xref: /freebsd/crypto/openssl/test/ssl-tests/20-cert-select.cnf (revision df21a004be237a1dccd03c7b47254625eea62fa9) 
1# Generated with generate_ssl_tests.pl
2
3num_tests = 58
4
5test-0 = 0-ECDSA CipherString Selection
6test-1 = 1-ECDSA CipherString Selection
7test-2 = 2-ECDSA CipherString Selection
8test-3 = 3-RSA CipherString Selection
9test-4 = 4-P-256 CipherString and Signature Algorithm Selection
10test-5 = 5-ECDSA CipherString Selection, no ECDSA certificate
11test-6 = 6-ECDSA Signature Algorithm Selection
12test-7 = 7-ECDSA Signature Algorithm Selection SHA384
13test-8 = 8-ECDSA Signature Algorithm Selection compressed point
14test-9 = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate
15test-10 = 10-RSA Signature Algorithm Selection
16test-11 = 11-RSA-PSS Signature Algorithm Selection
17test-12 = 12-RSA key exchange with all RSA certificate types
18test-13 = 13-Suite B P-256 Hash Algorithm Selection
19test-14 = 14-Suite B P-384 Hash Algorithm Selection
20test-15 = 15-Ed25519 CipherString and Signature Algorithm Selection
21test-16 = 16-Ed448 CipherString and Signature Algorithm Selection
22test-17 = 17-TLS 1.2 Ed25519 Client Auth
23test-18 = 18-TLS 1.2 Ed448 Client Auth
24test-19 = 19-ECDSA Signature Algorithm Selection SHA1
25test-20 = 20-ECDSA with brainpool
26test-21 = 21-Ed25519 CipherString and Curves Selection
27test-22 = 22-Ed448 CipherString and Curves Selection
28test-23 = 23-RSA-PSS Certificate CipherString Selection
29test-24 = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection
30test-25 = 25-RSA-PSS Certificate Unified Signature Algorithm Selection
31test-26 = 26-Only RSA-PSS Certificate
32test-27 = 27-Only RSA-PSS Certificate Valid Signature Algorithms
33test-28 = 28-RSA-PSS Certificate, no PSS signature algorithms
34test-29 = 29-Only RSA-PSS Restricted Certificate
35test-30 = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms
36test-31 = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm
37test-32 = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms
38test-33 = 33-RSA key exchange with only RSA-PSS certificate
39test-34 = 34-Only RSA-PSS Certificate, TLS v1.1
40test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection
41test-36 = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
42test-37 = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
43test-38 = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
44test-39 = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
45test-40 = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
46test-41 = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS
47test-42 = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection
48test-43 = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection
49test-44 = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names
50test-45 = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
51test-46 = 46-TLS 1.3 Ed25519 Signature Algorithm Selection
52test-47 = 47-TLS 1.3 Ed448 Signature Algorithm Selection
53test-48 = 48-TLS 1.3 Ed25519 CipherString and Groups Selection
54test-49 = 49-TLS 1.3 Ed448 CipherString and Groups Selection
55test-50 = 50-TLS 1.3 Ed25519 Client Auth
56test-51 = 51-TLS 1.3 Ed448 Client Auth
57test-52 = 52-TLS 1.3 ECDSA with brainpool but no suitable groups
58test-53 = 53-TLS 1.3 ECDSA with brainpool
59test-54 = 54-TLS 1.2 DSA Certificate Test
60test-55 = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
61test-56 = 56-TLS 1.3 DSA Certificate Test
62test-57 = 57-TLS 1.3 ML-DSA Certificate Test
63# ===========================================================
64
65[0-ECDSA CipherString Selection]
66ssl_conf = 0-ECDSA CipherString Selection-ssl
67
68[0-ECDSA CipherString Selection-ssl]
69server = 0-ECDSA CipherString Selection-server
70client = 0-ECDSA CipherString Selection-client
71
72[0-ECDSA CipherString Selection-server]
73Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
74CipherString = DEFAULT
75ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
76ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
77Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
78Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
79Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
80Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
81MaxProtocol = TLSv1.2
82PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
83
84[0-ECDSA CipherString Selection-client]
85CipherString = aECDSA
86MaxProtocol = TLSv1.2
87RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
88VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
89VerifyMode = Peer
90
91[test-0]
92ExpectedResult = Success
93ExpectedServerCANames = empty
94ExpectedServerCertType = P-256
95ExpectedServerSignType = EC
96
97
98# ===========================================================
99
100[1-ECDSA CipherString Selection]
101ssl_conf = 1-ECDSA CipherString Selection-ssl
102
103[1-ECDSA CipherString Selection-ssl]
104server = 1-ECDSA CipherString Selection-server
105client = 1-ECDSA CipherString Selection-client
106
107[1-ECDSA CipherString Selection-server]
108Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
109CipherString = DEFAULT
110ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
111ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
112Groups = P-384
113MaxProtocol = TLSv1.2
114PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
115
116[1-ECDSA CipherString Selection-client]
117CipherString = aECDSA
118Groups = P-256:P-384
119MaxProtocol = TLSv1.2
120RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
121VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
122VerifyMode = Peer
123
124[test-1]
125ExpectedResult = Success
126ExpectedServerCANames = empty
127ExpectedServerCertType = P-256
128ExpectedServerSignType = EC
129
130
131# ===========================================================
132
133[2-ECDSA CipherString Selection]
134ssl_conf = 2-ECDSA CipherString Selection-ssl
135
136[2-ECDSA CipherString Selection-ssl]
137server = 2-ECDSA CipherString Selection-server
138client = 2-ECDSA CipherString Selection-client
139
140[2-ECDSA CipherString Selection-server]
141Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
142CipherString = DEFAULT
143ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
144ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
145Groups = P-256:P-384
146MaxProtocol = TLSv1.2
147PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
148
149[2-ECDSA CipherString Selection-client]
150CipherString = aECDSA
151Groups = P-384
152MaxProtocol = TLSv1.2
153RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
154VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
155VerifyMode = Peer
156
157[test-2]
158ExpectedResult = ServerFail
159
160
161# ===========================================================
162
163[3-RSA CipherString Selection]
164ssl_conf = 3-RSA CipherString Selection-ssl
165
166[3-RSA CipherString Selection-ssl]
167server = 3-RSA CipherString Selection-server
168client = 3-RSA CipherString Selection-client
169
170[3-RSA CipherString Selection-server]
171Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
172CipherString = DEFAULT
173ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
174ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
175Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
176Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
177Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
178Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
179MaxProtocol = TLSv1.2
180PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
181
182[3-RSA CipherString Selection-client]
183CipherString = aRSA
184MaxProtocol = TLSv1.2
185VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
186VerifyMode = Peer
187
188[test-3]
189ExpectedResult = Success
190ExpectedServerCertType = RSA
191ExpectedServerSignType = RSA-PSS
192
193
194# ===========================================================
195
196[4-P-256 CipherString and Signature Algorithm Selection]
197ssl_conf = 4-P-256 CipherString and Signature Algorithm Selection-ssl
198
199[4-P-256 CipherString and Signature Algorithm Selection-ssl]
200server = 4-P-256 CipherString and Signature Algorithm Selection-server
201client = 4-P-256 CipherString and Signature Algorithm Selection-client
202
203[4-P-256 CipherString and Signature Algorithm Selection-server]
204Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
205CipherString = DEFAULT
206ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
207ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
208Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
209Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
210Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
211Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
212MaxProtocol = TLSv1.2
213PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
214
215[4-P-256 CipherString and Signature Algorithm Selection-client]
216CipherString = aECDSA
217MaxProtocol = TLSv1.2
218SignatureAlgorithms = ecdSA+SHA256:eD25519
219VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
220VerifyMode = Peer
221
222[test-4]
223ExpectedResult = Success
224ExpectedServerCertType = P-256
225ExpectedServerSignHash = SHA256
226ExpectedServerSignType = EC
227
228
229# ===========================================================
230
231[5-ECDSA CipherString Selection, no ECDSA certificate]
232ssl_conf = 5-ECDSA CipherString Selection, no ECDSA certificate-ssl
233
234[5-ECDSA CipherString Selection, no ECDSA certificate-ssl]
235server = 5-ECDSA CipherString Selection, no ECDSA certificate-server
236client = 5-ECDSA CipherString Selection, no ECDSA certificate-client
237
238[5-ECDSA CipherString Selection, no ECDSA certificate-server]
239Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
240CipherString = DEFAULT
241MaxProtocol = TLSv1.2
242PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
243
244[5-ECDSA CipherString Selection, no ECDSA certificate-client]
245CipherString = aECDSA
246MaxProtocol = TLSv1.2
247VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
248VerifyMode = Peer
249
250[test-5]
251ExpectedResult = ServerFail
252
253
254# ===========================================================
255
256[6-ECDSA Signature Algorithm Selection]
257ssl_conf = 6-ECDSA Signature Algorithm Selection-ssl
258
259[6-ECDSA Signature Algorithm Selection-ssl]
260server = 6-ECDSA Signature Algorithm Selection-server
261client = 6-ECDSA Signature Algorithm Selection-client
262
263[6-ECDSA Signature Algorithm Selection-server]
264Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
265CipherString = DEFAULT
266ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
267ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
268Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
269Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
270Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
271Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
272MaxProtocol = TLSv1.2
273PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
274
275[6-ECDSA Signature Algorithm Selection-client]
276CipherString = DEFAULT
277SignatureAlgorithms = eCDsa+SHA256
278VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
279VerifyMode = Peer
280
281[test-6]
282ExpectedResult = Success
283ExpectedServerCertType = P-256
284ExpectedServerSignHash = SHA256
285ExpectedServerSignType = EC
286
287
288# ===========================================================
289
290[7-ECDSA Signature Algorithm Selection SHA384]
291ssl_conf = 7-ECDSA Signature Algorithm Selection SHA384-ssl
292
293[7-ECDSA Signature Algorithm Selection SHA384-ssl]
294server = 7-ECDSA Signature Algorithm Selection SHA384-server
295client = 7-ECDSA Signature Algorithm Selection SHA384-client
296
297[7-ECDSA Signature Algorithm Selection SHA384-server]
298Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
299CipherString = DEFAULT
300ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
301ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
302Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
303Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
304Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
305Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
306MaxProtocol = TLSv1.2
307PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
308
309[7-ECDSA Signature Algorithm Selection SHA384-client]
310CipherString = DEFAULT
311SignatureAlgorithms = eCdSa+SHA384
312VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
313VerifyMode = Peer
314
315[test-7]
316ExpectedResult = Success
317ExpectedServerCertType = P-256
318ExpectedServerSignHash = SHA384
319ExpectedServerSignType = EC
320
321
322# ===========================================================
323
324[8-ECDSA Signature Algorithm Selection compressed point]
325ssl_conf = 8-ECDSA Signature Algorithm Selection compressed point-ssl
326
327[8-ECDSA Signature Algorithm Selection compressed point-ssl]
328server = 8-ECDSA Signature Algorithm Selection compressed point-server
329client = 8-ECDSA Signature Algorithm Selection compressed point-client
330
331[8-ECDSA Signature Algorithm Selection compressed point-server]
332Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
333CipherString = DEFAULT
334ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
335ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
336MaxProtocol = TLSv1.2
337PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
338
339[8-ECDSA Signature Algorithm Selection compressed point-client]
340CipherString = DEFAULT
341SignatureAlgorithms = EcDsA+SHA256
342VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
343VerifyMode = Peer
344
345[test-8]
346ExpectedResult = Success
347ExpectedServerCertType = P-256
348ExpectedServerSignHash = SHA256
349ExpectedServerSignType = EC
350
351
352# ===========================================================
353
354[9-ECDSA Signature Algorithm Selection, no ECDSA certificate]
355ssl_conf = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
356
357[9-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
358server = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
359client = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
360
361[9-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
362Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
363CipherString = DEFAULT
364MaxProtocol = TLSv1.2
365PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
366
367[9-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
368CipherString = DEFAULT
369SignatureAlgorithms = eCdsA+SHA256
370VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
371VerifyMode = Peer
372
373[test-9]
374ExpectedResult = ServerFail
375
376
377# ===========================================================
378
379[10-RSA Signature Algorithm Selection]
380ssl_conf = 10-RSA Signature Algorithm Selection-ssl
381
382[10-RSA Signature Algorithm Selection-ssl]
383server = 10-RSA Signature Algorithm Selection-server
384client = 10-RSA Signature Algorithm Selection-client
385
386[10-RSA Signature Algorithm Selection-server]
387Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
388CipherString = DEFAULT
389ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
390ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
391Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
392Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
393Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
394Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
395MaxProtocol = TLSv1.2
396PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
397
398[10-RSA Signature Algorithm Selection-client]
399CipherString = DEFAULT
400SignatureAlgorithms = rsA+SHA256
401VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
402VerifyMode = Peer
403
404[test-10]
405ExpectedResult = Success
406ExpectedServerCertType = RSA
407ExpectedServerSignHash = SHA256
408ExpectedServerSignType = RSA
409
410
411# ===========================================================
412
413[11-RSA-PSS Signature Algorithm Selection]
414ssl_conf = 11-RSA-PSS Signature Algorithm Selection-ssl
415
416[11-RSA-PSS Signature Algorithm Selection-ssl]
417server = 11-RSA-PSS Signature Algorithm Selection-server
418client = 11-RSA-PSS Signature Algorithm Selection-client
419
420[11-RSA-PSS Signature Algorithm Selection-server]
421Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
422CipherString = DEFAULT
423ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
424ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
425Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
426Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
427Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
428Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
429MaxProtocol = TLSv1.2
430PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
431
432[11-RSA-PSS Signature Algorithm Selection-client]
433CipherString = DEFAULT
434SignatureAlgorithms = RSA-pss+SHA256
435VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
436VerifyMode = Peer
437
438[test-11]
439ExpectedResult = Success
440ExpectedServerCertType = RSA
441ExpectedServerSignHash = SHA256
442ExpectedServerSignType = RSA-PSS
443
444
445# ===========================================================
446
447[12-RSA key exchange with all RSA certificate types]
448ssl_conf = 12-RSA key exchange with all RSA certificate types-ssl
449
450[12-RSA key exchange with all RSA certificate types-ssl]
451server = 12-RSA key exchange with all RSA certificate types-server
452client = 12-RSA key exchange with all RSA certificate types-client
453
454[12-RSA key exchange with all RSA certificate types-server]
455Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
456CipherString = DEFAULT
457PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
458PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
459PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
460
461[12-RSA key exchange with all RSA certificate types-client]
462CipherString = kRSA
463MaxProtocol = TLSv1.2
464VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
465VerifyMode = Peer
466
467[test-12]
468ExpectedResult = Success
469ExpectedServerCertType = RSA
470
471
472# ===========================================================
473
474[13-Suite B P-256 Hash Algorithm Selection]
475ssl_conf = 13-Suite B P-256 Hash Algorithm Selection-ssl
476
477[13-Suite B P-256 Hash Algorithm Selection-ssl]
478server = 13-Suite B P-256 Hash Algorithm Selection-server
479client = 13-Suite B P-256 Hash Algorithm Selection-client
480
481[13-Suite B P-256 Hash Algorithm Selection-server]
482Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
483CipherString = SUITEB128
484ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
485ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem
486MaxProtocol = TLSv1.2
487PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
488
489[13-Suite B P-256 Hash Algorithm Selection-client]
490CipherString = DEFAULT
491SignatureAlgorithms = eCdsA+SHA384:ECdSA+SHA256
492VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
493VerifyMode = Peer
494
495[test-13]
496ExpectedResult = Success
497ExpectedServerCertType = P-256
498ExpectedServerSignHash = SHA256
499ExpectedServerSignType = EC
500
501
502# ===========================================================
503
504[14-Suite B P-384 Hash Algorithm Selection]
505ssl_conf = 14-Suite B P-384 Hash Algorithm Selection-ssl
506
507[14-Suite B P-384 Hash Algorithm Selection-ssl]
508server = 14-Suite B P-384 Hash Algorithm Selection-server
509client = 14-Suite B P-384 Hash Algorithm Selection-client
510
511[14-Suite B P-384 Hash Algorithm Selection-server]
512Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
513CipherString = SUITEB128
514ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
515ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
516MaxProtocol = TLSv1.2
517PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
518
519[14-Suite B P-384 Hash Algorithm Selection-client]
520CipherString = DEFAULT
521SignatureAlgorithms = EcdSA+SHA256:ECDSA+SHA384
522VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
523VerifyMode = Peer
524
525[test-14]
526ExpectedResult = Success
527ExpectedServerCertType = P-384
528ExpectedServerSignHash = SHA384
529ExpectedServerSignType = EC
530
531
532# ===========================================================
533
534[15-Ed25519 CipherString and Signature Algorithm Selection]
535ssl_conf = 15-Ed25519 CipherString and Signature Algorithm Selection-ssl
536
537[15-Ed25519 CipherString and Signature Algorithm Selection-ssl]
538server = 15-Ed25519 CipherString and Signature Algorithm Selection-server
539client = 15-Ed25519 CipherString and Signature Algorithm Selection-client
540
541[15-Ed25519 CipherString and Signature Algorithm Selection-server]
542Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
543CipherString = DEFAULT
544ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
545ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
546Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
547Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
548Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
549Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
550MaxProtocol = TLSv1.2
551PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
552
553[15-Ed25519 CipherString and Signature Algorithm Selection-client]
554CipherString = aECDSA
555MaxProtocol = TLSv1.2
556RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
557SignatureAlgorithms = eD25519:eCdsa+SHA256
558VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
559VerifyMode = Peer
560
561[test-15]
562ExpectedResult = Success
563ExpectedServerCANames = empty
564ExpectedServerCertType = Ed25519
565ExpectedServerSignType = Ed25519
566
567
568# ===========================================================
569
570[16-Ed448 CipherString and Signature Algorithm Selection]
571ssl_conf = 16-Ed448 CipherString and Signature Algorithm Selection-ssl
572
573[16-Ed448 CipherString and Signature Algorithm Selection-ssl]
574server = 16-Ed448 CipherString and Signature Algorithm Selection-server
575client = 16-Ed448 CipherString and Signature Algorithm Selection-client
576
577[16-Ed448 CipherString and Signature Algorithm Selection-server]
578Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
579CipherString = DEFAULT
580ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
581ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
582Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
583Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
584Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
585Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
586MaxProtocol = TLSv1.2
587PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
588
589[16-Ed448 CipherString and Signature Algorithm Selection-client]
590CipherString = aECDSA
591MaxProtocol = TLSv1.2
592RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
593SignatureAlgorithms = Ed448:ECdSa+SHA256
594VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
595VerifyMode = Peer
596
597[test-16]
598ExpectedResult = Success
599ExpectedServerCANames = empty
600ExpectedServerCertType = Ed448
601ExpectedServerSignType = Ed448
602
603
604# ===========================================================
605
606[17-TLS 1.2 Ed25519 Client Auth]
607ssl_conf = 17-TLS 1.2 Ed25519 Client Auth-ssl
608
609[17-TLS 1.2 Ed25519 Client Auth-ssl]
610server = 17-TLS 1.2 Ed25519 Client Auth-server
611client = 17-TLS 1.2 Ed25519 Client Auth-client
612
613[17-TLS 1.2 Ed25519 Client Auth-server]
614Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
615CipherString = DEFAULT
616PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
617VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
618VerifyMode = Require
619
620[17-TLS 1.2 Ed25519 Client Auth-client]
621CipherString = DEFAULT
622Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
623Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
624MaxProtocol = TLSv1.2
625MinProtocol = TLSv1.2
626VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
627VerifyMode = Peer
628
629[test-17]
630ExpectedClientCertType = Ed25519
631ExpectedClientSignType = Ed25519
632ExpectedResult = Success
633
634
635# ===========================================================
636
637[18-TLS 1.2 Ed448 Client Auth]
638ssl_conf = 18-TLS 1.2 Ed448 Client Auth-ssl
639
640[18-TLS 1.2 Ed448 Client Auth-ssl]
641server = 18-TLS 1.2 Ed448 Client Auth-server
642client = 18-TLS 1.2 Ed448 Client Auth-client
643
644[18-TLS 1.2 Ed448 Client Auth-server]
645Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
646CipherString = DEFAULT
647PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
648VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
649VerifyMode = Require
650
651[18-TLS 1.2 Ed448 Client Auth-client]
652CipherString = DEFAULT
653Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
654Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
655MaxProtocol = TLSv1.2
656MinProtocol = TLSv1.2
657VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
658VerifyMode = Peer
659
660[test-18]
661ExpectedClientCertType = Ed448
662ExpectedClientSignType = Ed448
663ExpectedResult = Success
664
665
666# ===========================================================
667
668[19-ECDSA Signature Algorithm Selection SHA1]
669ssl_conf = 19-ECDSA Signature Algorithm Selection SHA1-ssl
670
671[19-ECDSA Signature Algorithm Selection SHA1-ssl]
672server = 19-ECDSA Signature Algorithm Selection SHA1-server
673client = 19-ECDSA Signature Algorithm Selection SHA1-client
674
675[19-ECDSA Signature Algorithm Selection SHA1-server]
676Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
677CipherString = DEFAULT:@SECLEVEL=0
678ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
679ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
680Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
681Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
682Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
683Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
684MaxProtocol = TLSv1.2
685PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
686
687[19-ECDSA Signature Algorithm Selection SHA1-client]
688CipherString = DEFAULT:@SECLEVEL=0
689SignatureAlgorithms = ECdSa+SHA1
690VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
691VerifyMode = Peer
692
693[test-19]
694ExpectedResult = Success
695ExpectedServerCertType = P-256
696ExpectedServerSignHash = SHA1
697ExpectedServerSignType = EC
698
699
700# ===========================================================
701
702[20-ECDSA with brainpool]
703ssl_conf = 20-ECDSA with brainpool-ssl
704
705[20-ECDSA with brainpool-ssl]
706server = 20-ECDSA with brainpool-server
707client = 20-ECDSA with brainpool-client
708
709[20-ECDSA with brainpool-server]
710Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
711CipherString = DEFAULT
712Groups = brainpoolP256r1
713PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
714
715[20-ECDSA with brainpool-client]
716CipherString = aECDSA
717Groups = brainpoolP256r1
718MaxProtocol = TLSv1.2
719RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
720VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
721VerifyMode = Peer
722
723[test-20]
724ExpectedResult = Success
725ExpectedServerCANames = empty
726ExpectedServerCertType = brainpoolP256r1
727ExpectedServerSignType = EC
728
729
730# ===========================================================
731
732[21-Ed25519 CipherString and Curves Selection]
733ssl_conf = 21-Ed25519 CipherString and Curves Selection-ssl
734
735[21-Ed25519 CipherString and Curves Selection-ssl]
736server = 21-Ed25519 CipherString and Curves Selection-server
737client = 21-Ed25519 CipherString and Curves Selection-client
738
739[21-Ed25519 CipherString and Curves Selection-server]
740Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
741CipherString = DEFAULT
742ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
743ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
744Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
745Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
746Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
747Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
748MaxProtocol = TLSv1.2
749PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
750
751[21-Ed25519 CipherString and Curves Selection-client]
752CipherString = aECDSA
753Curves = X25519
754MaxProtocol = TLSv1.2
755SignatureAlgorithms = ecDSA+SHA256:Ed25519
756VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
757VerifyMode = Peer
758
759[test-21]
760ExpectedResult = Success
761ExpectedServerCertType = Ed25519
762ExpectedServerSignType = Ed25519
763
764
765# ===========================================================
766
767[22-Ed448 CipherString and Curves Selection]
768ssl_conf = 22-Ed448 CipherString and Curves Selection-ssl
769
770[22-Ed448 CipherString and Curves Selection-ssl]
771server = 22-Ed448 CipherString and Curves Selection-server
772client = 22-Ed448 CipherString and Curves Selection-client
773
774[22-Ed448 CipherString and Curves Selection-server]
775Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
776CipherString = DEFAULT
777ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
778ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
779Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
780Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
781Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
782Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
783MaxProtocol = TLSv1.2
784PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
785
786[22-Ed448 CipherString and Curves Selection-client]
787CipherString = aECDSA
788Curves = X448
789MaxProtocol = TLSv1.2
790SignatureAlgorithms = ECDSa+SHA256:ED448
791VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
792VerifyMode = Peer
793
794[test-22]
795ExpectedResult = Success
796ExpectedServerCertType = Ed448
797ExpectedServerSignType = Ed448
798
799
800# ===========================================================
801
802[23-RSA-PSS Certificate CipherString Selection]
803ssl_conf = 23-RSA-PSS Certificate CipherString Selection-ssl
804
805[23-RSA-PSS Certificate CipherString Selection-ssl]
806server = 23-RSA-PSS Certificate CipherString Selection-server
807client = 23-RSA-PSS Certificate CipherString Selection-client
808
809[23-RSA-PSS Certificate CipherString Selection-server]
810Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
811CipherString = DEFAULT
812ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
813ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
814Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
815Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
816Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
817Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
818MaxProtocol = TLSv1.2
819PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
820PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
821PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
822
823[23-RSA-PSS Certificate CipherString Selection-client]
824CipherString = aRSA
825MaxProtocol = TLSv1.2
826VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
827VerifyMode = Peer
828
829[test-23]
830ExpectedResult = Success
831ExpectedServerCertType = RSA-PSS
832ExpectedServerSignType = RSA-PSS
833
834
835# ===========================================================
836
837[24-RSA-PSS Certificate Legacy Signature Algorithm Selection]
838ssl_conf = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl
839
840[24-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl]
841server = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection-server
842client = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection-client
843
844[24-RSA-PSS Certificate Legacy Signature Algorithm Selection-server]
845Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
846CipherString = DEFAULT
847ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
848ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
849Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
850Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
851Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
852Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
853MaxProtocol = TLSv1.2
854PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
855PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
856PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
857
858[24-RSA-PSS Certificate Legacy Signature Algorithm Selection-client]
859CipherString = DEFAULT
860SignatureAlgorithms = rSA-pSS+SHA256
861VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
862VerifyMode = Peer
863
864[test-24]
865ExpectedResult = Success
866ExpectedServerCertType = RSA
867ExpectedServerSignHash = SHA256
868ExpectedServerSignType = RSA-PSS
869
870
871# ===========================================================
872
873[25-RSA-PSS Certificate Unified Signature Algorithm Selection]
874ssl_conf = 25-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl
875
876[25-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl]
877server = 25-RSA-PSS Certificate Unified Signature Algorithm Selection-server
878client = 25-RSA-PSS Certificate Unified Signature Algorithm Selection-client
879
880[25-RSA-PSS Certificate Unified Signature Algorithm Selection-server]
881Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
882CipherString = DEFAULT
883ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
884ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
885Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
886Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
887Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
888Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
889MaxProtocol = TLSv1.2
890PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
891PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
892PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
893
894[25-RSA-PSS Certificate Unified Signature Algorithm Selection-client]
895CipherString = DEFAULT
896SignatureAlgorithms = rsA_PsS_PsS_sHa256
897VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
898VerifyMode = Peer
899
900[test-25]
901ExpectedResult = Success
902ExpectedServerCertType = RSA-PSS
903ExpectedServerSignHash = SHA256
904ExpectedServerSignType = RSA-PSS
905
906
907# ===========================================================
908
909[26-Only RSA-PSS Certificate]
910ssl_conf = 26-Only RSA-PSS Certificate-ssl
911
912[26-Only RSA-PSS Certificate-ssl]
913server = 26-Only RSA-PSS Certificate-server
914client = 26-Only RSA-PSS Certificate-client
915
916[26-Only RSA-PSS Certificate-server]
917Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
918CipherString = DEFAULT
919PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
920
921[26-Only RSA-PSS Certificate-client]
922CipherString = DEFAULT
923VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
924VerifyMode = Peer
925
926[test-26]
927ExpectedResult = Success
928ExpectedServerCertType = RSA-PSS
929ExpectedServerSignHash = SHA256
930ExpectedServerSignType = RSA-PSS
931
932
933# ===========================================================
934
935[27-Only RSA-PSS Certificate Valid Signature Algorithms]
936ssl_conf = 27-Only RSA-PSS Certificate Valid Signature Algorithms-ssl
937
938[27-Only RSA-PSS Certificate Valid Signature Algorithms-ssl]
939server = 27-Only RSA-PSS Certificate Valid Signature Algorithms-server
940client = 27-Only RSA-PSS Certificate Valid Signature Algorithms-client
941
942[27-Only RSA-PSS Certificate Valid Signature Algorithms-server]
943Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
944CipherString = DEFAULT
945PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
946
947[27-Only RSA-PSS Certificate Valid Signature Algorithms-client]
948CipherString = DEFAULT
949SignatureAlgorithms = rsa_psS_psS_sHa512
950VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
951VerifyMode = Peer
952
953[test-27]
954ExpectedResult = Success
955ExpectedServerCertType = RSA-PSS
956ExpectedServerSignHash = SHA512
957ExpectedServerSignType = RSA-PSS
958
959
960# ===========================================================
961
962[28-RSA-PSS Certificate, no PSS signature algorithms]
963ssl_conf = 28-RSA-PSS Certificate, no PSS signature algorithms-ssl
964
965[28-RSA-PSS Certificate, no PSS signature algorithms-ssl]
966server = 28-RSA-PSS Certificate, no PSS signature algorithms-server
967client = 28-RSA-PSS Certificate, no PSS signature algorithms-client
968
969[28-RSA-PSS Certificate, no PSS signature algorithms-server]
970Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
971CipherString = DEFAULT
972PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
973
974[28-RSA-PSS Certificate, no PSS signature algorithms-client]
975CipherString = DEFAULT
976SignatureAlgorithms = rsa+SHA256
977VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
978VerifyMode = Peer
979
980[test-28]
981ExpectedResult = ServerFail
982
983
984# ===========================================================
985
986[29-Only RSA-PSS Restricted Certificate]
987ssl_conf = 29-Only RSA-PSS Restricted Certificate-ssl
988
989[29-Only RSA-PSS Restricted Certificate-ssl]
990server = 29-Only RSA-PSS Restricted Certificate-server
991client = 29-Only RSA-PSS Restricted Certificate-client
992
993[29-Only RSA-PSS Restricted Certificate-server]
994Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
995CipherString = DEFAULT
996PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
997
998[29-Only RSA-PSS Restricted Certificate-client]
999CipherString = DEFAULT
1000VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1001VerifyMode = Peer
1002
1003[test-29]
1004ExpectedResult = Success
1005ExpectedServerCertType = RSA-PSS
1006ExpectedServerSignHash = SHA256
1007ExpectedServerSignType = RSA-PSS
1008
1009
1010# ===========================================================
1011
1012[30-RSA-PSS Restricted Certificate Valid Signature Algorithms]
1013ssl_conf = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl
1014
1015[30-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl]
1016server = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms-server
1017client = 30-RSA-PSS Restricted Certificate Valid Signature Algorithms-client
1018
1019[30-RSA-PSS Restricted Certificate Valid Signature Algorithms-server]
1020Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
1021CipherString = DEFAULT
1022PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
1023
1024[30-RSA-PSS Restricted Certificate Valid Signature Algorithms-client]
1025CipherString = DEFAULT
1026SignatureAlgorithms = RSa_pSS_pSs_sHA256:rsa_PsS_PSs_sHA512
1027VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1028VerifyMode = Peer
1029
1030[test-30]
1031ExpectedResult = Success
1032ExpectedServerCertType = RSA-PSS
1033ExpectedServerSignHash = SHA256
1034ExpectedServerSignType = RSA-PSS
1035
1036
1037# ===========================================================
1038
1039[31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm]
1040ssl_conf = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl
1041
1042[31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl]
1043server = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server
1044client = 31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client
1045
1046[31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server]
1047Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
1048CipherString = DEFAULT
1049PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
1050
1051[31-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client]
1052CipherString = DEFAULT
1053SignatureAlgorithms = rsA_pss_psS_sha512:rsA_pSS_PSs_ShA256
1054VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1055VerifyMode = Peer
1056
1057[test-31]
1058ExpectedResult = Success
1059ExpectedServerCertType = RSA-PSS
1060ExpectedServerSignHash = SHA256
1061ExpectedServerSignType = RSA-PSS
1062
1063
1064# ===========================================================
1065
1066[32-RSA-PSS Restricted Certificate Invalid Signature Algorithms]
1067ssl_conf = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl
1068
1069[32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl]
1070server = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server
1071client = 32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client
1072
1073[32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server]
1074Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
1075CipherString = DEFAULT
1076PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
1077
1078[32-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client]
1079CipherString = DEFAULT
1080SignatureAlgorithms = rSa_PSS_pSS_sHa512
1081VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1082VerifyMode = Peer
1083
1084[test-32]
1085ExpectedResult = ServerFail
1086
1087
1088# ===========================================================
1089
1090[33-RSA key exchange with only RSA-PSS certificate]
1091ssl_conf = 33-RSA key exchange with only RSA-PSS certificate-ssl
1092
1093[33-RSA key exchange with only RSA-PSS certificate-ssl]
1094server = 33-RSA key exchange with only RSA-PSS certificate-server
1095client = 33-RSA key exchange with only RSA-PSS certificate-client
1096
1097[33-RSA key exchange with only RSA-PSS certificate-server]
1098Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
1099CipherString = DEFAULT
1100PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
1101
1102[33-RSA key exchange with only RSA-PSS certificate-client]
1103CipherString = kRSA
1104MaxProtocol = TLSv1.2
1105VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1106VerifyMode = Peer
1107
1108[test-33]
1109ExpectedResult = ServerFail
1110
1111
1112# ===========================================================
1113
1114[34-Only RSA-PSS Certificate, TLS v1.1]
1115ssl_conf = 34-Only RSA-PSS Certificate, TLS v1.1-ssl
1116
1117[34-Only RSA-PSS Certificate, TLS v1.1-ssl]
1118server = 34-Only RSA-PSS Certificate, TLS v1.1-server
1119client = 34-Only RSA-PSS Certificate, TLS v1.1-client
1120
1121[34-Only RSA-PSS Certificate, TLS v1.1-server]
1122Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
1123CipherString = DEFAULT:@SECLEVEL=0
1124PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
1125
1126[34-Only RSA-PSS Certificate, TLS v1.1-client]
1127CipherString = DEFAULT:@SECLEVEL=0
1128MaxProtocol = TLSv1.1
1129VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1130VerifyMode = Peer
1131
1132[test-34]
1133ExpectedResult = ServerFail
1134
1135
1136# ===========================================================
1137
1138[35-TLS 1.3 ECDSA Signature Algorithm Selection]
1139ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl
1140
1141[35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl]
1142server = 35-TLS 1.3 ECDSA Signature Algorithm Selection-server
1143client = 35-TLS 1.3 ECDSA Signature Algorithm Selection-client
1144
1145[35-TLS 1.3 ECDSA Signature Algorithm Selection-server]
1146Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1147CipherString = DEFAULT
1148ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1149ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1150Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1151Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1152Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1153Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1154MaxProtocol = TLSv1.3
1155MinProtocol = TLSv1.3
1156PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1157
1158[35-TLS 1.3 ECDSA Signature Algorithm Selection-client]
1159CipherString = DEFAULT
1160SignatureAlgorithms = ECDsa+SHA256
1161VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1162VerifyMode = Peer
1163
1164[test-35]
1165ExpectedResult = Success
1166ExpectedServerCANames = empty
1167ExpectedServerCertType = P-256
1168ExpectedServerSignHash = SHA256
1169ExpectedServerSignType = EC
1170
1171
1172# ===========================================================
1173
1174[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point]
1175ssl_conf = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl
1176
1177[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl]
1178server = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server
1179client = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client
1180
1181[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server]
1182Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1183CipherString = DEFAULT
1184ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
1185ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
1186MaxProtocol = TLSv1.3
1187MinProtocol = TLSv1.3
1188PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1189
1190[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client]
1191CipherString = DEFAULT
1192SignatureAlgorithms = ecDSA+SHA256
1193VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1194VerifyMode = Peer
1195
1196[test-36]
1197ExpectedResult = Success
1198ExpectedServerCANames = empty
1199ExpectedServerCertType = P-256
1200ExpectedServerSignHash = SHA256
1201ExpectedServerSignType = EC
1202
1203
1204# ===========================================================
1205
1206[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1]
1207ssl_conf = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl
1208
1209[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl]
1210server = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server
1211client = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
1212
1213[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
1214Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1215CipherString = DEFAULT:@SECLEVEL=0
1216ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1217ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1218Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1219Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1220Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1221Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1222MaxProtocol = TLSv1.3
1223MinProtocol = TLSv1.3
1224PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1225
1226[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
1227CipherString = DEFAULT:@SECLEVEL=0
1228SignatureAlgorithms = eCDSa+SHA1
1229VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1230VerifyMode = Peer
1231
1232[test-37]
1233ExpectedResult = ServerFail
1234
1235
1236# ===========================================================
1237
1238[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS]
1239ssl_conf = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl
1240
1241[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl]
1242server = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server
1243client = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client
1244
1245[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server]
1246Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1247CipherString = DEFAULT
1248ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1249ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1250Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1251Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1252Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1253Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1254MaxProtocol = TLSv1.3
1255MinProtocol = TLSv1.3
1256PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1257
1258[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client]
1259CipherString = DEFAULT
1260RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1261SignatureAlgorithms = eCdsA+SHA256:rsA-pSs+SHA256
1262VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1263VerifyMode = Peer
1264
1265[test-38]
1266ExpectedResult = Success
1267ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1268ExpectedServerCertType = P-256
1269ExpectedServerSignHash = SHA256
1270ExpectedServerSignType = EC
1271
1272
1273# ===========================================================
1274
1275[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS]
1276ssl_conf = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl
1277
1278[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl]
1279server = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server
1280client = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client
1281
1282[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server]
1283Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1284CipherString = DEFAULT
1285ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1286ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1287Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1288Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1289Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1290Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1291MaxProtocol = TLSv1.3
1292MinProtocol = TLSv1.3
1293PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1294
1295[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client]
1296CipherString = DEFAULT
1297SignatureAlgorithms = ECdsA+SHA384:RSa-psS+SHA384
1298VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1299VerifyMode = Peer
1300
1301[test-39]
1302ExpectedResult = Success
1303ExpectedServerCertType = RSA
1304ExpectedServerSignHash = SHA384
1305ExpectedServerSignType = RSA-PSS
1306
1307
1308# ===========================================================
1309
1310[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate]
1311ssl_conf = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
1312
1313[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
1314server = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server
1315client = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client
1316
1317[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
1318Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1319CipherString = DEFAULT
1320MaxProtocol = TLSv1.3
1321MinProtocol = TLSv1.3
1322PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1323
1324[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
1325CipherString = DEFAULT
1326SignatureAlgorithms = eCDSA+SHA256
1327VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1328VerifyMode = Peer
1329
1330[test-40]
1331ExpectedResult = ServerFail
1332
1333
1334# ===========================================================
1335
1336[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS]
1337ssl_conf = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl
1338
1339[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl]
1340server = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server
1341client = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client
1342
1343[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server]
1344Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1345CipherString = DEFAULT
1346ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1347ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1348Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1349Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1350Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1351Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1352MaxProtocol = TLSv1.3
1353MinProtocol = TLSv1.3
1354PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1355
1356[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client]
1357CipherString = DEFAULT
1358SignatureAlgorithms = RSA+SHA256
1359VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1360VerifyMode = Peer
1361
1362[test-41]
1363ExpectedResult = ServerFail
1364
1365
1366# ===========================================================
1367
1368[42-TLS 1.3 RSA-PSS Signature Algorithm Selection]
1369ssl_conf = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl
1370
1371[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl]
1372server = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server
1373client = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client
1374
1375[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server]
1376Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1377CipherString = DEFAULT
1378ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1379ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1380Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1381Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1382Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1383Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1384MaxProtocol = TLSv1.3
1385MinProtocol = TLSv1.3
1386PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1387
1388[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client]
1389CipherString = DEFAULT
1390SignatureAlgorithms = Rsa-PSS+SHA256
1391VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1392VerifyMode = Peer
1393
1394[test-42]
1395ExpectedResult = Success
1396ExpectedServerCertType = RSA
1397ExpectedServerSignHash = SHA256
1398ExpectedServerSignType = RSA-PSS
1399
1400
1401# ===========================================================
1402
1403[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection]
1404ssl_conf = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl
1405
1406[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl]
1407server = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server
1408client = 43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client
1409
1410[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server]
1411Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1412CipherString = DEFAULT
1413ClientSignatureAlgorithms = PSS+SHA256
1414PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1415VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1416VerifyMode = Require
1417
1418[43-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client]
1419CipherString = DEFAULT
1420ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1421ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1422MaxProtocol = TLSv1.3
1423MinProtocol = TLSv1.3
1424RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1425RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1426VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1427VerifyMode = Peer
1428
1429[test-43]
1430ExpectedClientCANames = empty
1431ExpectedClientCertType = RSA
1432ExpectedClientSignHash = SHA256
1433ExpectedClientSignType = RSA-PSS
1434ExpectedResult = Success
1435
1436
1437# ===========================================================
1438
1439[44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names]
1440ssl_conf = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl
1441
1442[44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl]
1443server = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server
1444client = 44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client
1445
1446[44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server]
1447Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1448CipherString = DEFAULT
1449ClientSignatureAlgorithms = Pss+SHA256
1450PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1451RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1452VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1453VerifyMode = Require
1454
1455[44-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client]
1456CipherString = DEFAULT
1457ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1458ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1459MaxProtocol = TLSv1.3
1460MinProtocol = TLSv1.3
1461RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1462RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1463VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1464VerifyMode = Peer
1465
1466[test-44]
1467ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1468ExpectedClientCertType = RSA
1469ExpectedClientSignHash = SHA256
1470ExpectedClientSignType = RSA-PSS
1471ExpectedResult = Success
1472
1473
1474# ===========================================================
1475
1476[45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection]
1477ssl_conf = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl
1478
1479[45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl]
1480server = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server
1481client = 45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client
1482
1483[45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server]
1484Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1485CipherString = DEFAULT
1486ClientSignatureAlgorithms = ECDsA+SHA256
1487PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1488VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1489VerifyMode = Require
1490
1491[45-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client]
1492CipherString = DEFAULT
1493ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1494ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1495MaxProtocol = TLSv1.3
1496MinProtocol = TLSv1.3
1497RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1498RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1499VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1500VerifyMode = Peer
1501
1502[test-45]
1503ExpectedClientCertType = P-256
1504ExpectedClientSignHash = SHA256
1505ExpectedClientSignType = EC
1506ExpectedResult = Success
1507
1508
1509# ===========================================================
1510
1511[46-TLS 1.3 Ed25519 Signature Algorithm Selection]
1512ssl_conf = 46-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl
1513
1514[46-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl]
1515server = 46-TLS 1.3 Ed25519 Signature Algorithm Selection-server
1516client = 46-TLS 1.3 Ed25519 Signature Algorithm Selection-client
1517
1518[46-TLS 1.3 Ed25519 Signature Algorithm Selection-server]
1519Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1520CipherString = DEFAULT
1521ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1522ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1523Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1524Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1525Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1526Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1527MaxProtocol = TLSv1.3
1528MinProtocol = TLSv1.3
1529PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1530
1531[46-TLS 1.3 Ed25519 Signature Algorithm Selection-client]
1532CipherString = DEFAULT
1533SignatureAlgorithms = eD25519
1534VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1535VerifyMode = Peer
1536
1537[test-46]
1538ExpectedResult = Success
1539ExpectedServerCertType = Ed25519
1540ExpectedServerSignType = Ed25519
1541
1542
1543# ===========================================================
1544
1545[47-TLS 1.3 Ed448 Signature Algorithm Selection]
1546ssl_conf = 47-TLS 1.3 Ed448 Signature Algorithm Selection-ssl
1547
1548[47-TLS 1.3 Ed448 Signature Algorithm Selection-ssl]
1549server = 47-TLS 1.3 Ed448 Signature Algorithm Selection-server
1550client = 47-TLS 1.3 Ed448 Signature Algorithm Selection-client
1551
1552[47-TLS 1.3 Ed448 Signature Algorithm Selection-server]
1553Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1554CipherString = DEFAULT
1555ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1556ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1557Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1558Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1559Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1560Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1561MaxProtocol = TLSv1.3
1562MinProtocol = TLSv1.3
1563PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1564
1565[47-TLS 1.3 Ed448 Signature Algorithm Selection-client]
1566CipherString = DEFAULT
1567SignatureAlgorithms = eD448
1568VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
1569VerifyMode = Peer
1570
1571[test-47]
1572ExpectedResult = Success
1573ExpectedServerCertType = Ed448
1574ExpectedServerSignType = Ed448
1575
1576
1577# ===========================================================
1578
1579[48-TLS 1.3 Ed25519 CipherString and Groups Selection]
1580ssl_conf = 48-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl
1581
1582[48-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl]
1583server = 48-TLS 1.3 Ed25519 CipherString and Groups Selection-server
1584client = 48-TLS 1.3 Ed25519 CipherString and Groups Selection-client
1585
1586[48-TLS 1.3 Ed25519 CipherString and Groups Selection-server]
1587Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1588CipherString = DEFAULT
1589ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1590ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1591Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1592Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1593Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1594Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1595MaxProtocol = TLSv1.3
1596MinProtocol = TLSv1.3
1597PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1598
1599[48-TLS 1.3 Ed25519 CipherString and Groups Selection-client]
1600CipherString = DEFAULT
1601Groups = X25519
1602SignatureAlgorithms = EcdSA+SHA256:eD25519
1603VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1604VerifyMode = Peer
1605
1606[test-48]
1607ExpectedResult = Success
1608ExpectedServerCertType = P-256
1609ExpectedServerSignType = EC
1610
1611
1612# ===========================================================
1613
1614[49-TLS 1.3 Ed448 CipherString and Groups Selection]
1615ssl_conf = 49-TLS 1.3 Ed448 CipherString and Groups Selection-ssl
1616
1617[49-TLS 1.3 Ed448 CipherString and Groups Selection-ssl]
1618server = 49-TLS 1.3 Ed448 CipherString and Groups Selection-server
1619client = 49-TLS 1.3 Ed448 CipherString and Groups Selection-client
1620
1621[49-TLS 1.3 Ed448 CipherString and Groups Selection-server]
1622Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1623CipherString = DEFAULT
1624ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1625ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1626Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1627Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1628Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1629Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1630MaxProtocol = TLSv1.3
1631MinProtocol = TLSv1.3
1632PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1633
1634[49-TLS 1.3 Ed448 CipherString and Groups Selection-client]
1635CipherString = DEFAULT
1636Groups = X448
1637SignatureAlgorithms = eCDSa+SHA256:ED448
1638VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1639VerifyMode = Peer
1640
1641[test-49]
1642ExpectedResult = Success
1643ExpectedServerCertType = P-256
1644ExpectedServerSignType = EC
1645
1646
1647# ===========================================================
1648
1649[50-TLS 1.3 Ed25519 Client Auth]
1650ssl_conf = 50-TLS 1.3 Ed25519 Client Auth-ssl
1651
1652[50-TLS 1.3 Ed25519 Client Auth-ssl]
1653server = 50-TLS 1.3 Ed25519 Client Auth-server
1654client = 50-TLS 1.3 Ed25519 Client Auth-client
1655
1656[50-TLS 1.3 Ed25519 Client Auth-server]
1657Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1658CipherString = DEFAULT
1659PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1660VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1661VerifyMode = Require
1662
1663[50-TLS 1.3 Ed25519 Client Auth-client]
1664CipherString = DEFAULT
1665EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
1666EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
1667MaxProtocol = TLSv1.3
1668MinProtocol = TLSv1.3
1669VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1670VerifyMode = Peer
1671
1672[test-50]
1673ExpectedClientCertType = Ed25519
1674ExpectedClientSignType = Ed25519
1675ExpectedResult = Success
1676
1677
1678# ===========================================================
1679
1680[51-TLS 1.3 Ed448 Client Auth]
1681ssl_conf = 51-TLS 1.3 Ed448 Client Auth-ssl
1682
1683[51-TLS 1.3 Ed448 Client Auth-ssl]
1684server = 51-TLS 1.3 Ed448 Client Auth-server
1685client = 51-TLS 1.3 Ed448 Client Auth-client
1686
1687[51-TLS 1.3 Ed448 Client Auth-server]
1688Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1689CipherString = DEFAULT
1690PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1691VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1692VerifyMode = Require
1693
1694[51-TLS 1.3 Ed448 Client Auth-client]
1695CipherString = DEFAULT
1696EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
1697EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
1698MaxProtocol = TLSv1.3
1699MinProtocol = TLSv1.3
1700VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1701VerifyMode = Peer
1702
1703[test-51]
1704ExpectedClientCertType = Ed448
1705ExpectedClientSignType = Ed448
1706ExpectedResult = Success
1707
1708
1709# ===========================================================
1710
1711[52-TLS 1.3 ECDSA with brainpool but no suitable groups]
1712ssl_conf = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-ssl
1713
1714[52-TLS 1.3 ECDSA with brainpool but no suitable groups-ssl]
1715server = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-server
1716client = 52-TLS 1.3 ECDSA with brainpool but no suitable groups-client
1717
1718[52-TLS 1.3 ECDSA with brainpool but no suitable groups-server]
1719Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
1720CipherString = DEFAULT
1721Groups = brainpoolP256r1
1722PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
1723
1724[52-TLS 1.3 ECDSA with brainpool but no suitable groups-client]
1725CipherString = aECDSA
1726Groups = brainpoolP256r1
1727RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1728VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1729VerifyMode = Peer
1730
1731[test-52]
1732ExpectedResult = ClientFail
1733
1734
1735# ===========================================================
1736
1737[53-TLS 1.3 ECDSA with brainpool]
1738ssl_conf = 53-TLS 1.3 ECDSA with brainpool-ssl
1739
1740[53-TLS 1.3 ECDSA with brainpool-ssl]
1741server = 53-TLS 1.3 ECDSA with brainpool-server
1742client = 53-TLS 1.3 ECDSA with brainpool-client
1743
1744[53-TLS 1.3 ECDSA with brainpool-server]
1745Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
1746CipherString = DEFAULT
1747PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
1748
1749[53-TLS 1.3 ECDSA with brainpool-client]
1750CipherString = DEFAULT
1751MaxProtocol = TLSv1.3
1752MinProtocol = TLSv1.3
1753RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1754VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1755VerifyMode = Peer
1756
1757[test-53]
1758ExpectedResult = Success
1759
1760
1761# ===========================================================
1762
1763[54-TLS 1.2 DSA Certificate Test]
1764ssl_conf = 54-TLS 1.2 DSA Certificate Test-ssl
1765
1766[54-TLS 1.2 DSA Certificate Test-ssl]
1767server = 54-TLS 1.2 DSA Certificate Test-server
1768client = 54-TLS 1.2 DSA Certificate Test-client
1769
1770[54-TLS 1.2 DSA Certificate Test-server]
1771Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1772CipherString = ALL
1773DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
1774DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
1775DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
1776MaxProtocol = TLSv1.2
1777MinProtocol = TLSv1.2
1778PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1779
1780[54-TLS 1.2 DSA Certificate Test-client]
1781CipherString = ALL
1782SignatureAlgorithms = DSA+SHA256:DSa+SHA1
1783VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1784VerifyMode = Peer
1785
1786[test-54]
1787ExpectedResult = Success
1788
1789
1790# ===========================================================
1791
1792[55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms]
1793ssl_conf = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl
1794
1795[55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl]
1796server = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server
1797client = 55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client
1798
1799[55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server]
1800Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1801CipherString = DEFAULT
1802ClientSignatureAlgorithms = ecDSA+SHA1:DsA+SHA256:rsA+SHA256
1803PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1804VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1805VerifyMode = Request
1806
1807[55-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client]
1808CipherString = DEFAULT
1809VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1810VerifyMode = Peer
1811
1812[test-55]
1813ExpectedResult = ServerFail
1814
1815
1816# ===========================================================
1817
1818[56-TLS 1.3 DSA Certificate Test]
1819ssl_conf = 56-TLS 1.3 DSA Certificate Test-ssl
1820
1821[56-TLS 1.3 DSA Certificate Test-ssl]
1822server = 56-TLS 1.3 DSA Certificate Test-server
1823client = 56-TLS 1.3 DSA Certificate Test-client
1824
1825[56-TLS 1.3 DSA Certificate Test-server]
1826Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1827CipherString = ALL
1828DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
1829DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
1830MaxProtocol = TLSv1.3
1831MinProtocol = TLSv1.3
1832PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1833
1834[56-TLS 1.3 DSA Certificate Test-client]
1835CipherString = ALL
1836SignatureAlgorithms = dSA+SHA1:DSA+SHA256:ecDsa+SHA256
1837VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1838VerifyMode = Peer
1839
1840[test-56]
1841ExpectedResult = ServerFail
1842
1843
1844# ===========================================================
1845
1846[57-TLS 1.3 ML-DSA Certificate Test]
1847ssl_conf = 57-TLS 1.3 ML-DSA Certificate Test-ssl
1848
1849[57-TLS 1.3 ML-DSA Certificate Test-ssl]
1850server = 57-TLS 1.3 ML-DSA Certificate Test-server
1851client = 57-TLS 1.3 ML-DSA Certificate Test-client
1852
1853[57-TLS 1.3 ML-DSA Certificate Test-server]
1854Certificate = ${ENV::TEST_CERTS_DIR}/server-ml-dsa-44-cert.pem
1855CipherString = DEFAULT
1856MaxProtocol = TLSv1.3
1857MinProtocol = TLSv1.3
1858PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ml-dsa-44-key.pem
1859SignatureAlgorithms = mlDsA44
1860
1861[57-TLS 1.3 ML-DSA Certificate Test-client]
1862CipherString = DEFAULT
1863MaxProtocol = TLSv1.3
1864MinProtocol = TLSv1.3
1865SignatureAlgorithms = mlDSa44
1866VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ml-dsa-44-cert.pem
1867VerifyMode = Peer
1868
1869[test-57]
1870ExpectedResult = Success
1871
1872
1873