2 # Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
16 use OpenSSL::Test::Utils;
20 name => "renegotiate-client-no-resume",
22 "Options" => "NoResumptionOnRenegotiation"
27 "HandshakeMode" => "RenegotiateClient",
28 "ResumptionExpected" => "No",
29 "ExpectedResult" => "Success"
33 name => "renegotiate-client-resume",
38 "HandshakeMode" => "RenegotiateClient",
39 "ResumptionExpected" => "Yes",
40 "ExpectedResult" => "Success"
43 # Note: Unlike the TLS tests, we will never do resumption with server
44 # initiated reneg. This is because an OpenSSL DTLS client will always do a full
45 # handshake (i.e. it doesn't supply a session id) when it receives a
46 # HelloRequest. This is different to the OpenSSL TLS implementation where an
47 # OpenSSL client will always try an abbreviated handshake (i.e. it will supply
48 # the session id). This goes all the way to commit 48ae85b6f when abbreviated
49 # handshake support was first added. Neither behaviour is wrong, but the
50 # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
53 name => "renegotiate-server-resume",
58 "HandshakeMode" => "RenegotiateServer",
59 "ResumptionExpected" => "No",
60 "ExpectedResult" => "Success"
64 name => "renegotiate-client-auth-require",
66 "VerifyCAFile" => test_pem("root-cert.pem"),
67 "VerifyMode" => "Require",
70 "Certificate" => test_pem("ee-client-chain.pem"),
71 "PrivateKey" => test_pem("ee-key.pem"),
75 "HandshakeMode" => "RenegotiateServer",
76 "ResumptionExpected" => "No",
77 "ExpectedResult" => "Success"
81 name => "renegotiate-client-auth-once",
83 "VerifyCAFile" => test_pem("root-cert.pem"),
84 "VerifyMode" => "Once",
87 "Certificate" => test_pem("ee-client-chain.pem"),
88 "PrivateKey" => test_pem("ee-key.pem"),
92 "HandshakeMode" => "RenegotiateServer",
93 "ResumptionExpected" => "No",
94 "ExpectedResult" => "Success"
98 our @tests_dtls1_2 = (
100 name => "renegotiate-aead-to-non-aead",
102 "Options" => "NoResumptionOnRenegotiation"
105 "CipherString" => "AES128-GCM-SHA256",
107 "RenegotiateCiphers" => "AES128-SHA"
112 "HandshakeMode" => "RenegotiateClient",
113 "ResumptionExpected" => "No",
114 "ExpectedResult" => "Success"
118 name => "renegotiate-non-aead-to-aead",
120 "Options" => "NoResumptionOnRenegotiation"
123 "CipherString" => "AES128-SHA",
125 "RenegotiateCiphers" => "AES128-GCM-SHA256"
130 "HandshakeMode" => "RenegotiateClient",
131 "ResumptionExpected" => "No",
132 "ExpectedResult" => "Success"
136 name => "renegotiate-non-aead-to-non-aead",
138 "Options" => "NoResumptionOnRenegotiation"
141 "CipherString" => "AES128-SHA",
143 "RenegotiateCiphers" => "AES256-SHA"
148 "HandshakeMode" => "RenegotiateClient",
149 "ResumptionExpected" => "No",
150 "ExpectedResult" => "Success"
154 name => "renegotiate-aead-to-aead",
156 "Options" => "NoResumptionOnRenegotiation"
159 "CipherString" => "AES128-GCM-SHA256",
161 "RenegotiateCiphers" => "AES256-GCM-SHA384"
166 "HandshakeMode" => "RenegotiateClient",
167 "ResumptionExpected" => "No",
168 "ExpectedResult" => "Success"
174 push @tests, @tests_dtls1_2 unless disabled("dtls1_2");