test/ssl-tests/17-renegotiate.conf.in

   1 # -*- mode: perl; -*-
   2 # Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the OpenSSL license (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 ## Test Renegotiation
  11
  12 use strict;
  13 use warnings;
  14
  15 package ssltests;
  16 use OpenSSL::Test::Utils;
  17
  18 our @tests = (
  19     {
  20         name => "renegotiate-client-no-resume",
  21         server => {
  22             "Options" => "NoResumptionOnRenegotiation"
  23         },
  24         client => {},
  25         test => {
  26             "Method" => "TLS",
  27             "HandshakeMode" => "RenegotiateClient",
  28             "ResumptionExpected" => "No",
  29             "ExpectedResult" => "Success"
  30         }
  31     },
  32     {
  33         name => "renegotiate-client-resume",
  34         server => {},
  35         client => {},
  36         test => {
  37             "Method" => "TLS",
  38             "HandshakeMode" => "RenegotiateClient",
  39             "ResumptionExpected" => "Yes",
  40             "ExpectedResult" => "Success"
  41         }
  42     },
  43     {
  44         name => "renegotiate-server-no-resume",
  45         server => {
  46             "Options" => "NoResumptionOnRenegotiation"
  47         },
  48         client => {},
  49         test => {
  50             "Method" => "TLS",
  51             "HandshakeMode" => "RenegotiateServer",
  52             "ResumptionExpected" => "No",
  53             "ExpectedResult" => "Success"
  54         }
  55     },
  56     {
  57         name => "renegotiate-server-resume",
  58         server => {},
  59         client => {},
  60         test => {
  61             "Method" => "TLS",
  62             "HandshakeMode" => "RenegotiateServer",
  63             "ResumptionExpected" => "Yes",
  64             "ExpectedResult" => "Success"
  65         }
  66     },
  67     {
  68         name => "renegotiate-client-auth-require",
  69         server => {
  70             "Options" => "NoResumptionOnRenegotiation",
  71             "MaxProtocol" => "TLSv1.2",
  72             "VerifyCAFile" => test_pem("root-cert.pem"),
  73             "VerifyMode" => "Require",
  74         },
  75         client => {
  76             "Certificate" => test_pem("ee-client-chain.pem"),
  77             "PrivateKey"  => test_pem("ee-key.pem"),
  78         },
  79         test => {
  80             "Method" => "TLS",
  81             "HandshakeMode" => "RenegotiateServer",
  82             "ResumptionExpected" => "No",
  83             "ExpectedResult" => "Success"
  84         }
  85     },
  86     {
  87         name => "renegotiate-client-auth-once",
  88         server => {
  89             "Options" => "NoResumptionOnRenegotiation",
  90             "MaxProtocol" => "TLSv1.2",
  91             "VerifyCAFile" => test_pem("root-cert.pem"),
  92             "VerifyMode" => "Once",
  93         },
  94         client => {
  95             "Certificate" => test_pem("ee-client-chain.pem"),
  96             "PrivateKey"  => test_pem("ee-key.pem"),
  97         },
  98         test => {
  99             "Method" => "TLS",
 100             "HandshakeMode" => "RenegotiateServer",
 101             "ResumptionExpected" => "No",
 102             "ExpectedResult" => "Success"
 103         }
 104     }
 105 );
 106 our @tests_tls1_2 = (
 107     {
 108         name => "renegotiate-aead-to-non-aead",
 109         server => {
 110             "Options" => "NoResumptionOnRenegotiation",
 111             "MaxProtocol" => "TLSv1.2"
 112         },
 113         client => {
 114             "CipherString" => "AES128-GCM-SHA256",
 115             extra => {
 116                 "RenegotiateCiphers" => "AES128-SHA"
 117             }
 118         },
 119         test => {
 120             "Method" => "TLS",
 121             "HandshakeMode" => "RenegotiateClient",
 122             "ResumptionExpected" => "No",
 123             "ExpectedResult" => "Success"
 124         }
 125     },
 126     {
 127         name => "renegotiate-non-aead-to-aead",
 128         server => {
 129             "Options" => "NoResumptionOnRenegotiation",
 130             "MaxProtocol" => "TLSv1.2"
 131         },
 132         client => {
 133             "CipherString" => "AES128-SHA",
 134             extra => {
 135                 "RenegotiateCiphers" => "AES128-GCM-SHA256"
 136             }
 137         },
 138         test => {
 139             "Method" => "TLS",
 140             "HandshakeMode" => "RenegotiateClient",
 141             "ResumptionExpected" => "No",
 142             "ExpectedResult" => "Success"
 143         }
 144     },
 145     {
 146         name => "renegotiate-non-aead-to-non-aead",
 147         server => {
 148             "Options" => "NoResumptionOnRenegotiation",
 149             "MaxProtocol" => "TLSv1.2"
 150         },
 151         client => {
 152             "CipherString" => "AES128-SHA",
 153             extra => {
 154                 "RenegotiateCiphers" => "AES256-SHA"
 155             }
 156         },
 157         test => {
 158             "Method" => "TLS",
 159             "HandshakeMode" => "RenegotiateClient",
 160             "ResumptionExpected" => "No",
 161             "ExpectedResult" => "Success"
 162         }
 163     },
 164     {
 165         name => "renegotiate-aead-to-aead",
 166         server => {
 167             "Options" => "NoResumptionOnRenegotiation",
 168             "MaxProtocol" => "TLSv1.2"
 169         },
 170         client => {
 171             "CipherString" => "AES128-GCM-SHA256",
 172             extra => {
 173                 "RenegotiateCiphers" => "AES256-GCM-SHA384"
 174             }
 175         },
 176         test => {
 177             "Method" => "TLS",
 178             "HandshakeMode" => "RenegotiateClient",
 179             "ResumptionExpected" => "No",
 180             "ExpectedResult" => "Success"
 181         }
 182     },
 183     {
 184         name => "no-renegotiation-server-by-client",
 185         server => {
 186             "Options" => "NoRenegotiation",
 187             "MaxProtocol" => "TLSv1.2"
 188         },
 189         client => { },
 190         test => {
 191             "Method" => "TLS",
 192             "HandshakeMode" => "RenegotiateClient",
 193             "ResumptionExpected" => "No",
 194             "ExpectedResult" => "ClientFail"
 195         }
 196     },
 197     {
 198         name => "no-renegotiation-server-by-server",
 199         server => {
 200             "Options" => "NoRenegotiation",
 201             "MaxProtocol" => "TLSv1.2"
 202         },
 203         client => { },
 204         test => {
 205             "Method" => "TLS",
 206             "HandshakeMode" => "RenegotiateServer",
 207             "ResumptionExpected" => "No",
 208             "ExpectedResult" => "ServerFail"
 209         }
 210     },
 211     {
 212         name => "no-renegotiation-client-by-server",
 213         server => {
 214             "MaxProtocol" => "TLSv1.2"
 215         },
 216         client => {
 217             "Options" => "NoRenegotiation",
 218         },
 219         test => {
 220             "Method" => "TLS",
 221             "HandshakeMode" => "RenegotiateServer",
 222             "ResumptionExpected" => "No",
 223             "ExpectedResult" => "ServerFail"
 224         }
 225     },
 226     {
 227         name => "no-renegotiation-client-by-client",
 228         server => {
 229             "MaxProtocol" => "TLSv1.2"
 230         },
 231         client => {
 232             "Options" => "NoRenegotiation",
 233         },
 234         test => {
 235             "Method" => "TLS",
 236             "HandshakeMode" => "RenegotiateClient",
 237             "ResumptionExpected" => "No",
 238             "ExpectedResult" => "ClientFail"
 239         }
 240     }
 241 );
 242
 243 push @tests, @tests_tls1_2 unless disabled("tls1_2");