgorithms = ed448:ECDSA+SHA256 593VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem 594VerifyMode = Peer 595 596[test-16] 597ExpectedResult = Success 598ExpectedServerCANames = empty 599ExpectedServerCertType = Ed448 600ExpectedServerSignType = Ed448 601 602 603# =========================================================== 604 605[17-TLS 1.2 Ed25519 Client Auth] 606ssl_conf = 17-TLS 1.2 Ed25519 Client Auth-ssl 607 608[17-TLS 1.2 Ed25519 Client Auth-ssl] 609server = 17-TLS 1.2 Ed25519 Client Auth-server 610client = 17-TLS 1.2 Ed25519 Client Auth-client 611 612[17-TLS 1.2 Ed25519 Client Auth-server] 613Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 614CipherString = DEFAULT 615PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 616VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 617VerifyMode = Require 618 619[17-TLS 1.2 Ed25519 Client Auth-client] 620CipherString = DEFAULT 621Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem 622Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem 623MaxProtocol = TLSv1.2 624MinProtocol = TLSv1.2 625VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 626VerifyMode = Peer 627 628[test-17] 629ExpectedClientCertType = Ed25519 630ExpectedClientSignType = Ed25519 631ExpectedResult = Success 632 633 634# =========================================================== 635 636[18-TLS 1.2 Ed448 Client Auth] 637ssl_conf = 18-TLS 1.2 Ed448 Client Auth-ssl 638 639[18-TLS 1.2 Ed448 Client Auth-ssl] 640server = 18-TLS 1.2 Ed448 Client Auth-server 641client = 18-TLS 1.2 Ed448 Client Auth-client 642 643[18-TLS 1.2 Ed448 Client Auth-server] 644Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 645CipherString = DEFAULT 646PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 647VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 648VerifyMode = Require 649 650[18-TLS 1.2 Ed448 Client Auth-client] 651CipherString = DEFAULT 652Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem 653Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem 654MaxProtocol = TLSv1.2 655MinProtocol = TLSv1.2 656VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 657VerifyMode = Peer 658 659[test-18] 660ExpectedClientCertType = Ed448 661ExpectedClientSignType = Ed448 662ExpectedResult = Success 663 664 665# =========================================================== 666 667[19-ECDSA Signature Algorithm Selection SHA1] 668ssl_conf = 19-ECDSA Signature Algorithm Selection SHA1-ssl 669 670[19-ECDSA Signature Algorithm Selection SHA1-ssl] 671server = 19-ECDSA Signature Algorithm Selection SHA1-server 672client = 19-ECDSA Signature Algorithm Selection SHA1-client 673 674[19-ECDSA Signature Algorithm Selection SHA1-server] 675Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 676CipherString = DEFAULT:@SECLEVEL=0 677ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 678ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 679Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 680Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 681Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 682Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 683MaxProtocol = TLSv1.2 684PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 685 686[19-ECDSA Signature Algorithm Selection SHA1-client] 687CipherString = DEFAULT:@SECLEVEL=0 688SignatureAlgorithms = ECDSA+SHA1 689VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 690VerifyMode = Peer 691 692[test-19] 693ExpectedResult = Success 694ExpectedServerCertType = P-256 695ExpectedServerSignHash = SHA1 696ExpectedServerSignType = EC 697 698 699# =========================================================== 700 701[20-ECDSA with brainpool] 702ssl_conf = 20-ECDSA with brainpool-ssl 703 704[20-ECDSA with brainpool-ssl] 705server = 20-ECDSA with brainpool-server 706client = 20-ECDSA with brainpool-client 707 708[20-ECDSA with brainpool-server] 709Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem 710CipherString = DEFAULT 711Groups = brainpoolP256r1 712PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem 713 714[20-ECDSA with brainpool-client] 715CipherString = aECDSA 716Groups = brainpoolP256r1 717MaxProtocol = TLSv1.2 718RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 719VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 720VerifyMode = Peer 721 722[test-20] 723ExpectedResult = Success 724ExpectedServerCANames = empty 725ExpectedServerCertType = brainpoolP256r1 726ExpectedServerSignType = EC 727 728 729# =========================================================== 730 731[21-Ed25519 CipherString and Curves Selection] 732ssl_conf = 21-Ed25519 CipherString and Curves Selection-ssl 733 734[21-Ed25519 CipherString and Curves Selection-ssl] 735server = 21-Ed25519 CipherString and Curves Selection-server 736client = 21-Ed25519 CipherString and Curves Selection-client 737 738[21-Ed25519 CipherString and Curves Selection-server] 739Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 740CipherString = DEFAULT 741ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 742ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 743Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 744Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 745Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 746Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 747MaxProtocol = TLSv1.2 748PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 749 750[21-Ed25519 CipherString and Curves Selection-client] 751CipherString = aECDSA 752Curves = X25519 753MaxProtocol = TLSv1.2 754SignatureAlgorithms = ECDSA+SHA256:ed25519 755VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 756VerifyMode = Peer 757 758[test-21] 759ExpectedResult = Success 760ExpectedServerCertType = Ed25519 761ExpectedServerSignType = Ed25519 762 763 764# =========================================================== 765 766[22-Ed448 CipherString and Curves Selection] 767ssl_conf = 22-Ed448 CipherString and Curves Selection-ssl 768 769[22-Ed448 CipherString and Curves Selection-ssl] 770server = 22-Ed448 CipherString and Curves Selection-server 771client = 22-Ed448 CipherString and Curves Selection-client 772 773[22-Ed448 CipherString and Curves Selection-server] 774Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 775CipherString = DEFAULT 776ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 777ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 778Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 779Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 780Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 781Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 782MaxProtocol = TLSv1.2 783PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 784 785[22-Ed448 CipherString and Curves Selection-client] 786CipherString = aECDSA 787Curves = X448 788MaxProtocol = TLSv1.2 789SignatureAlgorithms = ECDSA+SHA256:ed448 790VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem 791VerifyMode = Peer 792 793[test-22] 794ExpectedResult = Success 795ExpectedServerCertType = Ed448 796ExpectedServerSignType = Ed448 797 798 799# =========================================================== 800 801[23-RSA-PSS Certificate CipherString Selection] 802ssl_conf = 23-RSA-PSS Certificate CipherString Selection-ssl 803 804[23-RSA-PSS Certificate CipherString Selection-ssl] 805server = 23-RSA-PSS Certificate CipherString Selection-server 806client = 23-RSA-PSS Certificate CipherString Selection-client 807 808[23-RSA-PSS Certificate CipherString Selection-server] 809Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 810CipherString = DEFAULT 811ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 812ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 813Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 814Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 815Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 816Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 817MaxProtocol = TLSv1.2 818PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 819PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 820PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 821 822[23-RSA-PSS Certificate CipherString Selection-client] 823CipherString = aRSA 824MaxProtocol = TLSv1.2 825VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 826VerifyMode = Peer 827 828[test-23] 829ExpectedResult = Success 830ExpectedServerCertType = RSA-PSS 831ExpectedServerSignType = RSA-PSS 832 833 834# =========================================================== 835 836[24-RSA-PSS Certificate Legacy Signature Algorithm Selection] 837ssl_conf = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl 838 839[24-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl] 840server = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection-server 841client = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection-client 842 843[24-RSA-PSS Certificate Legacy Signature Algorithm Selection-server] 844Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 845CipherString = DEFAULT 846ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 847ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 848Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 849Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 850Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 851Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 852MaxProtocol = TLSv1.2 853PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 854PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 855PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 856 857[24-RSA-PSS Certificate Legacy Signature Algorithm Selection-client] 858CipherString = DEFAULT 859SignatureAlgorithms = RSA-PSS+SHA256 860VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 861VerifyMode = Peer 862 863[test-24] 864ExpectedResult = Success 865ExpectedServerCertType = RSA 866ExpectedServerSignHash = SHA256 867ExpectedServerSignType = RSA-PSS 868 869 870# =========================================================== 871 872[25-RSA-PSS Certificate Unified Signature Algorithm Selection] 873ssl_conf = 25-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl 874 875[25-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl] 876server = 25-RSA-PSS Certificate Unified Signature Algorithm Selection-server 877client = 25-RSA-PSS Certificate Unified Signature Algorithm Selection-client 878 879[25-RSA-PSS Certificate Unified Signature Algorithm Selection-server] 880Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 881CipherString = DEFAULT 882ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 883ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 884Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 885Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 886Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 887Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 888MaxProtocol = TLSv1.2 889PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 890PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 891PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 892 893[25-RSA-PSS Certificate Unified Signature Algorithm Selection-client] 894CipherString = DEFAULT 895SignatureAlgorithms = rsa_pss_pss_sha256 896VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 897VerifyMode = Peer 898 899[test-25] 900ExpectedResult = Success 901ExpectedServerCertType = RSA-PSS 902ExpectedServerSignHash = SHA256 903ExpectedServerSignType = RSA-PSS 904 905 906# =========================================================== 907 908[26-Only RSA-PSS Certificate] 909ssl_conf = 26-Only RSA-PSS Certificate-ssl 910 911[26-Only RSA-PSS Certificate-ssl] 912server = 26-Only RSA-PSS Certificate-server 913client = 26-Only RSA-PSS Certificate-client 914 915[26-Only RSA-PSS Certificate-server] 916Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 917CipherString = DEFAULT 918PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 919 920[26-Only RSA-PSS Certificate-client] 921CipherString = DEFAULT 922VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 923VerifyMode = Peer 924 925[test-26] 926ExpectedResult = Success 927ExpectedServerCertType = RSA-PSS 928ExpectedServerSignHash = SHA256 929ExpectedServerSignType = RSA-PSS 930 931 932# =========================================================== 933 934[27-Only RSA-PSS Certificate Valid Signature Algorithms] 935ssl_conf = 27-Only RSA-PSS Certificate Valid Signature Algorithms-ssl 936 937[27-Only RSA-PSS Certificate Valid Signature Algorithms-ssl] 938server = 27-Only RSA-PSS Certificate Valid Signature Algorithms-server 939client = 27-Only RSA-PSS Certificate Valid Signature Algorithms-client 940 941[27-Only RSA-PSS Certificate Valid Signature Algorithms-server] 942Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 943CipherString = DEFAULT 944PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 945 946[27-Only RSA-PSS Certificate Valid Signature Algorithms-client] 947CipherString = DEFAULT 948SignatureAlgorithms = rsa_pss_pss_sha512 949VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 950VerifyMode = Peer 951 952[test-27] 953ExpectedResult = Success 954ExpectedServerCertType = RSA-PSS 955ExpectedServerSignHash = SHA512 956ExpectedServerSignType = RSA-PSS 957 958 959# =========================================================== 960 961[28-RSA-PSS Certificate, no PSS signature algorithms] 962ssl_conf = 28-RSA-PSS Certificate, no PSS signature algorithms-ssl 963 964[28-RSA-PSS Certificate, no PSS signature algorithms-ssl] 965server = 28-RSA-PSS Certificate, no PSS signature algorithms-server 966client = 28-RSA-PSS Certificate, no PSS signature algorithms-client 967 968[28-RSA-PSS Certificate, no PSS signature algorithms-server] 969Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 970CipherString = DEFAULT 971PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 972 973[28-RSA-PSS Certificate, no PSS signature algorithms-client] 974CipherString = DEFAULT 975SignatureAlgorithms = RSA+SHA256 976VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 977VerifyMode = Peer 978 979[test-28] 980ExpectedResult = ServerFail 981 982 983# =========================================================== 984 985[29-Only RSA-PSS Restricted Certificate] 986ssl_conf = 29-Only RSA-PSS Restricted Certificate-ssl 987 988[29-Only RSA-PSS Restricted Certificate-ssl] 989server = 29-Only RSA-PSS Restricted Certificate-server 990client = 29-Only RSA-PSS Restricted Certificate-client 991 992[29-Only RSA-PSS Restricted Certificate-server] 993Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem 994CipherString = DEFAULT 995PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem 996 997[29-Only RSA-PSS Restricted Certificate-client] 998CipherString = DEFAULT 999VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1000VerifyMode = Peer 1001 1002[test-29] 1003ExpectedResult = Success 1004ExpectedServerCertType = RSA-PSS 1005ExpectedServerSignHash = SHA256 1006ExpectedServerSignType = RSA-PSS 1007 1008 1009# =========================================================== 1010 1011[30-RSA-PSS Restricted Certificate Valid Signature Algorithms] 1012ssl_conf = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl 1013 1014[30-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl] 1015server = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms-server 1016client = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms-client 1017 1018[30-RSA-PSS Restricted Certificate Valid Signature Algorithms-server] 1019Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem 1020CipherString = DEFAULT 1021PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem 1022 1023[30-RSA-PSS Restricted Certificate Valid Signature Algorithms-client] 1024CipherString = DEFAULT 1025SignatureAlgorithms = rsa_pss_pss_sha256:rsa_pss_pss_sha512 1026VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1027VerifyMode = Peer 1028 1029[test-30] 1030ExpectedResult = Success 1031ExpectedServerCertType = RSA-PSS 1032ExpectedServerSignHash = SHA256 1033ExpectedServerSignType = RSA-PSS 1034 1035 1036# =========================================================== 1037 1038[31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm] 1039ssl_conf = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl 1040 1041[31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl] 1042server = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server 1043client = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client 1044 1045[31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server] 1046Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem 1047CipherString = DEFAULT 1048PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem 1049 1050[31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client] 1051CipherString = DEFAULT 1052SignatureAlgorithms = rsa_pss_pss_sha512:rsa_pss_pss_sha256 1053VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1054VerifyMode = Peer 1055 1056[test-31] 1057ExpectedResult = Success 1058ExpectedServerCertType = RSA-PSS 1059ExpectedServerSignHash = SHA256 1060ExpectedServerSignType = RSA-PSS 1061 1062 1063# =========================================================== 1064 1065[32-RSA-PSS Restricted Certificate Invalid Signature Algorithms] 1066ssl_conf = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl 1067 1068[32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl] 1069server = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server 1070client = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client 1071 1072[32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server] 1073Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem 1074CipherString = DEFAULT 1075PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem 1076 1077[32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client] 1078CipherString = DEFAULT 1079SignatureAlgorithms = rsa_pss_pss_sha512 1080VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1081VerifyMode = Peer 1082 1083[test-32] 1084ExpectedResult = ServerFail 1085 1086 1087# =========================================================== 1088 1089[33-RSA key exchange with only RSA-PSS certificate] 1090ssl_conf = 33-RSA key exchange with only RSA-PSS certificate-ssl 1091 1092[33-RSA key exchange with only RSA-PSS certificate-ssl] 1093server = 33-RSA key exchange with only RSA-PSS certificate-server 1094client = 33-RSA key exchange with only RSA-PSS certificate-client 1095 1096[33-RSA key exchange with only RSA-PSS certificate-server] 1097Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 1098CipherString = DEFAULT 1099PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 1100 1101[33-RSA key exchange with only RSA-PSS certificate-client] 1102CipherString = kRSA 1103MaxProtocol = TLSv1.2 1104VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1105VerifyMode = Peer 1106 1107[test-33] 1108ExpectedResult = ServerFail 1109 1110 1111# =========================================================== 1112 1113[34-Only RSA-PSS Certificate, TLS v1.1] 1114ssl_conf = 34-Only RSA-PSS Certificate, TLS v1.1-ssl 1115 1116[34-Only RSA-PSS Certificate, TLS v1.1-ssl] 1117server = 34-Only RSA-PSS Certificate, TLS v1.1-server 1118client = 34-Only RSA-PSS Certificate, TLS v1.1-client 1119 1120[34-Only RSA-PSS Certificate, TLS v1.1-server] 1121Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem 1122CipherString = DEFAULT 1123PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem 1124 1125[34-Only RSA-PSS Certificate, TLS v1.1-client] 1126CipherString = DEFAULT 1127MaxProtocol = TLSv1.1 1128VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1129VerifyMode = Peer 1130 1131[test-34] 1132ExpectedResult = ServerFail 1133 1134 1135# =========================================================== 1136 1137[35-TLS 1.3 ECDSA Signature Algorithm Selection] 1138ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl 1139 1140[35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl] 1141server = 35-TLS 1.3 ECDSA Signature Algorithm Selection-server 1142client = 35-TLS 1.3 ECDSA Signature Algorithm Selection-client 1143 1144[35-TLS 1.3 ECDSA Signature Algorithm Selection-server] 1145Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1146CipherString = DEFAULT 1147ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1148ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1149Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1150Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1151Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1152Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1153MaxProtocol = TLSv1.3 1154MinProtocol = TLSv1.3 1155PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1156 1157[35-TLS 1.3 ECDSA Signature Algorithm Selection-client] 1158CipherString = DEFAULT 1159SignatureAlgorithms = ECDSA+SHA256 1160VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1161VerifyMode = Peer 1162 1163[test-35] 1164ExpectedResult = Success 1165ExpectedServerCANames = empty 1166ExpectedServerCertType = P-256 1167ExpectedServerSignHash = SHA256 1168ExpectedServerSignType = EC 1169 1170 1171# =========================================================== 1172 1173[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point] 1174ssl_conf = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl 1175 1176[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl] 1177server = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server 1178client = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client 1179 1180[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server] 1181Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1182CipherString = DEFAULT 1183ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem 1184ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem 1185MaxProtocol = TLSv1.3 1186MinProtocol = TLSv1.3 1187PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1188 1189[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client] 1190CipherString = DEFAULT 1191SignatureAlgorithms = ECDSA+SHA256 1192VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1193VerifyMode = Peer 1194 1195[test-36] 1196ExpectedResult = Success 1197ExpectedServerCANames = empty 1198ExpectedServerCertType = P-256 1199ExpectedServerSignHash = SHA256 1200ExpectedServerSignType = EC 1201 1202 1203# =========================================================== 1204 1205[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1] 1206ssl_conf = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl 1207 1208[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl] 1209server = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server 1210client = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client 1211 1212[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server] 1213Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1214CipherString = DEFAULT:@SECLEVEL=0 1215ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1216ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1217Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1218Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1219Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1220Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1221MaxProtocol = TLSv1.3 1222MinProtocol = TLSv1.3 1223PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1224 1225[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client] 1226CipherString = DEFAULT:@SECLEVEL=0 1227SignatureAlgorithms = ECDSA+SHA1 1228VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1229VerifyMode = Peer 1230 1231[test-37] 1232ExpectedResult = ServerFail 1233 1234 1235# =========================================================== 1236 1237[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS] 1238ssl_conf = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl 1239 1240[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl] 1241server = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server 1242client = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client 1243 1244[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server] 1245Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1246CipherString = DEFAULT 1247ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1248ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1249Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1250Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1251Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1252Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1253MaxProtocol = TLSv1.3 1254MinProtocol = TLSv1.3 1255PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1256 1257[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client] 1258CipherString = DEFAULT 1259RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1260SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256 1261VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1262VerifyMode = Peer 1263 1264[test-38] 1265ExpectedResult = Success 1266ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1267ExpectedServerCertType = P-256 1268ExpectedServerSignHash = SHA256 1269ExpectedServerSignType = EC 1270 1271 1272# =========================================================== 1273 1274[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS] 1275ssl_conf = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl 1276 1277[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl] 1278server = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server 1279client = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client 1280 1281[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server] 1282Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1283CipherString = DEFAULT 1284ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1285ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1286Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1287Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1288Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1289Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1290MaxProtocol = TLSv1.3 1291MinProtocol = TLSv1.3 1292PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1293 1294[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client] 1295CipherString = DEFAULT 1296SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384 1297VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1298VerifyMode = Peer 1299 1300[test-39] 1301ExpectedResult = Success 1302ExpectedServerCertType = RSA 1303ExpectedServerSignHash = SHA384 1304ExpectedServerSignType = RSA-PSS 1305 1306 1307# =========================================================== 1308 1309[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate] 1310ssl_conf = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl 1311 1312[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl] 1313server = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server 1314client = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client 1315 1316[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server] 1317Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1318CipherString = DEFAULT 1319MaxProtocol = TLSv1.3 1320MinProtocol = TLSv1.3 1321PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1322 1323[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client] 1324CipherString = DEFAULT 1325SignatureAlgorithms = ECDSA+SHA256 1326VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1327VerifyMode = Peer 1328 1329[test-40] 1330ExpectedResult = ServerFail 1331 1332 1333# =========================================================== 1334 1335[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS] 1336ssl_conf = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl 1337 1338[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl] 1339server = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server 1340client = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client 1341 1342[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server] 1343Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1344CipherString = DEFAULT 1345ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1346ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1347Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1348Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1349Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1350Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1351MaxProtocol = TLSv1.3 1352MinProtocol = TLSv1.3 1353PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1354 1355[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client] 1356CipherString = DEFAULT 1357SignatureAlgorithms = RSA+SHA256 1358VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1359VerifyMode = Peer 1360 1361[test-41] 1362ExpectedResult = ServerFail 1363 1364 1365# =========================================================== 1366 1367[42-TLS 1.3 RSA-PSS Signature Algorithm Selection] 1368ssl_conf = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl 1369 1370[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl] 1371server = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server 1372client = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client 1373 1374[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server] 1375Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1376CipherString = DEFAULT 1377ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1378ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1379Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1380Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1381Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1382Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1383MaxProtocol = TLSv1.3 1384MinProtocol = TLSv1.3 1385PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1386 1387[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client] 1388CipherString = DEFAULT 1389SignatureAlgorithms = RSA-PSS+SHA256 1390VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1391VerifyMode = Peer 1392 1393[test-42] 1394ExpectedResult = Success 1395ExpectedServerCertType = RSA 1396ExpectedServerSignHash = SHA256 1397ExpectedServerSignType = RSA-PSS 1398 1399 1400# =========================================================== 1401 1402[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection] 1403ssl_conf = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl 1404 1405[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl] 1406server = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server 1407client = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client 1408 1409[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server] 1410Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1411CipherString = DEFAULT 1412ClientSignatureAlgorithms = PSS+SHA256 1413PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1414VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1415VerifyMode = Require 1416 1417[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client] 1418CipherString = DEFAULT 1419ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem 1420ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem 1421MaxProtocol = TLSv1.3 1422MinProtocol = TLSv1.3 1423RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1424RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1425VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1426VerifyMode = Peer 1427 1428[test-43] 1429ExpectedClientCANames = empty 1430ExpectedClientCertType = RSA 1431ExpectedClientSignHash = SHA256 1432ExpectedClientSignType = RSA-PSS 1433ExpectedResult = Success 1434 1435 1436# =========================================================== 1437 1438[44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names] 1439ssl_conf = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl 1440 1441[44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl] 1442server = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server 1443client = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client 1444 1445[44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server] 1446Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1447CipherString = DEFAULT 1448ClientSignatureAlgorithms = PSS+SHA256 1449PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1450RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1451VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1452VerifyMode = Require 1453 1454[44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client] 1455CipherString = DEFAULT 1456ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem 1457ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem 1458MaxProtocol = TLSv1.3 1459MinProtocol = TLSv1.3 1460RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1461RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1462VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1463VerifyMode = Peer 1464 1465[test-44] 1466ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1467ExpectedClientCertType = RSA 1468ExpectedClientSignHash = SHA256 1469ExpectedClientSignType = RSA-PSS 1470ExpectedResult = Success 1471 1472 1473# =========================================================== 1474 1475[45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection] 1476ssl_conf = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl 1477 1478[45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl] 1479server = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server 1480client = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client 1481 1482[45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server] 1483Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1484CipherString = DEFAULT 1485ClientSignatureAlgorithms = ECDSA+SHA256 1486PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1487VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1488VerifyMode = Require 1489 1490[45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client] 1491CipherString = DEFAULT 1492ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem 1493ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem 1494MaxProtocol = TLSv1.3 1495MinProtocol = TLSv1.3 1496RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem 1497RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem 1498VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1499VerifyMode = Peer 1500 1501[test-45] 1502ExpectedClientCertType = P-256 1503ExpectedClientSignHash = SHA256 1504ExpectedClientSignType = EC 1505ExpectedResult = Success 1506 1507 1508# =========================================================== 1509 1510[46-TLS 1.3 Ed25519 Signature Algorithm Selection] 1511ssl_conf = 46-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl 1512 1513[46-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl] 1514server = 46-TLS 1.3 Ed25519 Signature Algorithm Selection-server 1515client = 46-TLS 1.3 Ed25519 Signature Algorithm Selection-client 1516 1517[46-TLS 1.3 Ed25519 Signature Algorithm Selection-server] 1518Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1519CipherString = DEFAULT 1520ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1521ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1522Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1523Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1524Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1525Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1526MaxProtocol = TLSv1.3 1527MinProtocol = TLSv1.3 1528PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1529 1530[46-TLS 1.3 Ed25519 Signature Algorithm Selection-client] 1531CipherString = DEFAULT 1532SignatureAlgorithms = ed25519 1533VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1534VerifyMode = Peer 1535 1536[test-46] 1537ExpectedResult = Success 1538ExpectedServerCertType = Ed25519 1539ExpectedServerSignType = Ed25519 1540 1541 1542# =========================================================== 1543 1544[47-TLS 1.3 Ed448 Signature Algorithm Selection] 1545ssl_conf = 47-TLS 1.3 Ed448 Signature Algorithm Selection-ssl 1546 1547[47-TLS 1.3 Ed448 Signature Algorithm Selection-ssl] 1548server = 47-TLS 1.3 Ed448 Signature Algorithm Selection-server 1549client = 47-TLS 1.3 Ed448 Signature Algorithm Selection-client 1550 1551[47-TLS 1.3 Ed448 Signature Algorithm Selection-server] 1552Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1553CipherString = DEFAULT 1554ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1555ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1556Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1557Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1558Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1559Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1560MaxProtocol = TLSv1.3 1561MinProtocol = TLSv1.3 1562PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1563 1564[47-TLS 1.3 Ed448 Signature Algorithm Selection-client] 1565CipherString = DEFAULT 1566SignatureAlgorithms = ed448 1567VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem 1568VerifyMode = Peer 1569 1570[test-47] 1571ExpectedResult = Success 1572ExpectedServerCertType = Ed448 1573ExpectedServerSignType = Ed448 1574 1575 1576# =========================================================== 1577 1578[48-TLS 1.3 Ed25519 CipherString and Groups Selection] 1579ssl_conf = 48-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl 1580 1581[48-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl] 1582server = 48-TLS 1.3 Ed25519 CipherString and Groups Selection-server 1583client = 48-TLS 1.3 Ed25519 CipherString and Groups Selection-client 1584 1585[48-TLS 1.3 Ed25519 CipherString and Groups Selection-server] 1586Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1587CipherString = DEFAULT 1588ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1589ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1590Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1591Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1592Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1593Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1594MaxProtocol = TLSv1.3 1595MinProtocol = TLSv1.3 1596PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1597 1598[48-TLS 1.3 Ed25519 CipherString and Groups Selection-client] 1599CipherString = DEFAULT 1600Groups = X25519 1601SignatureAlgorithms = ECDSA+SHA256:ed25519 1602VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1603VerifyMode = Peer 1604 1605[test-48] 1606ExpectedResult = Success 1607ExpectedServerCertType = P-256 1608ExpectedServerSignType = EC 1609 1610 1611# =========================================================== 1612 1613[49-TLS 1.3 Ed448 CipherString and Groups Selection] 1614ssl_conf = 49-TLS 1.3 Ed448 CipherString and Groups Selection-ssl 1615 1616[49-TLS 1.3 Ed448 CipherString and Groups Selection-ssl] 1617server = 49-TLS 1.3 Ed448 CipherString and Groups Selection-server 1618client = 49-TLS 1.3 Ed448 CipherString and Groups Selection-client 1619 1620[49-TLS 1.3 Ed448 CipherString and Groups Selection-server] 1621Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1622CipherString = DEFAULT 1623ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 1624ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 1625Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 1626Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 1627Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 1628Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 1629MaxProtocol = TLSv1.3 1630MinProtocol = TLSv1.3 1631PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1632 1633[49-TLS 1.3 Ed448 CipherString and Groups Selection-client] 1634CipherString = DEFAULT 1635Groups = X448 1636SignatureAlgorithms = ECDSA+SHA256:ed448 1637VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1638VerifyMode = Peer 1639 1640[test-49] 1641ExpectedResult = Success 1642ExpectedServerCertType = P-256 1643ExpectedServerSignType = EC 1644 1645 1646# =========================================================== 1647 1648[50-TLS 1.3 Ed25519 Client Auth] 1649ssl_conf = 50-TLS 1.3 Ed25519 Client Auth-ssl 1650 1651[50-TLS 1.3 Ed25519 Client Auth-ssl] 1652server = 50-TLS 1.3 Ed25519 Client Auth-server 1653client = 50-TLS 1.3 Ed25519 Client Auth-client 1654 1655[50-TLS 1.3 Ed25519 Client Auth-server] 1656Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1657CipherString = DEFAULT 1658PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1659VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1660VerifyMode = Require 1661 1662[50-TLS 1.3 Ed25519 Client Auth-client] 1663CipherString = DEFAULT 1664EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem 1665EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem 1666MaxProtocol = TLSv1.3 1667MinProtocol = TLSv1.3 1668VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1669VerifyMode = Peer 1670 1671[test-50] 1672ExpectedClientCertType = Ed25519 1673ExpectedClientSignType = Ed25519 1674ExpectedResult = Success 1675 1676 1677# =========================================================== 1678 1679[51-TLS 1.3 Ed448 Client Auth] 1680ssl_conf = 51-TLS 1.3 Ed448 Client Auth-ssl 1681 1682[51-TLS 1.3 Ed448 Client Auth-ssl] 1683server = 51-TLS 1.3 Ed448 Client Auth-server 1684client = 51-TLS 1.3 Ed448 Client Auth-client 1685 1686[51-TLS 1.3 Ed448 Client Auth-server] 1687Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1688CipherString = DEFAULT 1689PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1690VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1691VerifyMode = Require 1692 1693[51-TLS 1.3 Ed448 Client Auth-client] 1694CipherString = DEFAULT 1695EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem 1696EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem 1697MaxProtocol = TLSv1.3 1698MinProtocol = TLSv1.3 1699VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1700VerifyMode = Peer 1701 1702[test-51] 1703ExpectedClientCertType = Ed448 1704ExpectedClientSignType = Ed448 1705ExpectedResult = Success 1706 1707 1708# =========================================================== 1709 1710[52-TLS 1.3 ECDSA with brainpool but no suitable groups] 1711ssl_conf = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-ssl 1712 1713[52-TLS 1.3 ECDSA with brainpool but no suitable groups-ssl] 1714server = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-server 1715client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client 1716 1717[52-TLS 1.3 ECDSA with brainpool but no suitable groups-server] 1718Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem 1719CipherString = DEFAULT 1720Groups = brainpoolP256r1 1721PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem 1722 1723[52-TLS 1.3 ECDSA with brainpool but no suitable groups-client] 1724CipherString = aECDSA 1725Groups = brainpoolP256r1 1726RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1727VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1728VerifyMode = Peer 1729 1730[test-52] 1731ExpectedResult = ClientFail 1732 1733 1734# =========================================================== 1735 1736[53-TLS 1.3 ECDSA with brainpool] 1737ssl_conf = 53-TLS 1.3 ECDSA with brainpool-ssl 1738 1739[53-TLS 1.3 ECDSA with brainpool-ssl] 1740server = 53-TLS 1.3 ECDSA with brainpool-server 1741client = 53-TLS 1.3 ECDSA with brainpool-client 1742 1743[53-TLS 1.3 ECDSA with brainpool-server] 1744Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem 1745CipherString = DEFAULT 1746PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem 1747 1748[53-TLS 1.3 ECDSA with brainpool-client] 1749CipherString = DEFAULT 1750MaxProtocol = TLSv1.3 1751MinProtocol = TLSv1.3 1752RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1753VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1754VerifyMode = Peer 1755 1756[test-53] 1757ExpectedResult = ServerFail 1758 1759 1760# =========================================================== 1761 1762[54-TLS 1.2 DSA Certificate Test] 1763ssl_conf = 54-TLS 1.2 DSA Certificate Test-ssl 1764 1765[54-TLS 1.2 DSA Certificate Test-ssl] 1766server = 54-TLS 1.2 DSA Certificate Test-server 1767client = 54-TLS 1.2 DSA Certificate Test-client 1768 1769[54-TLS 1.2 DSA Certificate Test-server] 1770Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1771CipherString = ALL 1772DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem 1773DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem 1774DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem 1775MaxProtocol = TLSv1.2 1776MinProtocol = TLSv1.2 1777PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1778 1779[54-TLS 1.2 DSA Certificate Test-client] 1780CipherString = ALL 1781SignatureAlgorithms = DSA+SHA256:DSA+SHA1 1782VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1783VerifyMode = Peer 1784 1785[test-54] 1786ExpectedResult = Success 1787 1788 1789# =========================================================== 1790 1791[55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms] 1792ssl_conf = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl 1793 1794[55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl] 1795server = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server 1796client = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client 1797 1798[55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server] 1799Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1800CipherString = DEFAULT 1801ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256 1802PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1803VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1804VerifyMode = Request 1805 1806[55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client] 1807CipherString = DEFAULT 1808VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1809VerifyMode = Peer 1810 1811[test-55] 1812ExpectedResult = ServerFail 1813 1814 1815# =========================================================== 1816 1817[56-TLS 1.3 DSA Certificate Test] 1818ssl_conf = 56-TLS 1.3 DSA Certificate Test-ssl 1819 1820[56-TLS 1.3 DSA Certificate Test-ssl] 1821server = 56-TLS 1.3 DSA Certificate Test-server 1822client = 56-TLS 1.3 DSA Certificate Test-client 1823 1824[56-TLS 1.3 DSA Certificate Test-server] 1825Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 1826CipherString = ALL 1827DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem 1828DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem 1829MaxProtocol = TLSv1.3 1830MinProtocol = TLSv1.3 1831PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 1832 1833[56-TLS 1.3 DSA Certificate Test-client] 1834CipherString = ALL 1835SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256 1836VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 1837VerifyMode = Peer 1838 1839[test-56] 1840ExpectedResult = ServerFail 1841 1842 1843