xref: /freebsd/crypto/openssl/test/ssl-tests/28-seclevel.cnf (revision 7fdf597e96a02165cfe22ff357b857d5fa15ed8a)
1# Generated with generate_ssl_tests.pl
2
3num_tests = 6
4
5test-0 = 0-SECLEVEL 3 with default key
6test-1 = 1-SECLEVEL 4 with ED448 key
7test-2 = 2-SECLEVEL 5 server with ED448 key
8test-3 = 3-SECLEVEL 5 client with ED448 key
9test-4 = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE
10test-5 = 5-SECLEVEL 3 with ED448 key, TLSv1.2
11# ===========================================================
12
13[0-SECLEVEL 3 with default key]
14ssl_conf = 0-SECLEVEL 3 with default key-ssl
15
16[0-SECLEVEL 3 with default key-ssl]
17server = 0-SECLEVEL 3 with default key-server
18client = 0-SECLEVEL 3 with default key-client
19
20[0-SECLEVEL 3 with default key-server]
21Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
22CipherString = DEFAULT:@SECLEVEL=3
23PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
24
25[0-SECLEVEL 3 with default key-client]
26CipherString = DEFAULT
27VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
28VerifyMode = Peer
29
30[test-0]
31ExpectedResult = ServerFail
32
33
34# ===========================================================
35
36[1-SECLEVEL 4 with ED448 key]
37ssl_conf = 1-SECLEVEL 4 with ED448 key-ssl
38
39[1-SECLEVEL 4 with ED448 key-ssl]
40server = 1-SECLEVEL 4 with ED448 key-server
41client = 1-SECLEVEL 4 with ED448 key-client
42
43[1-SECLEVEL 4 with ED448 key-server]
44Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
45CipherString = DEFAULT:@SECLEVEL=4
46PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
47
48[1-SECLEVEL 4 with ED448 key-client]
49CipherString = DEFAULT:@SECLEVEL=4
50VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
51VerifyMode = Peer
52
53[test-1]
54ExpectedResult = Success
55
56
57# ===========================================================
58
59[2-SECLEVEL 5 server with ED448 key]
60ssl_conf = 2-SECLEVEL 5 server with ED448 key-ssl
61
62[2-SECLEVEL 5 server with ED448 key-ssl]
63server = 2-SECLEVEL 5 server with ED448 key-server
64client = 2-SECLEVEL 5 server with ED448 key-client
65
66[2-SECLEVEL 5 server with ED448 key-server]
67Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
68CipherString = DEFAULT:@SECLEVEL=5
69PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
70
71[2-SECLEVEL 5 server with ED448 key-client]
72CipherString = DEFAULT:@SECLEVEL=4
73VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
74VerifyMode = Peer
75
76[test-2]
77ExpectedResult = ServerFail
78
79
80# ===========================================================
81
82[3-SECLEVEL 5 client with ED448 key]
83ssl_conf = 3-SECLEVEL 5 client with ED448 key-ssl
84
85[3-SECLEVEL 5 client with ED448 key-ssl]
86server = 3-SECLEVEL 5 client with ED448 key-server
87client = 3-SECLEVEL 5 client with ED448 key-client
88
89[3-SECLEVEL 5 client with ED448 key-server]
90Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
91CipherString = DEFAULT:@SECLEVEL=4
92PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
93
94[3-SECLEVEL 5 client with ED448 key-client]
95CipherString = DEFAULT:@SECLEVEL=5
96VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
97VerifyMode = Peer
98
99[test-3]
100ExpectedResult = ServerFail
101
102
103# ===========================================================
104
105[4-SECLEVEL 3 with P-384 key, X25519 ECDHE]
106ssl_conf = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl
107
108[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl]
109server = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-server
110client = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-client
111
112[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-server]
113Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
114CipherString = DEFAULT:@SECLEVEL=3
115Groups = X25519
116PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
117
118[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-client]
119CipherString = ECDHE:@SECLEVEL=3
120VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
121VerifyMode = Peer
122
123[test-4]
124ExpectedResult = Success
125
126
127# ===========================================================
128
129[5-SECLEVEL 3 with ED448 key, TLSv1.2]
130ssl_conf = 5-SECLEVEL 3 with ED448 key, TLSv1.2-ssl
131
132[5-SECLEVEL 3 with ED448 key, TLSv1.2-ssl]
133server = 5-SECLEVEL 3 with ED448 key, TLSv1.2-server
134client = 5-SECLEVEL 3 with ED448 key, TLSv1.2-client
135
136[5-SECLEVEL 3 with ED448 key, TLSv1.2-server]
137Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
138CipherString = DEFAULT:@SECLEVEL=3
139MaxProtocol = TLSv1.2
140PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
141
142[5-SECLEVEL 3 with ED448 key, TLSv1.2-client]
143CipherString = DEFAULT
144VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
145VerifyMode = Peer
146
147[test-5]
148ExpectedResult = Success
149
150
151