1 # Generated with generate_ssl_tests.pl
5 test-0 = 0-ECDSA CipherString Selection
6 test-1 = 1-ECDSA CipherString Selection
7 test-2 = 2-ECDSA CipherString Selection
8 test-3 = 3-Ed25519 CipherString and Signature Algorithm Selection
9 test-4 = 4-Ed448 CipherString and Signature Algorithm Selection
10 test-5 = 5-ECDSA with brainpool
11 test-6 = 6-RSA CipherString Selection
12 test-7 = 7-RSA-PSS Certificate CipherString Selection
13 test-8 = 8-P-256 CipherString and Signature Algorithm Selection
14 test-9 = 9-Ed25519 CipherString and Curves Selection
15 test-10 = 10-Ed448 CipherString and Curves Selection
16 test-11 = 11-ECDSA CipherString Selection, no ECDSA certificate
17 test-12 = 12-ECDSA Signature Algorithm Selection
18 test-13 = 13-ECDSA Signature Algorithm Selection SHA384
19 test-14 = 14-ECDSA Signature Algorithm Selection SHA1
20 test-15 = 15-ECDSA Signature Algorithm Selection compressed point
21 test-16 = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate
22 test-17 = 17-RSA Signature Algorithm Selection
23 test-18 = 18-RSA-PSS Signature Algorithm Selection
24 test-19 = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection
25 test-20 = 20-RSA-PSS Certificate Unified Signature Algorithm Selection
26 test-21 = 21-Only RSA-PSS Certificate
27 test-22 = 22-Only RSA-PSS Certificate Valid Signature Algorithms
28 test-23 = 23-RSA-PSS Certificate, no PSS signature algorithms
29 test-24 = 24-Only RSA-PSS Restricted Certificate
30 test-25 = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms
31 test-26 = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm
32 test-27 = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms
33 test-28 = 28-RSA key exchange with all RSA certificate types
34 test-29 = 29-RSA key exchange with only RSA-PSS certificate
35 test-30 = 30-Suite B P-256 Hash Algorithm Selection
36 test-31 = 31-Suite B P-384 Hash Algorithm Selection
37 test-32 = 32-TLS 1.2 Ed25519 Client Auth
38 test-33 = 33-TLS 1.2 Ed448 Client Auth
39 test-34 = 34-Only RSA-PSS Certificate, TLS v1.1
40 test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection
41 test-36 = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
42 test-37 = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
43 test-38 = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
44 test-39 = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
45 test-40 = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
46 test-41 = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS
47 test-42 = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection
48 test-43 = 43-TLS 1.3 Ed25519 Signature Algorithm Selection
49 test-44 = 44-TLS 1.3 Ed448 Signature Algorithm Selection
50 test-45 = 45-TLS 1.3 Ed25519 CipherString and Groups Selection
51 test-46 = 46-TLS 1.3 Ed448 CipherString and Groups Selection
52 test-47 = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection
53 test-48 = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names
54 test-49 = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
55 test-50 = 50-TLS 1.3 Ed25519 Client Auth
56 test-51 = 51-TLS 1.3 Ed448 Client Auth
57 test-52 = 52-TLS 1.3 ECDSA with brainpool
58 test-53 = 53-TLS 1.2 DSA Certificate Test
59 test-54 = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
60 test-55 = 55-TLS 1.3 DSA Certificate Test
61 # ===========================================================
63 [0-ECDSA CipherString Selection]
64 ssl_conf = 0-ECDSA CipherString Selection-ssl
66 [0-ECDSA CipherString Selection-ssl]
67 server = 0-ECDSA CipherString Selection-server
68 client = 0-ECDSA CipherString Selection-client
70 [0-ECDSA CipherString Selection-server]
71 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
72 CipherString = DEFAULT
73 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
74 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
75 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
76 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
77 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
78 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
80 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
82 [0-ECDSA CipherString Selection-client]
85 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
86 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
90 ExpectedResult = Success
91 ExpectedServerCANames = empty
92 ExpectedServerCertType = P-256
93 ExpectedServerSignType = EC
96 # ===========================================================
98 [1-ECDSA CipherString Selection]
99 ssl_conf = 1-ECDSA CipherString Selection-ssl
101 [1-ECDSA CipherString Selection-ssl]
102 server = 1-ECDSA CipherString Selection-server
103 client = 1-ECDSA CipherString Selection-client
105 [1-ECDSA CipherString Selection-server]
106 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
107 CipherString = DEFAULT
108 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
109 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
111 MaxProtocol = TLSv1.2
112 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
114 [1-ECDSA CipherString Selection-client]
115 CipherString = aECDSA
117 MaxProtocol = TLSv1.2
118 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
119 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
123 ExpectedResult = Success
124 ExpectedServerCANames = empty
125 ExpectedServerCertType = P-256
126 ExpectedServerSignType = EC
129 # ===========================================================
131 [2-ECDSA CipherString Selection]
132 ssl_conf = 2-ECDSA CipherString Selection-ssl
134 [2-ECDSA CipherString Selection-ssl]
135 server = 2-ECDSA CipherString Selection-server
136 client = 2-ECDSA CipherString Selection-client
138 [2-ECDSA CipherString Selection-server]
139 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
140 CipherString = DEFAULT
141 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
142 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
144 MaxProtocol = TLSv1.2
145 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
147 [2-ECDSA CipherString Selection-client]
148 CipherString = aECDSA
150 MaxProtocol = TLSv1.2
151 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
152 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
156 ExpectedResult = ServerFail
159 # ===========================================================
161 [3-Ed25519 CipherString and Signature Algorithm Selection]
162 ssl_conf = 3-Ed25519 CipherString and Signature Algorithm Selection-ssl
164 [3-Ed25519 CipherString and Signature Algorithm Selection-ssl]
165 server = 3-Ed25519 CipherString and Signature Algorithm Selection-server
166 client = 3-Ed25519 CipherString and Signature Algorithm Selection-client
168 [3-Ed25519 CipherString and Signature Algorithm Selection-server]
169 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
170 CipherString = DEFAULT
171 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
172 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
173 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
174 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
175 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
176 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
177 MaxProtocol = TLSv1.2
178 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
180 [3-Ed25519 CipherString and Signature Algorithm Selection-client]
181 CipherString = aECDSA
182 MaxProtocol = TLSv1.2
183 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
184 SignatureAlgorithms = ed25519:ECDSA+SHA256
185 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
189 ExpectedResult = Success
190 ExpectedServerCANames = empty
191 ExpectedServerCertType = Ed25519
192 ExpectedServerSignType = Ed25519
195 # ===========================================================
197 [4-Ed448 CipherString and Signature Algorithm Selection]
198 ssl_conf = 4-Ed448 CipherString and Signature Algorithm Selection-ssl
200 [4-Ed448 CipherString and Signature Algorithm Selection-ssl]
201 server = 4-Ed448 CipherString and Signature Algorithm Selection-server
202 client = 4-Ed448 CipherString and Signature Algorithm Selection-client
204 [4-Ed448 CipherString and Signature Algorithm Selection-server]
205 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
206 CipherString = DEFAULT
207 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
208 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
209 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
210 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
211 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
212 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
213 MaxProtocol = TLSv1.2
214 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
216 [4-Ed448 CipherString and Signature Algorithm Selection-client]
217 CipherString = aECDSA
218 MaxProtocol = TLSv1.2
219 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
220 SignatureAlgorithms = ed448:ECDSA+SHA256
221 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
225 ExpectedResult = Success
226 ExpectedServerCANames = empty
227 ExpectedServerCertType = Ed448
228 ExpectedServerSignType = Ed448
231 # ===========================================================
233 [5-ECDSA with brainpool]
234 ssl_conf = 5-ECDSA with brainpool-ssl
236 [5-ECDSA with brainpool-ssl]
237 server = 5-ECDSA with brainpool-server
238 client = 5-ECDSA with brainpool-client
240 [5-ECDSA with brainpool-server]
241 Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
242 CipherString = DEFAULT
243 Groups = brainpoolP256r1
244 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
246 [5-ECDSA with brainpool-client]
247 CipherString = aECDSA
248 Groups = brainpoolP256r1
249 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
250 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
254 ExpectedResult = Success
255 ExpectedServerCANames = empty
256 ExpectedServerCertType = brainpoolP256r1
257 ExpectedServerSignType = EC
260 # ===========================================================
262 [6-RSA CipherString Selection]
263 ssl_conf = 6-RSA CipherString Selection-ssl
265 [6-RSA CipherString Selection-ssl]
266 server = 6-RSA CipherString Selection-server
267 client = 6-RSA CipherString Selection-client
269 [6-RSA CipherString Selection-server]
270 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
271 CipherString = DEFAULT
272 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
273 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
274 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
275 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
276 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
277 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
278 MaxProtocol = TLSv1.2
279 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
281 [6-RSA CipherString Selection-client]
283 MaxProtocol = TLSv1.2
284 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
288 ExpectedResult = Success
289 ExpectedServerCertType = RSA
290 ExpectedServerSignType = RSA-PSS
293 # ===========================================================
295 [7-RSA-PSS Certificate CipherString Selection]
296 ssl_conf = 7-RSA-PSS Certificate CipherString Selection-ssl
298 [7-RSA-PSS Certificate CipherString Selection-ssl]
299 server = 7-RSA-PSS Certificate CipherString Selection-server
300 client = 7-RSA-PSS Certificate CipherString Selection-client
302 [7-RSA-PSS Certificate CipherString Selection-server]
303 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
304 CipherString = DEFAULT
305 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
306 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
307 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
308 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
309 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
310 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
311 MaxProtocol = TLSv1.2
312 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
313 PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
314 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
316 [7-RSA-PSS Certificate CipherString Selection-client]
318 MaxProtocol = TLSv1.2
319 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
323 ExpectedResult = Success
324 ExpectedServerCertType = RSA-PSS
325 ExpectedServerSignType = RSA-PSS
328 # ===========================================================
330 [8-P-256 CipherString and Signature Algorithm Selection]
331 ssl_conf = 8-P-256 CipherString and Signature Algorithm Selection-ssl
333 [8-P-256 CipherString and Signature Algorithm Selection-ssl]
334 server = 8-P-256 CipherString and Signature Algorithm Selection-server
335 client = 8-P-256 CipherString and Signature Algorithm Selection-client
337 [8-P-256 CipherString and Signature Algorithm Selection-server]
338 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
339 CipherString = DEFAULT
340 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
341 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
342 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
343 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
344 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
345 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
346 MaxProtocol = TLSv1.2
347 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
349 [8-P-256 CipherString and Signature Algorithm Selection-client]
350 CipherString = aECDSA
351 MaxProtocol = TLSv1.2
352 SignatureAlgorithms = ECDSA+SHA256:ed25519
353 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
357 ExpectedResult = Success
358 ExpectedServerCertType = P-256
359 ExpectedServerSignHash = SHA256
360 ExpectedServerSignType = EC
363 # ===========================================================
365 [9-Ed25519 CipherString and Curves Selection]
366 ssl_conf = 9-Ed25519 CipherString and Curves Selection-ssl
368 [9-Ed25519 CipherString and Curves Selection-ssl]
369 server = 9-Ed25519 CipherString and Curves Selection-server
370 client = 9-Ed25519 CipherString and Curves Selection-client
372 [9-Ed25519 CipherString and Curves Selection-server]
373 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
374 CipherString = DEFAULT
375 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
376 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
377 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
378 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
379 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
380 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
381 MaxProtocol = TLSv1.2
382 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
384 [9-Ed25519 CipherString and Curves Selection-client]
385 CipherString = aECDSA
387 MaxProtocol = TLSv1.2
388 SignatureAlgorithms = ECDSA+SHA256:ed25519
389 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
393 ExpectedResult = Success
394 ExpectedServerCertType = Ed25519
395 ExpectedServerSignType = Ed25519
398 # ===========================================================
400 [10-Ed448 CipherString and Curves Selection]
401 ssl_conf = 10-Ed448 CipherString and Curves Selection-ssl
403 [10-Ed448 CipherString and Curves Selection-ssl]
404 server = 10-Ed448 CipherString and Curves Selection-server
405 client = 10-Ed448 CipherString and Curves Selection-client
407 [10-Ed448 CipherString and Curves Selection-server]
408 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
409 CipherString = DEFAULT
410 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
411 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
412 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
413 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
414 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
415 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
416 MaxProtocol = TLSv1.2
417 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
419 [10-Ed448 CipherString and Curves Selection-client]
420 CipherString = aECDSA
422 MaxProtocol = TLSv1.2
423 SignatureAlgorithms = ECDSA+SHA256:ed448
424 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
428 ExpectedResult = Success
429 ExpectedServerCertType = Ed448
430 ExpectedServerSignType = Ed448
433 # ===========================================================
435 [11-ECDSA CipherString Selection, no ECDSA certificate]
436 ssl_conf = 11-ECDSA CipherString Selection, no ECDSA certificate-ssl
438 [11-ECDSA CipherString Selection, no ECDSA certificate-ssl]
439 server = 11-ECDSA CipherString Selection, no ECDSA certificate-server
440 client = 11-ECDSA CipherString Selection, no ECDSA certificate-client
442 [11-ECDSA CipherString Selection, no ECDSA certificate-server]
443 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
444 CipherString = DEFAULT
445 MaxProtocol = TLSv1.2
446 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
448 [11-ECDSA CipherString Selection, no ECDSA certificate-client]
449 CipherString = aECDSA
450 MaxProtocol = TLSv1.2
451 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
455 ExpectedResult = ServerFail
458 # ===========================================================
460 [12-ECDSA Signature Algorithm Selection]
461 ssl_conf = 12-ECDSA Signature Algorithm Selection-ssl
463 [12-ECDSA Signature Algorithm Selection-ssl]
464 server = 12-ECDSA Signature Algorithm Selection-server
465 client = 12-ECDSA Signature Algorithm Selection-client
467 [12-ECDSA Signature Algorithm Selection-server]
468 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
469 CipherString = DEFAULT
470 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
471 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
472 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
473 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
474 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
475 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
476 MaxProtocol = TLSv1.2
477 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
479 [12-ECDSA Signature Algorithm Selection-client]
480 CipherString = DEFAULT
481 SignatureAlgorithms = ECDSA+SHA256
482 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
486 ExpectedResult = Success
487 ExpectedServerCertType = P-256
488 ExpectedServerSignHash = SHA256
489 ExpectedServerSignType = EC
492 # ===========================================================
494 [13-ECDSA Signature Algorithm Selection SHA384]
495 ssl_conf = 13-ECDSA Signature Algorithm Selection SHA384-ssl
497 [13-ECDSA Signature Algorithm Selection SHA384-ssl]
498 server = 13-ECDSA Signature Algorithm Selection SHA384-server
499 client = 13-ECDSA Signature Algorithm Selection SHA384-client
501 [13-ECDSA Signature Algorithm Selection SHA384-server]
502 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
503 CipherString = DEFAULT
504 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
505 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
506 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
507 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
508 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
509 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
510 MaxProtocol = TLSv1.2
511 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
513 [13-ECDSA Signature Algorithm Selection SHA384-client]
514 CipherString = DEFAULT
515 SignatureAlgorithms = ECDSA+SHA384
516 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
520 ExpectedResult = Success
521 ExpectedServerCertType = P-256
522 ExpectedServerSignHash = SHA384
523 ExpectedServerSignType = EC
526 # ===========================================================
528 [14-ECDSA Signature Algorithm Selection SHA1]
529 ssl_conf = 14-ECDSA Signature Algorithm Selection SHA1-ssl
531 [14-ECDSA Signature Algorithm Selection SHA1-ssl]
532 server = 14-ECDSA Signature Algorithm Selection SHA1-server
533 client = 14-ECDSA Signature Algorithm Selection SHA1-client
535 [14-ECDSA Signature Algorithm Selection SHA1-server]
536 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
537 CipherString = DEFAULT
538 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
539 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
540 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
541 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
542 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
543 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
544 MaxProtocol = TLSv1.2
545 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
547 [14-ECDSA Signature Algorithm Selection SHA1-client]
548 CipherString = DEFAULT
549 SignatureAlgorithms = ECDSA+SHA1
550 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
554 ExpectedResult = Success
555 ExpectedServerCertType = P-256
556 ExpectedServerSignHash = SHA1
557 ExpectedServerSignType = EC
560 # ===========================================================
562 [15-ECDSA Signature Algorithm Selection compressed point]
563 ssl_conf = 15-ECDSA Signature Algorithm Selection compressed point-ssl
565 [15-ECDSA Signature Algorithm Selection compressed point-ssl]
566 server = 15-ECDSA Signature Algorithm Selection compressed point-server
567 client = 15-ECDSA Signature Algorithm Selection compressed point-client
569 [15-ECDSA Signature Algorithm Selection compressed point-server]
570 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
571 CipherString = DEFAULT
572 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
573 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
574 MaxProtocol = TLSv1.2
575 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
577 [15-ECDSA Signature Algorithm Selection compressed point-client]
578 CipherString = DEFAULT
579 SignatureAlgorithms = ECDSA+SHA256
580 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
584 ExpectedResult = Success
585 ExpectedServerCertType = P-256
586 ExpectedServerSignHash = SHA256
587 ExpectedServerSignType = EC
590 # ===========================================================
592 [16-ECDSA Signature Algorithm Selection, no ECDSA certificate]
593 ssl_conf = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
595 [16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
596 server = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
597 client = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
599 [16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
600 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
601 CipherString = DEFAULT
602 MaxProtocol = TLSv1.2
603 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
605 [16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
606 CipherString = DEFAULT
607 SignatureAlgorithms = ECDSA+SHA256
608 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
612 ExpectedResult = ServerFail
615 # ===========================================================
617 [17-RSA Signature Algorithm Selection]
618 ssl_conf = 17-RSA Signature Algorithm Selection-ssl
620 [17-RSA Signature Algorithm Selection-ssl]
621 server = 17-RSA Signature Algorithm Selection-server
622 client = 17-RSA Signature Algorithm Selection-client
624 [17-RSA Signature Algorithm Selection-server]
625 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
626 CipherString = DEFAULT
627 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
628 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
629 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
630 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
631 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
632 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
633 MaxProtocol = TLSv1.2
634 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
636 [17-RSA Signature Algorithm Selection-client]
637 CipherString = DEFAULT
638 SignatureAlgorithms = RSA+SHA256
639 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
643 ExpectedResult = Success
644 ExpectedServerCertType = RSA
645 ExpectedServerSignHash = SHA256
646 ExpectedServerSignType = RSA
649 # ===========================================================
651 [18-RSA-PSS Signature Algorithm Selection]
652 ssl_conf = 18-RSA-PSS Signature Algorithm Selection-ssl
654 [18-RSA-PSS Signature Algorithm Selection-ssl]
655 server = 18-RSA-PSS Signature Algorithm Selection-server
656 client = 18-RSA-PSS Signature Algorithm Selection-client
658 [18-RSA-PSS Signature Algorithm Selection-server]
659 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
660 CipherString = DEFAULT
661 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
662 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
663 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
664 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
665 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
666 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
667 MaxProtocol = TLSv1.2
668 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
670 [18-RSA-PSS Signature Algorithm Selection-client]
671 CipherString = DEFAULT
672 SignatureAlgorithms = RSA-PSS+SHA256
673 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
677 ExpectedResult = Success
678 ExpectedServerCertType = RSA
679 ExpectedServerSignHash = SHA256
680 ExpectedServerSignType = RSA-PSS
683 # ===========================================================
685 [19-RSA-PSS Certificate Legacy Signature Algorithm Selection]
686 ssl_conf = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl
688 [19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl]
689 server = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server
690 client = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client
692 [19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server]
693 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
694 CipherString = DEFAULT
695 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
696 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
697 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
698 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
699 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
700 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
701 MaxProtocol = TLSv1.2
702 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
703 PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
704 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
706 [19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client]
707 CipherString = DEFAULT
708 SignatureAlgorithms = RSA-PSS+SHA256
709 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
713 ExpectedResult = Success
714 ExpectedServerCertType = RSA
715 ExpectedServerSignHash = SHA256
716 ExpectedServerSignType = RSA-PSS
719 # ===========================================================
721 [20-RSA-PSS Certificate Unified Signature Algorithm Selection]
722 ssl_conf = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl
724 [20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl]
725 server = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-server
726 client = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-client
728 [20-RSA-PSS Certificate Unified Signature Algorithm Selection-server]
729 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
730 CipherString = DEFAULT
731 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
732 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
733 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
734 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
735 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
736 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
737 MaxProtocol = TLSv1.2
738 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
739 PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
740 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
742 [20-RSA-PSS Certificate Unified Signature Algorithm Selection-client]
743 CipherString = DEFAULT
744 SignatureAlgorithms = rsa_pss_pss_sha256
745 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
749 ExpectedResult = Success
750 ExpectedServerCertType = RSA-PSS
751 ExpectedServerSignHash = SHA256
752 ExpectedServerSignType = RSA-PSS
755 # ===========================================================
757 [21-Only RSA-PSS Certificate]
758 ssl_conf = 21-Only RSA-PSS Certificate-ssl
760 [21-Only RSA-PSS Certificate-ssl]
761 server = 21-Only RSA-PSS Certificate-server
762 client = 21-Only RSA-PSS Certificate-client
764 [21-Only RSA-PSS Certificate-server]
765 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
766 CipherString = DEFAULT
767 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
769 [21-Only RSA-PSS Certificate-client]
770 CipherString = DEFAULT
771 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
775 ExpectedResult = Success
776 ExpectedServerCertType = RSA-PSS
777 ExpectedServerSignHash = SHA256
778 ExpectedServerSignType = RSA-PSS
781 # ===========================================================
783 [22-Only RSA-PSS Certificate Valid Signature Algorithms]
784 ssl_conf = 22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl
786 [22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl]
787 server = 22-Only RSA-PSS Certificate Valid Signature Algorithms-server
788 client = 22-Only RSA-PSS Certificate Valid Signature Algorithms-client
790 [22-Only RSA-PSS Certificate Valid Signature Algorithms-server]
791 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
792 CipherString = DEFAULT
793 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
795 [22-Only RSA-PSS Certificate Valid Signature Algorithms-client]
796 CipherString = DEFAULT
797 SignatureAlgorithms = rsa_pss_pss_sha512
798 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
802 ExpectedResult = Success
803 ExpectedServerCertType = RSA-PSS
804 ExpectedServerSignHash = SHA512
805 ExpectedServerSignType = RSA-PSS
808 # ===========================================================
810 [23-RSA-PSS Certificate, no PSS signature algorithms]
811 ssl_conf = 23-RSA-PSS Certificate, no PSS signature algorithms-ssl
813 [23-RSA-PSS Certificate, no PSS signature algorithms-ssl]
814 server = 23-RSA-PSS Certificate, no PSS signature algorithms-server
815 client = 23-RSA-PSS Certificate, no PSS signature algorithms-client
817 [23-RSA-PSS Certificate, no PSS signature algorithms-server]
818 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
819 CipherString = DEFAULT
820 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
822 [23-RSA-PSS Certificate, no PSS signature algorithms-client]
823 CipherString = DEFAULT
824 SignatureAlgorithms = RSA+SHA256
825 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
829 ExpectedResult = ServerFail
832 # ===========================================================
834 [24-Only RSA-PSS Restricted Certificate]
835 ssl_conf = 24-Only RSA-PSS Restricted Certificate-ssl
837 [24-Only RSA-PSS Restricted Certificate-ssl]
838 server = 24-Only RSA-PSS Restricted Certificate-server
839 client = 24-Only RSA-PSS Restricted Certificate-client
841 [24-Only RSA-PSS Restricted Certificate-server]
842 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
843 CipherString = DEFAULT
844 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
846 [24-Only RSA-PSS Restricted Certificate-client]
847 CipherString = DEFAULT
848 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
852 ExpectedResult = Success
853 ExpectedServerCertType = RSA-PSS
854 ExpectedServerSignHash = SHA256
855 ExpectedServerSignType = RSA-PSS
858 # ===========================================================
860 [25-RSA-PSS Restricted Certificate Valid Signature Algorithms]
861 ssl_conf = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl
863 [25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl]
864 server = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server
865 client = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client
867 [25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server]
868 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
869 CipherString = DEFAULT
870 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
872 [25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client]
873 CipherString = DEFAULT
874 SignatureAlgorithms = rsa_pss_pss_sha256:rsa_pss_pss_sha512
875 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
879 ExpectedResult = Success
880 ExpectedServerCertType = RSA-PSS
881 ExpectedServerSignHash = SHA256
882 ExpectedServerSignType = RSA-PSS
885 # ===========================================================
887 [26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm]
888 ssl_conf = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl
890 [26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl]
891 server = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server
892 client = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client
894 [26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server]
895 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
896 CipherString = DEFAULT
897 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
899 [26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client]
900 CipherString = DEFAULT
901 SignatureAlgorithms = rsa_pss_pss_sha512:rsa_pss_pss_sha256
902 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
906 ExpectedResult = Success
907 ExpectedServerCertType = RSA-PSS
908 ExpectedServerSignHash = SHA256
909 ExpectedServerSignType = RSA-PSS
912 # ===========================================================
914 [27-RSA-PSS Restricted Certificate Invalid Signature Algorithms]
915 ssl_conf = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl
917 [27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl]
918 server = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server
919 client = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client
921 [27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server]
922 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
923 CipherString = DEFAULT
924 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
926 [27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client]
927 CipherString = DEFAULT
928 SignatureAlgorithms = rsa_pss_pss_sha512
929 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
933 ExpectedResult = ServerFail
936 # ===========================================================
938 [28-RSA key exchange with all RSA certificate types]
939 ssl_conf = 28-RSA key exchange with all RSA certificate types-ssl
941 [28-RSA key exchange with all RSA certificate types-ssl]
942 server = 28-RSA key exchange with all RSA certificate types-server
943 client = 28-RSA key exchange with all RSA certificate types-client
945 [28-RSA key exchange with all RSA certificate types-server]
946 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
947 CipherString = DEFAULT
948 PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
949 PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
950 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
952 [28-RSA key exchange with all RSA certificate types-client]
954 MaxProtocol = TLSv1.2
955 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
959 ExpectedResult = Success
960 ExpectedServerCertType = RSA
963 # ===========================================================
965 [29-RSA key exchange with only RSA-PSS certificate]
966 ssl_conf = 29-RSA key exchange with only RSA-PSS certificate-ssl
968 [29-RSA key exchange with only RSA-PSS certificate-ssl]
969 server = 29-RSA key exchange with only RSA-PSS certificate-server
970 client = 29-RSA key exchange with only RSA-PSS certificate-client
972 [29-RSA key exchange with only RSA-PSS certificate-server]
973 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
974 CipherString = DEFAULT
975 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
977 [29-RSA key exchange with only RSA-PSS certificate-client]
979 MaxProtocol = TLSv1.2
980 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
984 ExpectedResult = ServerFail
987 # ===========================================================
989 [30-Suite B P-256 Hash Algorithm Selection]
990 ssl_conf = 30-Suite B P-256 Hash Algorithm Selection-ssl
992 [30-Suite B P-256 Hash Algorithm Selection-ssl]
993 server = 30-Suite B P-256 Hash Algorithm Selection-server
994 client = 30-Suite B P-256 Hash Algorithm Selection-client
996 [30-Suite B P-256 Hash Algorithm Selection-server]
997 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
998 CipherString = SUITEB128
999 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
1000 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem
1001 MaxProtocol = TLSv1.2
1002 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1004 [30-Suite B P-256 Hash Algorithm Selection-client]
1005 CipherString = DEFAULT
1006 SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256
1007 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
1011 ExpectedResult = Success
1012 ExpectedServerCertType = P-256
1013 ExpectedServerSignHash = SHA256
1014 ExpectedServerSignType = EC
1017 # ===========================================================
1019 [31-Suite B P-384 Hash Algorithm Selection]
1020 ssl_conf = 31-Suite B P-384 Hash Algorithm Selection-ssl
1022 [31-Suite B P-384 Hash Algorithm Selection-ssl]
1023 server = 31-Suite B P-384 Hash Algorithm Selection-server
1024 client = 31-Suite B P-384 Hash Algorithm Selection-client
1026 [31-Suite B P-384 Hash Algorithm Selection-server]
1027 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1028 CipherString = SUITEB128
1029 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
1030 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
1031 MaxProtocol = TLSv1.2
1032 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1034 [31-Suite B P-384 Hash Algorithm Selection-client]
1035 CipherString = DEFAULT
1036 SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384
1037 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
1041 ExpectedResult = Success
1042 ExpectedServerCertType = P-384
1043 ExpectedServerSignHash = SHA384
1044 ExpectedServerSignType = EC
1047 # ===========================================================
1049 [32-TLS 1.2 Ed25519 Client Auth]
1050 ssl_conf = 32-TLS 1.2 Ed25519 Client Auth-ssl
1052 [32-TLS 1.2 Ed25519 Client Auth-ssl]
1053 server = 32-TLS 1.2 Ed25519 Client Auth-server
1054 client = 32-TLS 1.2 Ed25519 Client Auth-client
1056 [32-TLS 1.2 Ed25519 Client Auth-server]
1057 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1058 CipherString = DEFAULT
1059 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1060 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1061 VerifyMode = Require
1063 [32-TLS 1.2 Ed25519 Client Auth-client]
1064 CipherString = DEFAULT
1065 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
1066 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
1067 MaxProtocol = TLSv1.2
1068 MinProtocol = TLSv1.2
1069 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1073 ExpectedClientCertType = Ed25519
1074 ExpectedClientSignType = Ed25519
1075 ExpectedResult = Success
1078 # ===========================================================
1080 [33-TLS 1.2 Ed448 Client Auth]
1081 ssl_conf = 33-TLS 1.2 Ed448 Client Auth-ssl
1083 [33-TLS 1.2 Ed448 Client Auth-ssl]
1084 server = 33-TLS 1.2 Ed448 Client Auth-server
1085 client = 33-TLS 1.2 Ed448 Client Auth-client
1087 [33-TLS 1.2 Ed448 Client Auth-server]
1088 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1089 CipherString = DEFAULT
1090 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1091 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1092 VerifyMode = Require
1094 [33-TLS 1.2 Ed448 Client Auth-client]
1095 CipherString = DEFAULT
1096 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
1097 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
1098 MaxProtocol = TLSv1.2
1099 MinProtocol = TLSv1.2
1100 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1104 ExpectedClientCertType = Ed448
1105 ExpectedClientSignType = Ed448
1106 ExpectedResult = Success
1109 # ===========================================================
1111 [34-Only RSA-PSS Certificate, TLS v1.1]
1112 ssl_conf = 34-Only RSA-PSS Certificate, TLS v1.1-ssl
1114 [34-Only RSA-PSS Certificate, TLS v1.1-ssl]
1115 server = 34-Only RSA-PSS Certificate, TLS v1.1-server
1116 client = 34-Only RSA-PSS Certificate, TLS v1.1-client
1118 [34-Only RSA-PSS Certificate, TLS v1.1-server]
1119 Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
1120 CipherString = DEFAULT
1121 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
1123 [34-Only RSA-PSS Certificate, TLS v1.1-client]
1124 CipherString = DEFAULT
1125 MaxProtocol = TLSv1.1
1126 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1130 ExpectedResult = ServerFail
1133 # ===========================================================
1135 [35-TLS 1.3 ECDSA Signature Algorithm Selection]
1136 ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl
1138 [35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl]
1139 server = 35-TLS 1.3 ECDSA Signature Algorithm Selection-server
1140 client = 35-TLS 1.3 ECDSA Signature Algorithm Selection-client
1142 [35-TLS 1.3 ECDSA Signature Algorithm Selection-server]
1143 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1144 CipherString = DEFAULT
1145 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1146 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1147 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1148 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1149 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1150 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1151 MaxProtocol = TLSv1.3
1152 MinProtocol = TLSv1.3
1153 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1155 [35-TLS 1.3 ECDSA Signature Algorithm Selection-client]
1156 CipherString = DEFAULT
1157 SignatureAlgorithms = ECDSA+SHA256
1158 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1162 ExpectedResult = Success
1163 ExpectedServerCANames = empty
1164 ExpectedServerCertType = P-256
1165 ExpectedServerSignHash = SHA256
1166 ExpectedServerSignType = EC
1169 # ===========================================================
1171 [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point]
1172 ssl_conf = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl
1174 [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl]
1175 server = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server
1176 client = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client
1178 [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server]
1179 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1180 CipherString = DEFAULT
1181 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
1182 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
1183 MaxProtocol = TLSv1.3
1184 MinProtocol = TLSv1.3
1185 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1187 [36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client]
1188 CipherString = DEFAULT
1189 SignatureAlgorithms = ECDSA+SHA256
1190 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1194 ExpectedResult = Success
1195 ExpectedServerCANames = empty
1196 ExpectedServerCertType = P-256
1197 ExpectedServerSignHash = SHA256
1198 ExpectedServerSignType = EC
1201 # ===========================================================
1203 [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1]
1204 ssl_conf = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl
1206 [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl]
1207 server = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server
1208 client = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
1210 [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
1211 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1212 CipherString = DEFAULT
1213 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1214 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1215 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1216 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1217 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1218 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1219 MaxProtocol = TLSv1.3
1220 MinProtocol = TLSv1.3
1221 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1223 [37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
1224 CipherString = DEFAULT
1225 SignatureAlgorithms = ECDSA+SHA1
1226 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1230 ExpectedResult = ServerFail
1233 # ===========================================================
1235 [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS]
1236 ssl_conf = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl
1238 [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl]
1239 server = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server
1240 client = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client
1242 [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server]
1243 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1244 CipherString = DEFAULT
1245 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1246 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1247 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1248 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1249 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1250 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1251 MaxProtocol = TLSv1.3
1252 MinProtocol = TLSv1.3
1253 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1255 [38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client]
1256 CipherString = DEFAULT
1257 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1258 SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256
1259 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1263 ExpectedResult = Success
1264 ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1265 ExpectedServerCertType = P-256
1266 ExpectedServerSignHash = SHA256
1267 ExpectedServerSignType = EC
1270 # ===========================================================
1272 [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS]
1273 ssl_conf = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl
1275 [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl]
1276 server = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server
1277 client = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client
1279 [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server]
1280 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1281 CipherString = DEFAULT
1282 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1283 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1284 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1285 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1286 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1287 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1288 MaxProtocol = TLSv1.3
1289 MinProtocol = TLSv1.3
1290 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1292 [39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client]
1293 CipherString = DEFAULT
1294 SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384
1295 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1299 ExpectedResult = Success
1300 ExpectedServerCertType = RSA
1301 ExpectedServerSignHash = SHA384
1302 ExpectedServerSignType = RSA-PSS
1305 # ===========================================================
1307 [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate]
1308 ssl_conf = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
1310 [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
1311 server = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server
1312 client = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client
1314 [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
1315 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1316 CipherString = DEFAULT
1317 MaxProtocol = TLSv1.3
1318 MinProtocol = TLSv1.3
1319 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1321 [40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
1322 CipherString = DEFAULT
1323 SignatureAlgorithms = ECDSA+SHA256
1324 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1328 ExpectedResult = ServerFail
1331 # ===========================================================
1333 [41-TLS 1.3 RSA Signature Algorithm Selection, no PSS]
1334 ssl_conf = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl
1336 [41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl]
1337 server = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server
1338 client = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client
1340 [41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server]
1341 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1342 CipherString = DEFAULT
1343 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1344 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1345 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1346 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1347 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1348 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1349 MaxProtocol = TLSv1.3
1350 MinProtocol = TLSv1.3
1351 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1353 [41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client]
1354 CipherString = DEFAULT
1355 SignatureAlgorithms = RSA+SHA256
1356 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1360 ExpectedResult = ServerFail
1363 # ===========================================================
1365 [42-TLS 1.3 RSA-PSS Signature Algorithm Selection]
1366 ssl_conf = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl
1368 [42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl]
1369 server = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server
1370 client = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client
1372 [42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server]
1373 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1374 CipherString = DEFAULT
1375 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1376 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1377 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1378 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1379 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1380 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1381 MaxProtocol = TLSv1.3
1382 MinProtocol = TLSv1.3
1383 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1385 [42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client]
1386 CipherString = DEFAULT
1387 SignatureAlgorithms = RSA-PSS+SHA256
1388 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1392 ExpectedResult = Success
1393 ExpectedServerCertType = RSA
1394 ExpectedServerSignHash = SHA256
1395 ExpectedServerSignType = RSA-PSS
1398 # ===========================================================
1400 [43-TLS 1.3 Ed25519 Signature Algorithm Selection]
1401 ssl_conf = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl
1403 [43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl]
1404 server = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-server
1405 client = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-client
1407 [43-TLS 1.3 Ed25519 Signature Algorithm Selection-server]
1408 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1409 CipherString = DEFAULT
1410 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1411 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1412 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1413 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1414 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1415 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1416 MaxProtocol = TLSv1.3
1417 MinProtocol = TLSv1.3
1418 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1420 [43-TLS 1.3 Ed25519 Signature Algorithm Selection-client]
1421 CipherString = DEFAULT
1422 SignatureAlgorithms = ed25519
1423 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1427 ExpectedResult = Success
1428 ExpectedServerCertType = Ed25519
1429 ExpectedServerSignType = Ed25519
1432 # ===========================================================
1434 [44-TLS 1.3 Ed448 Signature Algorithm Selection]
1435 ssl_conf = 44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl
1437 [44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl]
1438 server = 44-TLS 1.3 Ed448 Signature Algorithm Selection-server
1439 client = 44-TLS 1.3 Ed448 Signature Algorithm Selection-client
1441 [44-TLS 1.3 Ed448 Signature Algorithm Selection-server]
1442 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1443 CipherString = DEFAULT
1444 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1445 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1446 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1447 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1448 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1449 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1450 MaxProtocol = TLSv1.3
1451 MinProtocol = TLSv1.3
1452 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1454 [44-TLS 1.3 Ed448 Signature Algorithm Selection-client]
1455 CipherString = DEFAULT
1456 SignatureAlgorithms = ed448
1457 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
1461 ExpectedResult = Success
1462 ExpectedServerCertType = Ed448
1463 ExpectedServerSignType = Ed448
1466 # ===========================================================
1468 [45-TLS 1.3 Ed25519 CipherString and Groups Selection]
1469 ssl_conf = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl
1471 [45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl]
1472 server = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-server
1473 client = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-client
1475 [45-TLS 1.3 Ed25519 CipherString and Groups Selection-server]
1476 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1477 CipherString = DEFAULT
1478 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1479 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1480 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1481 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1482 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1483 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1484 MaxProtocol = TLSv1.3
1485 MinProtocol = TLSv1.3
1486 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1488 [45-TLS 1.3 Ed25519 CipherString and Groups Selection-client]
1489 CipherString = DEFAULT
1491 SignatureAlgorithms = ECDSA+SHA256:ed25519
1492 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1496 ExpectedResult = Success
1497 ExpectedServerCertType = P-256
1498 ExpectedServerSignType = EC
1501 # ===========================================================
1503 [46-TLS 1.3 Ed448 CipherString and Groups Selection]
1504 ssl_conf = 46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl
1506 [46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl]
1507 server = 46-TLS 1.3 Ed448 CipherString and Groups Selection-server
1508 client = 46-TLS 1.3 Ed448 CipherString and Groups Selection-client
1510 [46-TLS 1.3 Ed448 CipherString and Groups Selection-server]
1511 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1512 CipherString = DEFAULT
1513 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
1514 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
1515 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
1516 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
1517 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
1518 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
1519 MaxProtocol = TLSv1.3
1520 MinProtocol = TLSv1.3
1521 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1523 [46-TLS 1.3 Ed448 CipherString and Groups Selection-client]
1524 CipherString = DEFAULT
1526 SignatureAlgorithms = ECDSA+SHA256:ed448
1527 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1531 ExpectedResult = Success
1532 ExpectedServerCertType = P-256
1533 ExpectedServerSignType = EC
1536 # ===========================================================
1538 [47-TLS 1.3 RSA Client Auth Signature Algorithm Selection]
1539 ssl_conf = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl
1541 [47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl]
1542 server = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server
1543 client = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client
1545 [47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server]
1546 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1547 CipherString = DEFAULT
1548 ClientSignatureAlgorithms = PSS+SHA256
1549 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1550 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1551 VerifyMode = Require
1553 [47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client]
1554 CipherString = DEFAULT
1555 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1556 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1557 MaxProtocol = TLSv1.3
1558 MinProtocol = TLSv1.3
1559 RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1560 RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1561 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1565 ExpectedClientCANames = empty
1566 ExpectedClientCertType = RSA
1567 ExpectedClientSignHash = SHA256
1568 ExpectedClientSignType = RSA-PSS
1569 ExpectedResult = Success
1572 # ===========================================================
1574 [48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names]
1575 ssl_conf = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl
1577 [48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl]
1578 server = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server
1579 client = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client
1581 [48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server]
1582 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1583 CipherString = DEFAULT
1584 ClientSignatureAlgorithms = PSS+SHA256
1585 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1586 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1587 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1588 VerifyMode = Require
1590 [48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client]
1591 CipherString = DEFAULT
1592 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1593 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1594 MaxProtocol = TLSv1.3
1595 MinProtocol = TLSv1.3
1596 RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1597 RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1598 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1602 ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1603 ExpectedClientCertType = RSA
1604 ExpectedClientSignHash = SHA256
1605 ExpectedClientSignType = RSA-PSS
1606 ExpectedResult = Success
1609 # ===========================================================
1611 [49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection]
1612 ssl_conf = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl
1614 [49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl]
1615 server = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server
1616 client = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client
1618 [49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server]
1619 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1620 CipherString = DEFAULT
1621 ClientSignatureAlgorithms = ECDSA+SHA256
1622 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1623 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1624 VerifyMode = Require
1626 [49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client]
1627 CipherString = DEFAULT
1628 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
1629 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
1630 MaxProtocol = TLSv1.3
1631 MinProtocol = TLSv1.3
1632 RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
1633 RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
1634 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1638 ExpectedClientCertType = P-256
1639 ExpectedClientSignHash = SHA256
1640 ExpectedClientSignType = EC
1641 ExpectedResult = Success
1644 # ===========================================================
1646 [50-TLS 1.3 Ed25519 Client Auth]
1647 ssl_conf = 50-TLS 1.3 Ed25519 Client Auth-ssl
1649 [50-TLS 1.3 Ed25519 Client Auth-ssl]
1650 server = 50-TLS 1.3 Ed25519 Client Auth-server
1651 client = 50-TLS 1.3 Ed25519 Client Auth-client
1653 [50-TLS 1.3 Ed25519 Client Auth-server]
1654 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1655 CipherString = DEFAULT
1656 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1657 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1658 VerifyMode = Require
1660 [50-TLS 1.3 Ed25519 Client Auth-client]
1661 CipherString = DEFAULT
1662 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
1663 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
1664 MaxProtocol = TLSv1.3
1665 MinProtocol = TLSv1.3
1666 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1670 ExpectedClientCertType = Ed25519
1671 ExpectedClientSignType = Ed25519
1672 ExpectedResult = Success
1675 # ===========================================================
1677 [51-TLS 1.3 Ed448 Client Auth]
1678 ssl_conf = 51-TLS 1.3 Ed448 Client Auth-ssl
1680 [51-TLS 1.3 Ed448 Client Auth-ssl]
1681 server = 51-TLS 1.3 Ed448 Client Auth-server
1682 client = 51-TLS 1.3 Ed448 Client Auth-client
1684 [51-TLS 1.3 Ed448 Client Auth-server]
1685 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1686 CipherString = DEFAULT
1687 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1688 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1689 VerifyMode = Require
1691 [51-TLS 1.3 Ed448 Client Auth-client]
1692 CipherString = DEFAULT
1693 EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
1694 EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
1695 MaxProtocol = TLSv1.3
1696 MinProtocol = TLSv1.3
1697 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1701 ExpectedClientCertType = Ed448
1702 ExpectedClientSignType = Ed448
1703 ExpectedResult = Success
1706 # ===========================================================
1708 [52-TLS 1.3 ECDSA with brainpool]
1709 ssl_conf = 52-TLS 1.3 ECDSA with brainpool-ssl
1711 [52-TLS 1.3 ECDSA with brainpool-ssl]
1712 server = 52-TLS 1.3 ECDSA with brainpool-server
1713 client = 52-TLS 1.3 ECDSA with brainpool-client
1715 [52-TLS 1.3 ECDSA with brainpool-server]
1716 Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
1717 CipherString = DEFAULT
1718 Groups = brainpoolP256r1
1719 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
1721 [52-TLS 1.3 ECDSA with brainpool-client]
1722 CipherString = DEFAULT
1723 Groups = brainpoolP256r1
1724 MaxProtocol = TLSv1.3
1725 MinProtocol = TLSv1.3
1726 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1727 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1731 ExpectedResult = ServerFail
1734 # ===========================================================
1736 [53-TLS 1.2 DSA Certificate Test]
1737 ssl_conf = 53-TLS 1.2 DSA Certificate Test-ssl
1739 [53-TLS 1.2 DSA Certificate Test-ssl]
1740 server = 53-TLS 1.2 DSA Certificate Test-server
1741 client = 53-TLS 1.2 DSA Certificate Test-client
1743 [53-TLS 1.2 DSA Certificate Test-server]
1744 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1746 DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
1747 DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
1748 DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
1749 MaxProtocol = TLSv1.2
1750 MinProtocol = TLSv1.2
1751 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1753 [53-TLS 1.2 DSA Certificate Test-client]
1755 SignatureAlgorithms = DSA+SHA256:DSA+SHA1
1756 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1760 ExpectedResult = Success
1763 # ===========================================================
1765 [54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms]
1766 ssl_conf = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl
1768 [54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl]
1769 server = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server
1770 client = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client
1772 [54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server]
1773 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1774 CipherString = DEFAULT
1775 ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256
1776 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1777 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
1778 VerifyMode = Request
1780 [54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client]
1781 CipherString = DEFAULT
1782 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1786 ExpectedResult = ServerFail
1789 # ===========================================================
1791 [55-TLS 1.3 DSA Certificate Test]
1792 ssl_conf = 55-TLS 1.3 DSA Certificate Test-ssl
1794 [55-TLS 1.3 DSA Certificate Test-ssl]
1795 server = 55-TLS 1.3 DSA Certificate Test-server
1796 client = 55-TLS 1.3 DSA Certificate Test-client
1798 [55-TLS 1.3 DSA Certificate Test-server]
1799 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
1801 DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
1802 DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
1803 MaxProtocol = TLSv1.3
1804 MinProtocol = TLSv1.3
1805 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
1807 [55-TLS 1.3 DSA Certificate Test-client]
1809 SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256
1810 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
1814 ExpectedResult = ServerFail