openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Reduce the security bits for MD5 and SHA1 based signatures in TLS 

This has as effect that SHA1 and MD5+SHA1 are no longer supported at
security level 1, and that TLS < 1.2 is no longer supported at the
default security level of 1, and that you need to set the security
level to 0 to use TLS < 1.2.

Reviewed-by: Tim Hudson <tjh@openssl.org>
GH: #10787
This commit is contained in:
Kurt Roeckx 2020-01-02 23:25:27 +01:00
parent 526f1f1aca
commit aba03ae571
21 changed files with 1918 additions and 1825 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGES.md
View File

@ -119,6 +119,14 @@ OpenSSL 3.0
*Paul Dale*
* The security strength of SHA1 and MD5 based signatures in TLS has been
reduced. This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer
working at the default security level of 1 and instead requires security
level 0. The security level can be changed either using the cipher string
with @SECLEVEL, or calling SSL_CTX_set_security_level().
*Kurt Roeckx*
* EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH(), and
EVP_PKEY_get0_EC_KEY() can now handle EVP_PKEYs with provider side
internal keys, if they correspond to one of those built in types.

1
NEWS.md
View File

@ -63,6 +63,7 @@ OpenSSL 3.0
RC4, RC5 and SEED cipher functions have been deprecated.
* All of the low level DH, DSA, ECDH, ECDSA and RSA public key functions
have been deprecated.
* SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
OpenSSL 1.1.1
-------------

18
ssl/t1_lib.c
View File

@ -1413,8 +1413,26 @@ static int sigalg_security_bits(SSL_CTX *ctx, const SIGALG_LOOKUP *lu)
return 0;
if (md != NULL)
{
int md_type = EVP_MD_type(md);
/* Security bits: half digest bits */
secbits = EVP_MD_size(md) * 4;
/*
* SHA1 and MD5 are known to be broken. Reduce security bits so that
* they're no longer accepted at security level 1. The real values don't
* really matter as long as they're lower than 80, which is our
* security level 1.
* https://eprint.iacr.org/2020/014 puts a chosen-prefix attack for
* SHA1 at 2^63.4 and MD5+SHA1 at 2^67.2
* https://documents.epfl.ch/users/l/le/lenstra/public/papers/lat.pdf
* puts a chosen-prefix attack for MD5 at 2^39.
*/
if (md_type == NID_sha1)
secbits = 64;
else if (md_type == NID_md5_sha1)
secbits = 67;
else if (md_type == NID_md5)
secbits = 39;
} else {
/* Values from https://tools.ietf.org/html/rfc8032#section-8.5 */
if (lu->sigalg == TLSEXT_SIGALG_ed25519)

3
test/recipes/70-test_renegotiation.t
View File

@ -56,7 +56,8 @@ SKIP: {
# handshake
$proxy->clear();
$proxy->filter(undef);
$proxy->clientflags("-no_tls1_3");
$proxy->ciphers("DEFAULT:\@SECLEVEL=0");
$proxy->clientflags("-no_tls1_3 -cipher AES128-SHA:\@SECLEVEL=0");
$proxy->serverflags("-no_tls1_3 -no_tls1_2");
$proxy->reneg(1);
$proxy->start();

1
test/recipes/70-test_sslextension.t
View File

@ -206,6 +206,7 @@ SKIP: {
#Test 3: Sending a zero length extension block should pass
$proxy->clear();
$proxy->filter(\&extension_filter);
$proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
$proxy->start();
ok(TLSProxy::Message->success, "Zero extension length test");

13
test/recipes/70-test_sslrecords.t
View File

@ -82,11 +82,17 @@ use constant {
FRAGMENTED_IN_SSLV2 => 3,
ALERT_BEFORE_SSLV2 => 4
};
# The TLSv1.2 in SSLv2 ClientHello need to run at security level 0
# because in a SSLv2 ClientHello we can't send extentions to indicate
# which signature algorithm we want to use, and the default is SHA1.
#Test 5: Inject an SSLv2 style record format for a TLSv1.2 ClientHello
my $sslv2testtype = TLSV1_2_IN_SSLV2;
$proxy->clear();
$proxy->filter(\&add_sslv2_filter);
$proxy->serverflags("-tls1_2");
$proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
$proxy->start();
ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test");
@ -96,6 +102,7 @@ ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test");
$sslv2testtype = SSLV2_IN_SSLV2;
$proxy->clear();
$proxy->serverflags("-tls1_2");
$proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
$proxy->start();
ok(TLSProxy::Message->fail(), "SSLv2 in SSLv2 ClientHello test");
@ -105,6 +112,7 @@ ok(TLSProxy::Message->fail(), "SSLv2 in SSLv2 ClientHello test");
$sslv2testtype = FRAGMENTED_IN_TLSV1_2;
$proxy->clear();
$proxy->serverflags("-tls1_2");
$proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
$proxy->start();
ok(TLSProxy::Message->success(), "Fragmented ClientHello in TLSv1.2 test");
@ -113,6 +121,7 @@ ok(TLSProxy::Message->success(), "Fragmented ClientHello in TLSv1.2 test");
$sslv2testtype = FRAGMENTED_IN_SSLV2;
$proxy->clear();
$proxy->serverflags("-tls1_2");
$proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
$proxy->start();
ok(TLSProxy::Message->fail(), "Fragmented ClientHello in TLSv1.2/SSLv2 test");
@ -121,6 +130,7 @@ ok(TLSProxy::Message->fail(), "Fragmented ClientHello in TLSv1.2/SSLv2 test");
$sslv2testtype = ALERT_BEFORE_SSLV2;
$proxy->clear();
$proxy->serverflags("-tls1_2");
$proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
$proxy->start();
ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test");
@ -140,7 +150,8 @@ SKIP: {
#Test 11: Sending an unrecognised record type in TLS1.1 should fail
$fatal_alert = 0;
$proxy->clear();
$proxy->clientflags("-tls1_1");
$proxy->clientflags("-tls1_1 -cipher DEFAULT:\@SECLEVEL=0");
$proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
$proxy->start();
ok($fatal_alert, "Unrecognised record type in TLS1.1");
}

46
test/recipes/70-test_sslsigalgs.t
View File

@ -138,33 +138,33 @@ SKIP: {
$proxy->filter(\&sigalgs_filter);
#Test 10: Sending no sig algs extension in TLSv1.2 should succeed at
# security level 1
#Test 10: Sending no sig algs extension in TLSv1.2 will make it use
# SHA1, which is only supported at security level 0.
$proxy->clear();
$testtype = NO_SIG_ALGS_EXT;
$proxy->clientflags("-no_tls1_3 -cipher DEFAULT:\@SECLEVEL=1");
$proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1");
$proxy->clientflags("-no_tls1_3 -cipher DEFAULT:\@SECLEVEL=0");
$proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=0");
$proxy->start();
ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs seclevel 1");
ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs seclevel 0");
#Test 11: Sending no sig algs extension in TLSv1.2 should fail at security
# level 2 since it will try to use SHA1. Testing client at level 1,
# server level 2.
$proxy->clear();
$testtype = NO_SIG_ALGS_EXT;
$proxy->clientflags("-tls1_2 -cipher DEFAULT:\@SECLEVEL=1");
$proxy->ciphers("DEFAULT:\@SECLEVEL=2");
$proxy->start();
ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs server seclevel 2");
#Test 12: Sending no sig algs extension in TLSv1.2 should fail at security
# level 2 since it will try to use SHA1. Testing client at level 2,
# level 1 since it will try to use SHA1. Testing client at level 0,
# server level 1.
$proxy->clear();
$testtype = NO_SIG_ALGS_EXT;
$proxy->clientflags("-tls1_2 -cipher DEFAULT:\@SECLEVEL=2");
$proxy->clientflags("-tls1_2 -cipher DEFAULT:\@SECLEVEL=0");
$proxy->ciphers("DEFAULT:\@SECLEVEL=1");
$proxy->start();
ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs server seclevel 1");
#Test 12: Sending no sig algs extension in TLSv1.2 should fail at security
# level 1 since it will try to use SHA1. Testing client at level 1,
# server level 0.
$proxy->clear();
$testtype = NO_SIG_ALGS_EXT;
$proxy->clientflags("-tls1_2 -cipher DEFAULT:\@SECLEVEL=1");
$proxy->ciphers("DEFAULT:\@SECLEVEL=0");
$proxy->start();
ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs client seclevel 2");
#Test 13: Sending an empty sig algs extension in TLSv1.2 should fail
@ -221,15 +221,16 @@ SKIP: {
ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs");
$proxy->filter(\&sigalgs_filter);
#Test 19: No sig algs extension, ECDSA cert, TLSv1.2 should succeed
#Test 19: No sig algs extension, ECDSA cert, will use SHA1,
# TLSv1.2 should succeed at security level 0
$proxy->clear();
$testtype = NO_SIG_ALGS_EXT;
$proxy->clientflags("-no_tls1_3");
$proxy->clientflags("-no_tls1_3 -cipher DEFAULT:\@SECLEVEL=0");
$proxy->serverflags("-cert " . srctop_file("test", "certs",
"server-ecdsa-cert.pem") .
" -key " . srctop_file("test", "certs",
"server-ecdsa-key.pem")),
$proxy->ciphers("ECDHE-ECDSA-AES128-SHA");
$proxy->ciphers("ECDHE-ECDSA-AES128-SHA:\@SECLEVEL=0");
$proxy->start();
ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs, ECDSA");
}
@ -245,7 +246,7 @@ SKIP: {
$proxy->filter(\&modify_sigalgs_filter);
$proxy->start();
ok($dsa_status && $sha1_status && $sha224_status,
"DSA/SHA2 sigalg sent for 1.3-only ClientHello");
"DSA and SHA1 sigalgs not sent for 1.3-only ClientHello");
#Test 21: signature_algorithms with backwards compatible ClientHello
SKIP: {
@ -253,10 +254,11 @@ SKIP: {
$testtype = COMPAT_SIGALGS;
$dsa_status = $sha1_status = $sha224_status = 0;
$proxy->clear();
$proxy->clientflags("-cipher AES128-SHA\@SECLEVEL=0");
$proxy->filter(\&modify_sigalgs_filter);
$proxy->start();
ok($dsa_status && $sha1_status && $sha224_status,
"DSA sigalg not sent for compat ClientHello");
"backwards compatible sigalg sent for compat ClientHello");
}
}

2
test/recipes/70-test_sslversions.t
View File

@ -95,6 +95,8 @@ ok(TLSProxy::Message->success()
#Test 6: no TLSv1.3 or TLSv1.2 version in supported versions extension, but
#TLSv1.1 and TLSv1.0 are present. Should just use TLSv1.1 and succeed
$proxy->clear();
$proxy->clientflags("-cipher DEFAULT:\@SECLEVEL=0");
$proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
$testtype = TLS1_1_AND_1_0_ONLY;
$proxy->start();
$record = pop @{$proxy->record_list};

1
test/recipes/70-test_tls13downgrade.t
View File

@ -79,6 +79,7 @@ SKIP: {
$proxy->clear();
$proxy->filter(undef);
$proxy->clientflags("-no_tls1_2");
$proxy->ciphers("AES128-SHA:\@SECLEVEL=0");
$proxy->start();
ok(TLSProxy::Message->success(), "TLSv1.2 client-side protocol hole");

2704
test/ssl-tests/02-protocol-version.cnf
View File

File diff suppressed because it is too large Load Diff

144
test/ssl-tests/04-client_auth.cnf
View File

@ -49,11 +49,11 @@ client = 0-server-auth-flex-client
[0-server-auth-flex-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[0-server-auth-flex-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -72,12 +72,12 @@ client = 1-client-auth-flex-request-client
[1-client-auth-flex-request-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Request
[1-client-auth-flex-request-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -96,13 +96,13 @@ client = 2-client-auth-flex-require-fail-client
[2-client-auth-flex-require-fail-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
[2-client-auth-flex-require-fail-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -122,14 +122,14 @@ client = 3-client-auth-flex-require-client
[3-client-auth-flex-require-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Request
[3-client-auth-flex-require-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -151,7 +151,7 @@ client = 4-client-auth-flex-require-non-empty-names-client
[4-client-auth-flex-require-non-empty-names-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
@ -159,7 +159,7 @@ VerifyMode = Request
[4-client-auth-flex-require-non-empty-names-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -181,13 +181,13 @@ client = 5-client-auth-flex-noroot-client
[5-client-auth-flex-noroot-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Require
[5-client-auth-flex-noroot-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -208,13 +208,13 @@ client = 6-server-auth-TLSv1-client
[6-server-auth-TLSv1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[6-server-auth-TLSv1-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -235,14 +235,14 @@ client = 7-client-auth-TLSv1-request-client
[7-client-auth-TLSv1-request-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Request
[7-client-auth-TLSv1-request-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -263,7 +263,7 @@ client = 8-client-auth-TLSv1-require-fail-client
[8-client-auth-TLSv1-require-fail-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@ -271,7 +271,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
[8-client-auth-TLSv1-require-fail-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -293,7 +293,7 @@ client = 9-client-auth-TLSv1-require-client
[9-client-auth-TLSv1-require-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@ -302,7 +302,7 @@ VerifyMode = Request
[9-client-auth-TLSv1-require-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
@ -326,7 +326,7 @@ client = 10-client-auth-TLSv1-require-non-empty-names-client
[10-client-auth-TLSv1-require-non-empty-names-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
MaxProtocol = TLSv1
MinProtocol = TLSv1
@ -336,7 +336,7 @@ VerifyMode = Request
[10-client-auth-TLSv1-require-non-empty-names-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
@ -360,7 +360,7 @@ client = 11-client-auth-TLSv1-noroot-client
[11-client-auth-TLSv1-noroot-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@ -368,7 +368,7 @@ VerifyMode = Require
[11-client-auth-TLSv1-noroot-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1
MinProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
@ -391,13 +391,13 @@ client = 12-server-auth-TLSv1.1-client
[12-server-auth-TLSv1.1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[12-server-auth-TLSv1.1-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -418,14 +418,14 @@ client = 13-client-auth-TLSv1.1-request-client
[13-client-auth-TLSv1.1-request-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Request
[13-client-auth-TLSv1.1-request-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -446,7 +446,7 @@ client = 14-client-auth-TLSv1.1-require-fail-client
[14-client-auth-TLSv1.1-require-fail-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@ -454,7 +454,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
[14-client-auth-TLSv1.1-require-fail-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -476,7 +476,7 @@ client = 15-client-auth-TLSv1.1-require-client
[15-client-auth-TLSv1.1-require-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@ -485,7 +485,7 @@ VerifyMode = Request
[15-client-auth-TLSv1.1-require-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
@ -509,7 +509,7 @@ client = 16-client-auth-TLSv1.1-require-non-empty-names-client
[16-client-auth-TLSv1.1-require-non-empty-names-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
@ -519,7 +519,7 @@ VerifyMode = Request
[16-client-auth-TLSv1.1-require-non-empty-names-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
@ -543,7 +543,7 @@ client = 17-client-auth-TLSv1.1-noroot-client
[17-client-auth-TLSv1.1-noroot-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@ -551,7 +551,7 @@ VerifyMode = Require
[17-client-auth-TLSv1.1-noroot-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.1
MinProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
@ -574,13 +574,13 @@ client = 18-server-auth-TLSv1.2-client
[18-server-auth-TLSv1.2-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[18-server-auth-TLSv1.2-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -601,14 +601,14 @@ client = 19-client-auth-TLSv1.2-request-client
[19-client-auth-TLSv1.2-request-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Request
[19-client-auth-TLSv1.2-request-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -629,7 +629,7 @@ client = 20-client-auth-TLSv1.2-require-fail-client
[20-client-auth-TLSv1.2-require-fail-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@ -637,7 +637,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
[20-client-auth-TLSv1.2-require-fail-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -659,7 +659,7 @@ client = 21-client-auth-TLSv1.2-require-client
[21-client-auth-TLSv1.2-require-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
ClientSignatureAlgorithms = SHA256+RSA
MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
@ -669,7 +669,7 @@ VerifyMode = Request
[21-client-auth-TLSv1.2-require-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
@ -695,7 +695,7 @@ client = 22-client-auth-TLSv1.2-require-non-empty-names-client
[22-client-auth-TLSv1.2-require-non-empty-names-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
ClientSignatureAlgorithms = SHA256+RSA
MaxProtocol = TLSv1.2
@ -706,7 +706,7 @@ VerifyMode = Request
[22-client-auth-TLSv1.2-require-non-empty-names-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
@ -732,7 +732,7 @@ client = 23-client-auth-TLSv1.2-noroot-client
[23-client-auth-TLSv1.2-noroot-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@ -740,7 +740,7 @@ VerifyMode = Require
[23-client-auth-TLSv1.2-noroot-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = TLSv1.2
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
@ -763,13 +763,13 @@ client = 24-server-auth-DTLSv1-client
[24-server-auth-DTLSv1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[24-server-auth-DTLSv1-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -791,14 +791,14 @@ client = 25-client-auth-DTLSv1-request-client
[25-client-auth-DTLSv1-request-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Request
[25-client-auth-DTLSv1-request-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -820,7 +820,7 @@ client = 26-client-auth-DTLSv1-require-fail-client
[26-client-auth-DTLSv1-require-fail-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@ -828,7 +828,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
[26-client-auth-DTLSv1-require-fail-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -851,7 +851,7 @@ client = 27-client-auth-DTLSv1-require-client
[27-client-auth-DTLSv1-require-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@ -860,7 +860,7 @@ VerifyMode = Request
[27-client-auth-DTLSv1-require-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
@ -885,7 +885,7 @@ client = 28-client-auth-DTLSv1-require-non-empty-names-client
[28-client-auth-DTLSv1-require-non-empty-names-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
@ -895,7 +895,7 @@ VerifyMode = Request
[28-client-auth-DTLSv1-require-non-empty-names-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
@ -920,7 +920,7 @@ client = 29-client-auth-DTLSv1-noroot-client
[29-client-auth-DTLSv1-noroot-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@ -928,7 +928,7 @@ VerifyMode = Require
[29-client-auth-DTLSv1-noroot-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
@ -952,13 +952,13 @@ client = 30-server-auth-DTLSv1.2-client
[30-server-auth-DTLSv1.2-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[30-server-auth-DTLSv1.2-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -980,14 +980,14 @@ client = 31-client-auth-DTLSv1.2-request-client
[31-client-auth-DTLSv1.2-request-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
VerifyMode = Request
[31-client-auth-DTLSv1.2-request-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1009,7 +1009,7 @@ client = 32-client-auth-DTLSv1.2-require-fail-client
[32-client-auth-DTLSv1.2-require-fail-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@ -1017,7 +1017,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
VerifyMode = Require
[32-client-auth-DTLSv1.2-require-fail-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1040,7 +1040,7 @@ client = 33-client-auth-DTLSv1.2-require-client
[33-client-auth-DTLSv1.2-require-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@ -1049,7 +1049,7 @@ VerifyMode = Request
[33-client-auth-DTLSv1.2-require-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
@ -1074,7 +1074,7 @@ client = 34-client-auth-DTLSv1.2-require-non-empty-names-client
[34-client-auth-DTLSv1.2-require-non-empty-names-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
@ -1084,7 +1084,7 @@ VerifyMode = Request
[34-client-auth-DTLSv1.2-require-non-empty-names-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
@ -1109,7 +1109,7 @@ client = 35-client-auth-DTLSv1.2-noroot-client
[35-client-auth-DTLSv1.2-noroot-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@ -1117,7 +1117,7 @@ VerifyMode = Require
[35-client-auth-DTLSv1.2-noroot-client]
Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem

12
test/ssl-tests/04-client_auth.cnf.in
View File

@ -58,10 +58,12 @@ sub generate_tests() {
name => "server-auth-${protocol_name}"
.($sctp ? "-sctp" : ""),
server => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol
},
client => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol
},
@ -77,11 +79,13 @@ sub generate_tests() {
name => "client-auth-${protocol_name}-request"
.($sctp ? "-sctp" : ""),
server => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
"VerifyMode" => "Request"
},
client => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol
},
@ -97,12 +101,14 @@ sub generate_tests() {
name => "client-auth-${protocol_name}-require-fail"
.($sctp ? "-sctp" : ""),
server => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
"VerifyCAFile" => test_pem("root-cert.pem"),
"VerifyMode" => "Require",
},
client => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol
},
@ -121,6 +127,7 @@ sub generate_tests() {
name => "client-auth-${protocol_name}-require"
.($sctp ? "-sctp" : ""),
server => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
"ClientSignatureAlgorithms" => $clisigalgs,
@ -128,6 +135,7 @@ sub generate_tests() {
"VerifyMode" => "Request",
},
client => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
"Certificate" => test_pem("ee-client-chain.pem"),
@ -149,6 +157,7 @@ sub generate_tests() {
name => "client-auth-${protocol_name}-require-non-empty-names"
.($sctp ? "-sctp" : ""),
server => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
"ClientSignatureAlgorithms" => $clisigalgs,
@ -157,6 +166,7 @@ sub generate_tests() {
"VerifyMode" => "Request",
},
client => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
"Certificate" => test_pem("ee-client-chain.pem"),
@ -178,11 +188,13 @@ sub generate_tests() {
name => "client-auth-${protocol_name}-noroot"
.($sctp ? "-sctp" : ""),
server => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
"VerifyMode" => "Require",
},
client => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MinProtocol" => $protocol,
"MaxProtocol" => $protocol,
"Certificate" => test_pem("ee-client-chain.pem"),

4
test/ssl-tests/05-sni.cnf
View File

@ -284,11 +284,11 @@ server2 = 8-SNI-clienthello-disable-v12-server
[8-SNI-clienthello-disable-v12-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[8-SNI-clienthello-disable-v12-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer

2
test/ssl-tests/05-sni.cnf.in
View File

@ -152,11 +152,13 @@ our @tests_tls_1_1 = (
{
name => "SNI-clienthello-disable-v12",
server => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
extra => {
"ServerNameCallback" => "ClientHelloNoV12",
},
},
client => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
extra => {
"ServerName" => "server2",
},

256
test/ssl-tests/07-dtls-protocol-version.cnf
View File

@ -77,12 +77,12 @@ client = 0-version-negotiation-client
[0-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[0-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -104,12 +104,12 @@ client = 1-version-negotiation-client
[1-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[1-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -131,11 +131,11 @@ client = 2-version-negotiation-client
[2-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[2-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -157,13 +157,13 @@ client = 3-version-negotiation-client
[3-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[3-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -185,13 +185,13 @@ client = 4-version-negotiation-client
[4-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[4-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -213,12 +213,12 @@ client = 5-version-negotiation-client
[5-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[5-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -240,13 +240,13 @@ client = 6-version-negotiation-client
[6-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[6-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -267,12 +267,12 @@ client = 7-version-negotiation-client
[7-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[7-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -293,12 +293,12 @@ client = 8-version-negotiation-client
[8-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[8-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -320,12 +320,12 @@ client = 9-version-negotiation-client
[9-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[9-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -347,11 +347,11 @@ client = 10-version-negotiation-client
[10-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[10-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -373,13 +373,13 @@ client = 11-version-negotiation-client
[11-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[11-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -401,13 +401,13 @@ client = 12-version-negotiation-client
[12-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[12-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -429,12 +429,12 @@ client = 13-version-negotiation-client
[13-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[13-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -456,13 +456,13 @@ client = 14-version-negotiation-client
[14-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[14-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -484,12 +484,12 @@ client = 15-version-negotiation-client
[15-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[15-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -511,12 +511,12 @@ client = 16-version-negotiation-client
[16-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[16-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -537,12 +537,12 @@ client = 17-version-negotiation-client
[17-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[17-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -563,11 +563,11 @@ client = 18-version-negotiation-client
[18-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[18-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -588,13 +588,13 @@ client = 19-version-negotiation-client
[19-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[19-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -615,13 +615,13 @@ client = 20-version-negotiation-client
[20-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[20-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -642,12 +642,12 @@ client = 21-version-negotiation-client
[21-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[21-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -668,13 +668,13 @@ client = 22-version-negotiation-client
[22-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[22-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -695,12 +695,12 @@ client = 23-version-negotiation-client
[23-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[23-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -721,12 +721,12 @@ client = 24-version-negotiation-client
[24-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[24-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -749,12 +749,12 @@ client = 25-version-negotiation-client
[25-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[25-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -777,11 +777,11 @@ client = 26-version-negotiation-client
[26-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[26-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -804,13 +804,13 @@ client = 27-version-negotiation-client
[27-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[27-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -833,13 +833,13 @@ client = 28-version-negotiation-client
[28-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[28-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -862,12 +862,12 @@ client = 29-version-negotiation-client
[29-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[29-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -890,13 +890,13 @@ client = 30-version-negotiation-client
[30-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[30-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -918,12 +918,12 @@ client = 31-version-negotiation-client
[31-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[31-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -945,12 +945,12 @@ client = 32-version-negotiation-client
[32-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[32-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -973,12 +973,12 @@ client = 33-version-negotiation-client
[33-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[33-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1001,11 +1001,11 @@ client = 34-version-negotiation-client
[34-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[34-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1028,13 +1028,13 @@ client = 35-version-negotiation-client
[35-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[35-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1057,13 +1057,13 @@ client = 36-version-negotiation-client
[36-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[36-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1086,12 +1086,12 @@ client = 37-version-negotiation-client
[37-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[37-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1114,13 +1114,13 @@ client = 38-version-negotiation-client
[38-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[38-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1143,12 +1143,12 @@ client = 39-version-negotiation-client
[39-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[39-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1171,12 +1171,12 @@ client = 40-version-negotiation-client
[40-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[40-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -1198,12 +1198,12 @@ client = 41-version-negotiation-client
[41-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[41-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -1225,11 +1225,11 @@ client = 42-version-negotiation-client
[42-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[42-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -1251,13 +1251,13 @@ client = 43-version-negotiation-client
[43-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[43-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -1279,13 +1279,13 @@ client = 44-version-negotiation-client
[44-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[44-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -1307,12 +1307,12 @@ client = 45-version-negotiation-client
[45-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[45-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -1334,13 +1334,13 @@ client = 46-version-negotiation-client
[46-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[46-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -1362,12 +1362,12 @@ client = 47-version-negotiation-client
[47-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[47-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -1389,12 +1389,12 @@ client = 48-version-negotiation-client
[48-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[48-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1416,12 +1416,12 @@ client = 49-version-negotiation-client
[49-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[49-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1444,11 +1444,11 @@ client = 50-version-negotiation-client
[50-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[50-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1471,13 +1471,13 @@ client = 51-version-negotiation-client
[51-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[51-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1499,13 +1499,13 @@ client = 52-version-negotiation-client
[52-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[52-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1528,12 +1528,12 @@ client = 53-version-negotiation-client
[53-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[53-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1556,13 +1556,13 @@ client = 54-version-negotiation-client
[54-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[54-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1585,12 +1585,12 @@ client = 55-version-negotiation-client
[55-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[55-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
@ -1613,12 +1613,12 @@ client = 56-version-negotiation-client
[56-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[56-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -1639,12 +1639,12 @@ client = 57-version-negotiation-client
[57-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[57-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -1666,11 +1666,11 @@ client = 58-version-negotiation-client
[58-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[58-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -1692,13 +1692,13 @@ client = 59-version-negotiation-client
[59-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[59-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -1719,13 +1719,13 @@ client = 60-version-negotiation-client
[60-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[60-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -1747,12 +1747,12 @@ client = 61-version-negotiation-client
[61-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[61-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -1774,13 +1774,13 @@ client = 62-version-negotiation-client
[62-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[62-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -1802,12 +1802,12 @@ client = 63-version-negotiation-client
[63-version-negotiation-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[63-version-negotiation-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer

384
test/ssl-tests/10-resumption.cnf
View File

File diff suppressed because it is too large Load Diff

96
test/ssl-tests/11-dtls_resumption.cnf
View File

@ -31,7 +31,7 @@ resume-client = 0-resumption-client
[0-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
Options = SessionTicket
@ -39,13 +39,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[0-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[0-resumption-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -69,7 +69,7 @@ resume-client = 1-resumption-client
[1-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
Options = -SessionTicket
@ -77,13 +77,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[1-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[1-resumption-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -107,7 +107,7 @@ resume-client = 2-resumption-client
[2-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
Options = SessionTicket
@ -115,13 +115,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[2-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[2-resumption-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -145,7 +145,7 @@ resume-client = 3-resumption-client
[3-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
Options = -SessionTicket
@ -153,13 +153,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[3-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[3-resumption-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -183,7 +183,7 @@ resume-client = 4-resumption-client
[4-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
Options = SessionTicket
@ -191,13 +191,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[4-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[4-resumption-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -221,7 +221,7 @@ resume-client = 5-resumption-client
[5-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
Options = -SessionTicket
@ -229,13 +229,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[5-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[5-resumption-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -259,7 +259,7 @@ resume-client = 6-resumption-client
[6-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
Options = SessionTicket
@ -267,13 +267,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[6-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[6-resumption-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -297,7 +297,7 @@ resume-client = 7-resumption-client
[7-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
Options = -SessionTicket
@ -305,13 +305,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[7-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[7-resumption-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -335,19 +335,19 @@ resume-client = 8-resumption-resume-client
[8-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[8-resumption-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[8-resumption-resume-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -372,19 +372,19 @@ resume-client = 9-resumption-resume-client
[9-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[9-resumption-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[9-resumption-resume-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -409,19 +409,19 @@ resume-client = 10-resumption-resume-client
[10-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[10-resumption-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[10-resumption-resume-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -446,19 +446,19 @@ resume-client = 11-resumption-resume-client
[11-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[11-resumption-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
MinProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[11-resumption-resume-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -483,19 +483,19 @@ resume-client = 12-resumption-resume-client
[12-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[12-resumption-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[12-resumption-resume-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -520,19 +520,19 @@ resume-client = 13-resumption-resume-client
[13-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[13-resumption-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[13-resumption-resume-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -557,19 +557,19 @@ resume-client = 14-resumption-resume-client
[14-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[14-resumption-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[14-resumption-resume-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -594,19 +594,19 @@ resume-client = 15-resumption-resume-client
[15-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[15-resumption-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
MinProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[15-resumption-resume-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
MaxProtocol = DTLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer

8
test/ssl-tests/20-cert-select.cnf
View File

@ -328,7 +328,7 @@ client = 8-ECDSA Signature Algorithm Selection SHA1-client
[8-ECDSA Signature Algorithm Selection SHA1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
@ -339,7 +339,7 @@ MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[8-ECDSA Signature Algorithm Selection SHA1-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
SignatureAlgorithms = ECDSA+SHA1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
@ -1209,7 +1209,7 @@ client = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
@ -1221,7 +1221,7 @@ MinProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
CipherString = DEFAULT
CipherString = DEFAULT:@SECLEVEL=0
SignatureAlgorithms = ECDSA+SHA1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer

25
test/ssl-tests/20-cert-select.cnf.in
View File

@ -201,8 +201,18 @@ our @tests = (
},
{
name => "ECDSA Signature Algorithm Selection SHA1",
server => $server,
server => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
"ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
"Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
"Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
"Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
"Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
"MaxProtocol" => "TLSv1.2"
},
client => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"SignatureAlgorithms" => "ECDSA+SHA1",
},
test => {
@ -669,8 +679,19 @@ my @tests_tls_1_3 = (
},
{
name => "TLS 1.3 ECDSA Signature Algorithm Selection SHA1",
server => $server_tls_1_3,
server => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
"ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
"Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
"Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
"Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
"Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
"MinProtocol" => "TLSv1.3",
"MaxProtocol" => "TLSv1.3"
},
client => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"SignatureAlgorithms" => "ECDSA+SHA1",
},
test => {

11
test/ssl-tests/protocol_version.pm
View File

@ -151,10 +151,12 @@ sub generate_version_tests {
push @tests, {
"name" => "version-negotiation",
"client" => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MinProtocol" => $min_protocols[$c_min],
"MaxProtocol" => $max_protocols[$c_max],
},
"server" => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MinProtocol" => $min_protocols[$s_min],
"MaxProtocol" => $max_protocols[$s_max],
},
@ -254,13 +256,17 @@ sub generate_resumption_tests {
# Client is flexible, server upgrades/downgrades.
push @server_tests, {
"name" => "resumption",
"client" => { },
"client" => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
},
"server" => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MinProtocol" => $protocols[$original_protocol],
"MaxProtocol" => $protocols[$original_protocol],
"Options" => $ticket,
},
"resume_server" => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MaxProtocol" => $protocols[$resume_protocol],
"Options" => $ticket,
},
@ -276,13 +282,16 @@ sub generate_resumption_tests {
push @client_tests, {
"name" => "resumption",
"client" => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MinProtocol" => $protocols[$original_protocol],
"MaxProtocol" => $protocols[$original_protocol],
},
"server" => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"Options" => $ticket,
},
"resume_client" => {
"CipherString" => "DEFAULT:\@SECLEVEL=0",
"MaxProtocol" => $protocols[$resume_protocol],
},
"test" => {

4
test/sslapitest.c
View File

@ -5567,6 +5567,10 @@ static int test_export_key_mat(int tst)
OPENSSL_assert(tst >= 0 && (size_t)tst < OSSL_NELEM(protocols));
SSL_CTX_set_max_proto_version(cctx, protocols[tst]);
SSL_CTX_set_min_proto_version(cctx, protocols[tst]);
if ((protocols[tst] < TLS1_2_VERSION) &&
(!SSL_CTX_set_cipher_list(cctx, "DEFAULT:@SECLEVEL=0")
|| !SSL_CTX_set_cipher_list(sctx, "DEFAULT:@SECLEVEL=0")))
goto end;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
NULL))