Add the SSL_METHOD for TLSv1.3 and all other base changes required

Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.

This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol
and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not
a "real" TLS1.3 ciphersuite).

Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/apps/apps.h b/apps/apps.h
index 9dc473767e13cf91622d1078a34e0500973b5a72..d9f7c08e94ddc70bf8ba1df4431523ccac0033da 100644 (file)
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -210,7 +210,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
 # define OPT_S_ENUM \
         OPT_S__FIRST=3000, \
         OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
-        OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
+        OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
         OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
         OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \
         OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \
@@ -222,6 +222,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
         {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \
         {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
         {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \
+        {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \
         {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \
         {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
         {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
@@ -259,6 +260,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
         case OPT_S_NOTLS1: \
         case OPT_S_NOTLS1_1: \
         case OPT_S_NOTLS1_2: \
+        case OPT_S_NOTLS1_3: \
         case OPT_S_BUGS: \
         case OPT_S_NO_COMP: \
         case OPT_S_COMP: \
@@ -279,7 +281,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
 
 #define IS_NO_PROT_FLAG(o) \
  (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
-  || o == OPT_S_NOTLS1_2)
+  || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
 
 /*
  * Option parsing.

diff --git a/apps/ciphers.c b/apps/ciphers.c
index 7b99757d7b465e10d7fdd5e8eb238373d7dcca21..531bf8db2302d6a0b9f3e4d62401f0be49304d2e 100644 (file)
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -21,6 +21,7 @@ typedef enum OPTION_choice {
     OPT_TLS1,
     OPT_TLS1_1,
     OPT_TLS1_2,
+    OPT_TLS1_3,
     OPT_PSK,
     OPT_SRP,
     OPT_V, OPT_UPPER_V, OPT_S
@@ -43,6 +44,9 @@ const OPTIONS ciphers_options[] = {
 #ifndef OPENSSL_NO_TLS1_2
     {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
 #endif
+#ifndef OPENSSL_NO_TLS1_3
+    {"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"},
+#endif
 #ifndef OPENSSL_NO_SSL_TRACE
     {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
 #endif
@@ -135,6 +139,10 @@ int ciphers_main(int argc, char **argv)
             min_version = TLS1_2_VERSION;
             max_version = TLS1_2_VERSION;
             break;
+        case OPT_TLS1_3:
+            min_version = TLS1_3_VERSION;
+            max_version = TLS1_3_VERSION;
+            break;
         case OPT_PSK:
 #ifndef OPENSSL_NO_PSK
             psk = 1;

diff --git a/apps/s_cb.c b/apps/s_cb.c
index 9535f12690c27ac1927093b76b3a486b18d08416..c37b9a1cda9b6a0d9e81def525695fd9d7d91a6d 100644 (file)
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -453,6 +453,7 @@ static STRINT_PAIR ssl_versions[] = {
     {"TLS 1.0", TLS1_VERSION},
     {"TLS 1.1", TLS1_1_VERSION},
     {"TLS 1.2", TLS1_2_VERSION},
+    {"TLS 1.3", TLS1_3_VERSION},
     {"DTLS 1.0", DTLS1_VERSION},
     {"DTLS 1.0 (bad)", DTLS1_BAD_VER},
     {NULL}
@@ -522,6 +523,7 @@ void msg_cb(int write_p, int version, int content_type, const void *buf,
         version == TLS1_VERSION ||
         version == TLS1_1_VERSION ||
         version == TLS1_2_VERSION ||
+        version == TLS1_3_VERSION ||
         version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
         switch (content_type) {
         case 20:

diff --git a/apps/s_client.c b/apps/s_client.c
index 55803e98dd05f58119e123182ca1c9b3134b7d04..a407303a07b22300a77dae34b3730de22372dbba 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -539,7 +539,7 @@ typedef enum OPTION_choice {
     OPT_SRP_MOREGROUPS,
 #endif
     OPT_SSL3, OPT_SSL_CONFIG,
-    OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
+    OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
     OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS,
     OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH,
         OPT_VERIFYCAPATH,
@@ -680,6 +680,9 @@ const OPTIONS s_client_options[] = {
 #ifndef OPENSSL_NO_TLS1_2
     {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
 #endif
+#ifndef OPENSSL_NO_TLS1_3
+    {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"},
+#endif
 #ifndef OPENSSL_NO_DTLS
     {"dtls", OPT_DTLS, '-', "Use any version of DTLS"},
     {"timeout", OPT_TIMEOUT, '-',
@@ -762,7 +765,7 @@ static const OPT_PAIR services[] = {
 
 #define IS_PROT_FLAG(o) \
  (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
-  || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
+  || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
 
 /* Free |*dest| and optionally set it to a copy of |source|. */
 static void freeandcopy(char **dest, const char *source)
@@ -1156,6 +1159,10 @@ int s_client_main(int argc, char **argv)
             min_version = SSL3_VERSION;
             max_version = SSL3_VERSION;
             break;
+        case OPT_TLS1_3:
+            min_version = TLS1_3_VERSION;
+            max_version = TLS1_3_VERSION;
+            break;
         case OPT_TLS1_2:
             min_version = TLS1_2_VERSION;
             max_version = TLS1_2_VERSION;

diff --git a/apps/s_server.c b/apps/s_server.c
index d32b9dffd5102a6736611878f93416168d57cd5b..24841c528eb1d3d83d1e4e7bc5856c29d65b7e08 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -669,7 +669,7 @@ typedef enum OPTION_choice {
     OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
     OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC,
     OPT_SSL_CONFIG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,
-    OPT_SSL3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
+    OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
     OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN,
     OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
     OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
@@ -834,6 +834,9 @@ const OPTIONS s_server_options[] = {
 #ifndef OPENSSL_NO_TLS1_2
     {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
 #endif
+#ifndef OPENSSL_NO_TLS1_3
+    {"tls1_3", OPT_TLS1_3, '-', "just talk TLSv1.3"},
+#endif
 #ifndef OPENSSL_NO_DTLS
     {"dtls", OPT_DTLS, '-', "Use any DTLS version"},
     {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
@@ -868,7 +871,7 @@ const OPTIONS s_server_options[] = {
 
 #define IS_PROT_FLAG(o) \
  (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
-  || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
+  || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
 
 int s_server_main(int argc, char *argv[])
 {
@@ -1321,6 +1324,10 @@ int s_server_main(int argc, char *argv[])
             min_version = SSL3_VERSION;
             max_version = SSL3_VERSION;
             break;
+        case OPT_TLS1_3:
+            min_version = TLS1_3_VERSION;
+            max_version = TLS1_3_VERSION;
+            break;
         case OPT_TLS1_2:
             min_version = TLS1_2_VERSION;
             max_version = TLS1_2_VERSION;

diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
index c392077653980170fb18a2b1fcec7f6037f3466a..30f572139c9050b6a95930acc5cfd2eb614c3c9d 100644 (file)
--- a/doc/man1/ciphers.pod
+++ b/doc/man1/ciphers.pod
@@ -15,6 +15,7 @@ B<openssl> B<ciphers>
 [B<-tls1>]
 [B<-tls1_1>]
 [B<-tls1_2>]
+[B<-tls1_3>]
 [B<-s>]
 [B<-psk>]
 [B<-srp>]
@@ -69,6 +70,11 @@ L<SSL_CIPHER_description(3)>.
 
 Like B<-v>, but include the official cipher suite values in hex.
 
+=item B<-tls1_3>
+
+In combination with the B<-s> option, list the ciphers which would be used if
+TLSv1.3 were negotiated.
+
 =item B<-tls1_2>
 
 In combination with the B<-s> option, list the ciphers which would be used if

diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index 4a2a28021c52cd78737faf051f691c72aebd0f13..4f21ea4093a5dfc4efad9f3afda4e83def00744a 100644 (file)
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -68,10 +68,12 @@ B<openssl> B<s_client>
 [B<-tls1>]
 [B<-tls1_1>]
 [B<-tls1_2>]
+[B<-tls1_3>]
 [B<-no_ssl3>]
 [B<-no_tls1>]
 [B<-no_tls1_1>]
 [B<-no_tls1_2>]
+[B<-no_tls1_3>]
 [B<-dtls>]
 [B<-dtls1>]
 [B<-dtls1_2>]
@@ -336,7 +338,7 @@ Use the PSK key B<key> when using a PSK cipher suite. The key is
 given as a hexadecimal number without leading 0x, for example -psk
 1a2b3c4d.
 
-=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
 
 These options require or disable the use of the specified SSL or TLS protocols.
 By default B<s_client> will negotiate the highest mutually supported protocol

diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index b0d7888730f6ac14302dcf96c206fce1f612a1f0..b6c56599725b948dcad47be691ec2e23c1ba9312 100644 (file)
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -69,6 +69,9 @@ B<openssl> B<s_server>
 [B<-quiet>]
 [B<-ssl3>]
 [B<-tls1>]
+[B<-tls1_1>]
+[B<-tls1_2>]
+[B<-tls1_3>]
 [B<-dtls>]
 [B<-dtls1>]
 [B<-dtls1_2>]
@@ -81,6 +84,7 @@ B<openssl> B<s_server>
 [B<-no_tls1>]
 [B<-no_tls1_1>]
 [B<-no_tls1_2>]
+[B<-no_tls1_3>]
 [B<-no_dhe>]
 [B<-bugs>]
 [B<-comp>]
@@ -295,7 +299,7 @@ Use the PSK key B<key> when using a PSK cipher suite. The key is
 given as a hexadecimal number without leading 0x, for example -psk
 1a2b3c4d.
 
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
 
 These options require or disable the use of the specified SSL or TLS protocols.
 By default B<s_server> will negotiate the highest mutually supported protocol

diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index d8c0e9b95df4121e57b3883c99719f87fd0d3c80..60b80d39eee3ea6bd3486fd265ce03db70cf28e7 100644 (file)
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -121,12 +121,13 @@ if specified.
 To restrict the supported protocol versions use these commands rather
 than the deprecated alternative commands below.
 
-=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
+=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
 
-Disables protocol support for SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2 by setting the
-corresponding options B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, B<SSL_OP_NO_TLSv1_1>
-and B<SSL_OP_NO_TLSv1_2> respectively.
-These options are deprecated, instead use B<-min_protocol> and B<-max_protocol>.
+Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by
+setting the corresponding options B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>,
+B<SSL_OP_NO_TLSv1_1>, B<SSL_OP_NO_TLSv1_2> and B<SSL_OP_NO_TLSv1_3>
+respectively. These options are deprecated, instead use B<-min_protocol> and
+B<-max_protocol>.
 
 =item B<-bugs>
 

diff --git a/doc/man3/SSL_CTX_new.pod b/doc/man3/SSL_CTX_new.pod
index 29387d343f1d3d86675dddee0b20713a31323ee3..512fca8de036d5ac921f2df5ea7ec78d27fe7237 100644 (file)
--- a/doc/man3/SSL_CTX_new.pod
+++ b/doc/man3/SSL_CTX_new.pod
@@ -156,12 +156,12 @@ and be able to negotiate with all possible clients, but to only
 allow newer protocols like TLS 1.0, TLS 1.1 or TLS 1.2.
 
 The list of protocols available can also be limited using the
-B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, B<SSL_OP_NO_TLSv1_1> and
-B<SSL_OP_NO_TLSv1_2> options of the L<SSL_CTX_set_options(3)> or
-L<SSL_set_options(3)> functions, but this approach is not recommended.
-Clients should avoid creating "holes" in the set of protocols they support.
-When disabling a protocol, make sure that you also disable either all previous
-or all subsequent protocol versions.
+B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>, B<SSL_OP_NO_TLSv1_1>,
+B<SSL_OP_NO_TLSv1_3> and B<SSL_OP_NO_TLSv1_2> options of the
+L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions, but this approach
+is not recommended. Clients should avoid creating "holes" in the set of
+protocols they support. When disabling a protocol, make sure that you also
+disable either all previous or all subsequent protocol versions.
 In clients, when a protocol version is disabled without disabling I<all>
 previous protocol versions, the effect is to also disable all subsequent
 protocol versions.

diff --git a/doc/man3/SSL_CTX_set_min_proto_version.pod b/doc/man3/SSL_CTX_set_min_proto_version.pod
index 3e9fe80b7073900c948e0cd9da020f2bae5bd3c1..5996d48fe33d5c9b3b7a8f3e9786fab6751f6737 100644 (file)
--- a/doc/man3/SSL_CTX_set_min_proto_version.pod
+++ b/doc/man3/SSL_CTX_set_min_proto_version.pod
@@ -29,8 +29,8 @@ versions down to the lowest version, or up to the highest version
 supported by the library, respectively.
 
 Currently supported versions are B<SSL3_VERSION>, B<TLS1_VERSION>,
-B<TLS1_1_VERSION>, B<TLS1_2_VERSION> for TLS and B<DTLS1_VERSION>,
-B<DTLS1_2_VERSION> for DTLS.
+B<TLS1_1_VERSION>, B<TLS1_2_VERSION>, B<TLS1_3_VERSION> for TLS and
+B<DTLS1_VERSION>, B<DTLS1_2_VERSION> for DTLS.
 
 =head1 RETURN VALUES
 

diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod
index 63609f3a3192b71ee89ba6bd546a602bbcda3fa2..921c812ef3b72d60bf8b7d264c03af212ccd0a4a 100644 (file)
--- a/doc/man3/SSL_CTX_set_options.pod
+++ b/doc/man3/SSL_CTX_set_options.pod
@@ -155,9 +155,9 @@ own preferences.
 
 
 =item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1,
-SSL_OP_NO_TLSv1_2, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2
+SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2
 
-These options turn off the SSLv3, TLSv1, TLSv1.1 or TLSv1.2 protocol
+These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol
 versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS,
 respectively.
 As of OpenSSL 1.1.0, these options are deprecated, use

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 20013dbfe89c038a03e8a5a5c6e970c272ad76cf..f0aa306133faeaa1327fb83555c19e5cc457952a 100644 (file)
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -343,12 +343,13 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type,
 # define SSL_OP_NO_TLSv1                                 0x04000000U
 # define SSL_OP_NO_TLSv1_2                               0x08000000U
 # define SSL_OP_NO_TLSv1_1                               0x10000000U
+# define SSL_OP_NO_TLSv1_3                               0x20000000U
 
 # define SSL_OP_NO_DTLSv1                                0x04000000U
 # define SSL_OP_NO_DTLSv1_2                              0x08000000U
 
 # define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\
-        SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2)
+        SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3)
 # define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2)
 
 

diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 23e382cdd3f266a158184e4d26f99f7c32c9d85a..3f7e749c694b1b6b344ec5720ff88e3880180297 100644 (file)
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -65,7 +65,8 @@ extern "C" {
 # define TLS1_VERSION                    0x0301
 # define TLS1_1_VERSION                  0x0302
 # define TLS1_2_VERSION                  0x0303
-# define TLS_MAX_VERSION                 TLS1_2_VERSION
+# define TLS1_3_VERSION                  0x0304
+# define TLS_MAX_VERSION                 TLS1_3_VERSION
 
 /* Special value for method supporting multiple versions */
 # define TLS_ANY_VERSION                 0x10000
@@ -599,6 +600,9 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305           0x0300CCAD
 # define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305           0x0300CCAE
 
+/* TLS v1.3 ciphersuites */
+# define TLS1_3_CK_AES_128_GCM_SHA256                     0x03000D01
+
 /*
  * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
  * ciphers names with "EDH" instead of "DHE".  Going forward, we should be
@@ -868,6 +872,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 # define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305           "DHE-PSK-CHACHA20-POLY1305"
 # define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305           "RSA-PSK-CHACHA20-POLY1305"
 
+/* TLSv1.3 ciphersuites */
+/*
+ * TODO(TLS1.3): Review the naming scheme for TLSv1.3 ciphers and also the
+ * cipherstring selection process for these ciphers
+ */
+# define TLS1_3_TXT_AES_128_GCM_SHA256                     "TLS13-AES-128-GCM-SHA256"
+
 # define TLS_CT_RSA_SIGN                 1
 # define TLS_CT_DSS_SIGN                 2
 # define TLS_CT_RSA_FIXED_DH             3

diff --git a/ssl/methods.c b/ssl/methods.c
index c846143277f7c507069feabbfe10356490d0b78f..f0926b7ce0ba54e812b8a1ec15a60efdec8083be 100644 (file)
--- a/ssl/methods.c
+++ b/ssl/methods.c
@@ -19,6 +19,12 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
                         TLS_method,
                         ossl_statem_accept,
                         ossl_statem_connect, TLSv1_2_enc_data)
+#ifndef OPENSSL_NO_TLS1_3_METHOD
+IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3,
+                        tlsv1_3_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_3_enc_data)
+#endif
 #ifndef OPENSSL_NO_TLS1_2_METHOD
 IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
                         tlsv1_2_method,
@@ -46,6 +52,12 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
                         TLS_server_method,
                         ossl_statem_accept,
                         ssl_undefined_function, TLSv1_2_enc_data)
+#ifndef OPENSSL_NO_TLS1_3_METHOD
+IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3,
+                        tlsv1_3_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_3_enc_data)
+#endif
 #ifndef OPENSSL_NO_TLS1_2_METHOD
 IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
                         tlsv1_2_server_method,
@@ -75,6 +87,12 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
                         TLS_client_method,
                         ssl_undefined_function,
                         ossl_statem_connect, TLSv1_2_enc_data)
+#ifndef OPENSSL_NO_TLS1_3_METHOD
+IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3,
+                        tlsv1_3_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_3_enc_data)
+#endif
 #ifndef OPENSSL_NO_TLS1_2_METHOD
 IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
                         tlsv1_2_client_method,

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index d19b97a4d9843bb93985ac808547bc605f1a1216..ffdb45403ddf824ea64bc49079c6a1b4e2093377 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -834,6 +834,21 @@ static SSL_CIPHER ssl3_ciphers[] = {
      256,
      256,
      },
+    {
+     1,
+     TLS1_3_TXT_AES_128_GCM_SHA256,
+     TLS1_3_CK_AES_128_GCM_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_3_VERSION, TLS1_3_VERSION,
+     0, 0,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
 
 #ifndef OPENSSL_NO_EC
     {

diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 39579460926036f43601c8a6c8b98b6447841573..63687b5ba1f4e798f1918dc516c6d9e7a474eb17 100644 (file)
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -257,6 +257,7 @@ static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value)
         SSL_FLAG_TBL_INV("TLSv1", SSL_OP_NO_TLSv1),
         SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1),
         SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2),
+        SSL_FLAG_TBL_INV("TLSv1.3", SSL_OP_NO_TLSv1_3),
         SSL_FLAG_TBL_INV("DTLSv1", SSL_OP_NO_DTLSv1),
         SSL_FLAG_TBL_INV("DTLSv1.2", SSL_OP_NO_DTLSv1_2)
     };
@@ -282,6 +283,7 @@ static int protocol_from_string(const char *value)
         {"TLSv1", TLS1_VERSION},
         {"TLSv1.1", TLS1_1_VERSION},
         {"TLSv1.2", TLS1_2_VERSION},
+        {"TLSv1.3", TLS1_3_VERSION},
         {"DTLSv1", DTLS1_VERSION},
         {"DTLSv1.2", DTLS1_2_VERSION}
     };
@@ -526,6 +528,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
     SSL_CONF_CMD_SWITCH("no_tls1", 0),
     SSL_CONF_CMD_SWITCH("no_tls1_1", 0),
     SSL_CONF_CMD_SWITCH("no_tls1_2", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1_3", 0),
     SSL_CONF_CMD_SWITCH("bugs", 0),
     SSL_CONF_CMD_SWITCH("no_comp", 0),
     SSL_CONF_CMD_SWITCH("comp", 0),
@@ -583,6 +586,7 @@ static const ssl_switch_tbl ssl_cmd_switches[] = {
     {SSL_OP_NO_TLSv1, 0},       /* no_tls1 */
     {SSL_OP_NO_TLSv1_1, 0},     /* no_tls1_1 */
     {SSL_OP_NO_TLSv1_2, 0},     /* no_tls1_2 */
+    {SSL_OP_NO_TLSv1_3, 0},     /* no_tls1_3 */
     {SSL_OP_ALL, 0},            /* bugs */
     {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */
     {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 8bf872beec09ea6fd1de0f5dddaf0d8486a1fb23..84dd39371a2fd5f782619b58a9a78cdbbf04e0ad 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3072,7 +3072,9 @@ const SSL_METHOD *ssl_bad_method(int ver)
 
 const char *ssl_protocol_to_string(int version)
 {
-    if (version == TLS1_2_VERSION)
+    if (version == TLS1_3_VERSION)
+        return "TLSv1.3";
+    else if (version == TLS1_2_VERSION)
         return "TLSv1.2";
     else if (version == TLS1_1_VERSION)
         return "TLSv1.1";

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 8a7e1a9474e28332270903260bee2abad39257e0..d5a6fe236e47449403703c80ad8a1cfb553e3664 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1641,6 +1641,9 @@ __owur const SSL_METHOD *tlsv1_1_client_method(void);
 __owur const SSL_METHOD *tlsv1_2_method(void);
 __owur const SSL_METHOD *tlsv1_2_server_method(void);
 __owur const SSL_METHOD *tlsv1_2_client_method(void);
+__owur const SSL_METHOD *tlsv1_3_method(void);
+__owur const SSL_METHOD *tlsv1_3_server_method(void);
+__owur const SSL_METHOD *tlsv1_3_client_method(void);
 __owur const SSL_METHOD *dtlsv1_method(void);
 __owur const SSL_METHOD *dtlsv1_server_method(void);
 __owur const SSL_METHOD *dtlsv1_client_method(void);
@@ -1652,6 +1655,7 @@ __owur const SSL_METHOD *dtlsv1_2_client_method(void);
 extern const SSL3_ENC_METHOD TLSv1_enc_data;
 extern const SSL3_ENC_METHOD TLSv1_1_enc_data;
 extern const SSL3_ENC_METHOD TLSv1_2_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_3_enc_data;
 extern const SSL3_ENC_METHOD SSLv3_enc_data;
 extern const SSL3_ENC_METHOD DTLSv1_enc_data;
 extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index eee1ca1f5bcc59be8db7cce5251489989804fc47..e0ec918c919565bccc4f41c85fc23faab1b83f95 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -320,6 +320,9 @@ int ssl_get_new_session(SSL *s, int session)
         } else if (s->version == TLS1_2_VERSION) {
             ss->ssl_version = TLS1_2_VERSION;
             ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        } else if (s->version == TLS1_3_VERSION) {
+            ss->ssl_version = TLS1_3_VERSION;
+            ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
         } else if (s->version == DTLS1_BAD_VER) {
             ss->ssl_version = DTLS1_BAD_VER;
             ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index c185d7c72a5d15f969335234d9922dbeed715f79..a3d8d1ee26420335d096600cb25d7b02d9d84379 100644 (file)
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -647,11 +647,16 @@ typedef struct {
     const SSL_METHOD *(*smeth) (void);
 } version_info;
 
-#if TLS_MAX_VERSION != TLS1_2_VERSION
-# error Code needs update for TLS_method() support beyond TLS1_2_VERSION.
+#if TLS_MAX_VERSION != TLS1_3_VERSION
+# error Code needs update for TLS_method() support beyond TLS1_3_VERSION.
 #endif
 
 static const version_info tls_version_table[] = {
+#ifndef OPENSSL_NO_TLS1_3
+    {TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method},
+#else
+    {TLS1_3_VERSION, NULL, NULL},
+#endif
 #ifndef OPENSSL_NO_TLS1_2
     {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method},
 #else

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 87ebbf3625900cf46b656df4d4426d4d9b0f08f8..e19f93d21ce79367bc025cb002bcf90cf65edbf9 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -84,6 +84,26 @@ SSL3_ENC_METHOD const TLSv1_2_enc_data = {
     ssl3_handshake_write
 };
 
+SSL3_ENC_METHOD const TLSv1_3_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS1_FINISH_MAC_LENGTH,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF
+        | SSL_ENC_FLAG_TLS1_2_CIPHERS,
+    SSL3_HM_HEADER_LENGTH,
+    ssl3_set_handshake_header,
+    tls_close_construct_packet,
+    ssl3_handshake_write
+};
+
 long tls1_default_timeout(void)
 {
     /*

diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 4577f038a36fd41bc83217a49d7118e1250a3a29..ab5d2dac7627382b46c979410ead8d1aab3340af 100644 (file)
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -61,6 +61,7 @@ static ssl_trace_tbl ssl_version_tbl[] = {
     {TLS1_VERSION, "TLS 1.0"},
     {TLS1_1_VERSION, "TLS 1.1"},
     {TLS1_2_VERSION, "TLS 1.2"},
+    {TLS1_3_VERSION, "TLS 1.3"},
     {DTLS1_VERSION, "DTLS 1.0"},
     {DTLS1_2_VERSION, "DTLS 1.2"},
     {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
@@ -422,6 +423,7 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = {
     {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305"},
     {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305"},
     {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305"},
+    {0x0D01, "TLS_AES_128_GCM_SHA256"},
     {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
     {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
 };

diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
index d6556e05375900c0a908021b274fcfd2e17bc96a..70ebd835660ec017901a23a7327cd918e054d95a 100644 (file)
--- a/test/cipherlist_test.c
+++ b/test/cipherlist_test.c
@@ -107,10 +107,14 @@ static const uint32_t default_ciphers_in_order[] = {
 #ifndef OPENSSL_NO_TLS1_2
     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+    TLS1_3_CK_AES_128_GCM_SHA256,
+#endif
+#ifndef OPENSSL_NO_TLS1_2
     TLS1_CK_RSA_WITH_AES_256_SHA256,
     TLS1_CK_RSA_WITH_AES_128_SHA256,
 #endif
-
     TLS1_CK_RSA_WITH_AES_256_SHA,
     TLS1_CK_RSA_WITH_AES_128_SHA,
 };

diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index ff1a50ab8fc2eaf468c8771735f809321448eda9..d413de33b2bdadca9089267cdb68075fc06d98d7 100644 (file)
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -21,10 +21,10 @@ setup("test_ssl");
 $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
 
 my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_srp, $no_psk,
-    $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2,
+    $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3,
     $no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) =
     anydisabled qw/rsa dsa dh ec srp psk
-                   ssl3 tls1 tls1_1 tls1_2
+                   ssl3 tls1 tls1_1 tls1_2 tls1_3
                    dtls dtls1 dtls1_2 ct/;
 my $no_anytls = alldisabled(available_protocols("tls"));
 my $no_anydtls = alldisabled(available_protocols("dtls"));
@@ -446,6 +446,7 @@ sub testssl {
 
        my @protocols = ();
        # FIXME: I feel unsure about the following line, is that really just TLSv1.2, or is it all of the SSLv3/TLS protocols?
+        push(@protocols, "TLSv1.3") unless $no_tls1_3;
         push(@protocols, "TLSv1.2") unless $no_tls1_2;
         push(@protocols, "SSLv3") unless $no_ssl3;
        my $protocolciphersuitcount = 0;
@@ -463,22 +464,27 @@ sub testssl {
 
         # The count of protocols is because in addition to the ciphersuits
         # we got above, we're running a weak DH test for each protocol
-       plan tests => $protocolciphersuitcount + scalar(@protocols);
-
-       foreach my $protocol (@protocols) {
-           note "Testing ciphersuites for $protocol";
-           foreach my $cipher (@{$ciphersuites{$protocol}}) {
-               ok(run(test([@ssltest, @exkeys, "-cipher", $cipher,
-                            $protocol eq "SSLv3" ? ("-ssl3") : ()])),
-                  "Testing $cipher");
-           }
+        plan tests => $protocolciphersuitcount + scalar(@protocols);
+
+        foreach my $protocol (@protocols) {
+            note "Testing ciphersuites for $protocol";
+            my $flag = "";
+            if ($protocol eq "SSLv3") {
+                $flag = "-ssl3";
+            } elsif ($protocol eq "TLSv1.2") {
+                $flag = "-tls1_2";
+            }
+            foreach my $cipher (@{$ciphersuites{$protocol}}) {
+                ok(run(test([@ssltest, @exkeys, "-cipher", $cipher, $flag])),
+                "Testing $cipher");
+            }
             is(run(test([@ssltest,
                          "-s_cipher", "EDH",
                          "-c_cipher", 'EDH:@SECLEVEL=1',
                          "-dhe512",
                          $protocol eq "SSLv3" ? ("-ssl3") : ()])), 0,
                "testing connection with weak DH, expecting failure");
-       }
+        }
     };
 
     subtest 'RSA/(EC)DHE/PSK tests' => sub {

diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf
index cb89dbc10aa69610ecc26dfb050fdbe093a40bbf..cf618f4e282204388b68230d8501f2dfdf60d268 100644 (file)
--- a/test/ssl-tests/02-protocol-version.conf
+++ b/test/ssl-tests/02-protocol-version.conf
@@ -1,6 +1,6 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 361
+num_tests = 676
 
 test-0 = 0-version-negotiation
 test-1 = 1-version-negotiation
@@ -363,6 +363,321 @@ test-357 = 357-version-negotiation
 test-358 = 358-version-negotiation
 test-359 = 359-version-negotiation
 test-360 = 360-version-negotiation
+test-361 = 361-version-negotiation
+test-362 = 362-version-negotiation
+test-363 = 363-version-negotiation
+test-364 = 364-version-negotiation
+test-365 = 365-version-negotiation
+test-366 = 366-version-negotiation
+test-367 = 367-version-negotiation
+test-368 = 368-version-negotiation
+test-369 = 369-version-negotiation
+test-370 = 370-version-negotiation
+test-371 = 371-version-negotiation
+test-372 = 372-version-negotiation
+test-373 = 373-version-negotiation
+test-374 = 374-version-negotiation
+test-375 = 375-version-negotiation
+test-376 = 376-version-negotiation
+test-377 = 377-version-negotiation
+test-378 = 378-version-negotiation
+test-379 = 379-version-negotiation
+test-380 = 380-version-negotiation
+test-381 = 381-version-negotiation
+test-382 = 382-version-negotiation
+test-383 = 383-version-negotiation
+test-384 = 384-version-negotiation
+test-385 = 385-version-negotiation
+test-386 = 386-version-negotiation
+test-387 = 387-version-negotiation
+test-388 = 388-version-negotiation
+test-389 = 389-version-negotiation
+test-390 = 390-version-negotiation
+test-391 = 391-version-negotiation
+test-392 = 392-version-negotiation
+test-393 = 393-version-negotiation
+test-394 = 394-version-negotiation
+test-395 = 395-version-negotiation
+test-396 = 396-version-negotiation
+test-397 = 397-version-negotiation
+test-398 = 398-version-negotiation
+test-399 = 399-version-negotiation
+test-400 = 400-version-negotiation
+test-401 = 401-version-negotiation
+test-402 = 402-version-negotiation
+test-403 = 403-version-negotiation
+test-404 = 404-version-negotiation
+test-405 = 405-version-negotiation
+test-406 = 406-version-negotiation
+test-407 = 407-version-negotiation
+test-408 = 408-version-negotiation
+test-409 = 409-version-negotiation
+test-410 = 410-version-negotiation
+test-411 = 411-version-negotiation
+test-412 = 412-version-negotiation
+test-413 = 413-version-negotiation
+test-414 = 414-version-negotiation
+test-415 = 415-version-negotiation
+test-416 = 416-version-negotiation
+test-417 = 417-version-negotiation
+test-418 = 418-version-negotiation
+test-419 = 419-version-negotiation
+test-420 = 420-version-negotiation
+test-421 = 421-version-negotiation
+test-422 = 422-version-negotiation
+test-423 = 423-version-negotiation
+test-424 = 424-version-negotiation
+test-425 = 425-version-negotiation
+test-426 = 426-version-negotiation
+test-427 = 427-version-negotiation
+test-428 = 428-version-negotiation
+test-429 = 429-version-negotiation
+test-430 = 430-version-negotiation
+test-431 = 431-version-negotiation
+test-432 = 432-version-negotiation
+test-433 = 433-version-negotiation
+test-434 = 434-version-negotiation
+test-435 = 435-version-negotiation
+test-436 = 436-version-negotiation
+test-437 = 437-version-negotiation
+test-438 = 438-version-negotiation
+test-439 = 439-version-negotiation
+test-440 = 440-version-negotiation
+test-441 = 441-version-negotiation
+test-442 = 442-version-negotiation
+test-443 = 443-version-negotiation
+test-444 = 444-version-negotiation
+test-445 = 445-version-negotiation
+test-446 = 446-version-negotiation
+test-447 = 447-version-negotiation
+test-448 = 448-version-negotiation
+test-449 = 449-version-negotiation
+test-450 = 450-version-negotiation
+test-451 = 451-version-negotiation
+test-452 = 452-version-negotiation
+test-453 = 453-version-negotiation
+test-454 = 454-version-negotiation
+test-455 = 455-version-negotiation
+test-456 = 456-version-negotiation
+test-457 = 457-version-negotiation
+test-458 = 458-version-negotiation
+test-459 = 459-version-negotiation
+test-460 = 460-version-negotiation
+test-461 = 461-version-negotiation
+test-462 = 462-version-negotiation
+test-463 = 463-version-negotiation
+test-464 = 464-version-negotiation
+test-465 = 465-version-negotiation
+test-466 = 466-version-negotiation
+test-467 = 467-version-negotiation
+test-468 = 468-version-negotiation
+test-469 = 469-version-negotiation
+test-470 = 470-version-negotiation
+test-471 = 471-version-negotiation
+test-472 = 472-version-negotiation
+test-473 = 473-version-negotiation
+test-474 = 474-version-negotiation
+test-475 = 475-version-negotiation
+test-476 = 476-version-negotiation
+test-477 = 477-version-negotiation
+test-478 = 478-version-negotiation
+test-479 = 479-version-negotiation
+test-480 = 480-version-negotiation
+test-481 = 481-version-negotiation
+test-482 = 482-version-negotiation
+test-483 = 483-version-negotiation
+test-484 = 484-version-negotiation
+test-485 = 485-version-negotiation
+test-486 = 486-version-negotiation
+test-487 = 487-version-negotiation
+test-488 = 488-version-negotiation
+test-489 = 489-version-negotiation
+test-490 = 490-version-negotiation
+test-491 = 491-version-negotiation
+test-492 = 492-version-negotiation
+test-493 = 493-version-negotiation
+test-494 = 494-version-negotiation
+test-495 = 495-version-negotiation
+test-496 = 496-version-negotiation
+test-497 = 497-version-negotiation
+test-498 = 498-version-negotiation
+test-499 = 499-version-negotiation
+test-500 = 500-version-negotiation
+test-501 = 501-version-negotiation
+test-502 = 502-version-negotiation
+test-503 = 503-version-negotiation
+test-504 = 504-version-negotiation
+test-505 = 505-version-negotiation
+test-506 = 506-version-negotiation
+test-507 = 507-version-negotiation
+test-508 = 508-version-negotiation
+test-509 = 509-version-negotiation
+test-510 = 510-version-negotiation
+test-511 = 511-version-negotiation
+test-512 = 512-version-negotiation
+test-513 = 513-version-negotiation
+test-514 = 514-version-negotiation
+test-515 = 515-version-negotiation
+test-516 = 516-version-negotiation
+test-517 = 517-version-negotiation
+test-518 = 518-version-negotiation
+test-519 = 519-version-negotiation
+test-520 = 520-version-negotiation
+test-521 = 521-version-negotiation
+test-522 = 522-version-negotiation
+test-523 = 523-version-negotiation
+test-524 = 524-version-negotiation
+test-525 = 525-version-negotiation
+test-526 = 526-version-negotiation
+test-527 = 527-version-negotiation
+test-528 = 528-version-negotiation
+test-529 = 529-version-negotiation
+test-530 = 530-version-negotiation
+test-531 = 531-version-negotiation
+test-532 = 532-version-negotiation
+test-533 = 533-version-negotiation
+test-534 = 534-version-negotiation
+test-535 = 535-version-negotiation
+test-536 = 536-version-negotiation
+test-537 = 537-version-negotiation
+test-538 = 538-version-negotiation
+test-539 = 539-version-negotiation
+test-540 = 540-version-negotiation
+test-541 = 541-version-negotiation
+test-542 = 542-version-negotiation
+test-543 = 543-version-negotiation
+test-544 = 544-version-negotiation
+test-545 = 545-version-negotiation
+test-546 = 546-version-negotiation
+test-547 = 547-version-negotiation
+test-548 = 548-version-negotiation
+test-549 = 549-version-negotiation
+test-550 = 550-version-negotiation
+test-551 = 551-version-negotiation
+test-552 = 552-version-negotiation
+test-553 = 553-version-negotiation
+test-554 = 554-version-negotiation
+test-555 = 555-version-negotiation
+test-556 = 556-version-negotiation
+test-557 = 557-version-negotiation
+test-558 = 558-version-negotiation
+test-559 = 559-version-negotiation
+test-560 = 560-version-negotiation
+test-561 = 561-version-negotiation
+test-562 = 562-version-negotiation
+test-563 = 563-version-negotiation
+test-564 = 564-version-negotiation
+test-565 = 565-version-negotiation
+test-566 = 566-version-negotiation
+test-567 = 567-version-negotiation
+test-568 = 568-version-negotiation
+test-569 = 569-version-negotiation
+test-570 = 570-version-negotiation
+test-571 = 571-version-negotiation
+test-572 = 572-version-negotiation
+test-573 = 573-version-negotiation
+test-574 = 574-version-negotiation
+test-575 = 575-version-negotiation
+test-576 = 576-version-negotiation
+test-577 = 577-version-negotiation
+test-578 = 578-version-negotiation
+test-579 = 579-version-negotiation
+test-580 = 580-version-negotiation
+test-581 = 581-version-negotiation
+test-582 = 582-version-negotiation
+test-583 = 583-version-negotiation
+test-584 = 584-version-negotiation
+test-585 = 585-version-negotiation
+test-586 = 586-version-negotiation
+test-587 = 587-version-negotiation
+test-588 = 588-version-negotiation
+test-589 = 589-version-negotiation
+test-590 = 590-version-negotiation
+test-591 = 591-version-negotiation
+test-592 = 592-version-negotiation
+test-593 = 593-version-negotiation
+test-594 = 594-version-negotiation
+test-595 = 595-version-negotiation
+test-596 = 596-version-negotiation
+test-597 = 597-version-negotiation
+test-598 = 598-version-negotiation
+test-599 = 599-version-negotiation
+test-600 = 600-version-negotiation
+test-601 = 601-version-negotiation
+test-602 = 602-version-negotiation
+test-603 = 603-version-negotiation
+test-604 = 604-version-negotiation
+test-605 = 605-version-negotiation
+test-606 = 606-version-negotiation
+test-607 = 607-version-negotiation
+test-608 = 608-version-negotiation
+test-609 = 609-version-negotiation
+test-610 = 610-version-negotiation
+test-611 = 611-version-negotiation
+test-612 = 612-version-negotiation
+test-613 = 613-version-negotiation
+test-614 = 614-version-negotiation
+test-615 = 615-version-negotiation
+test-616 = 616-version-negotiation
+test-617 = 617-version-negotiation
+test-618 = 618-version-negotiation
+test-619 = 619-version-negotiation
+test-620 = 620-version-negotiation
+test-621 = 621-version-negotiation
+test-622 = 622-version-negotiation
+test-623 = 623-version-negotiation
+test-624 = 624-version-negotiation
+test-625 = 625-version-negotiation
+test-626 = 626-version-negotiation
+test-627 = 627-version-negotiation
+test-628 = 628-version-negotiation
+test-629 = 629-version-negotiation
+test-630 = 630-version-negotiation
+test-631 = 631-version-negotiation
+test-632 = 632-version-negotiation
+test-633 = 633-version-negotiation
+test-634 = 634-version-negotiation
+test-635 = 635-version-negotiation
+test-636 = 636-version-negotiation
+test-637 = 637-version-negotiation
+test-638 = 638-version-negotiation
+test-639 = 639-version-negotiation
+test-640 = 640-version-negotiation
+test-641 = 641-version-negotiation
+test-642 = 642-version-negotiation
+test-643 = 643-version-negotiation
+test-644 = 644-version-negotiation
+test-645 = 645-version-negotiation
+test-646 = 646-version-negotiation
+test-647 = 647-version-negotiation
+test-648 = 648-version-negotiation
+test-649 = 649-version-negotiation
+test-650 = 650-version-negotiation
+test-651 = 651-version-negotiation
+test-652 = 652-version-negotiation
+test-653 = 653-version-negotiation
+test-654 = 654-version-negotiation
+test-655 = 655-version-negotiation
+test-656 = 656-version-negotiation
+test-657 = 657-version-negotiation
+test-658 = 658-version-negotiation
+test-659 = 659-version-negotiation
+test-660 = 660-version-negotiation
+test-661 = 661-version-negotiation
+test-662 = 662-version-negotiation
+test-663 = 663-version-negotiation
+test-664 = 664-version-negotiation
+test-665 = 665-version-negotiation
+test-666 = 666-version-negotiation
+test-667 = 667-version-negotiation
+test-668 = 668-version-negotiation
+test-669 = 669-version-negotiation
+test-670 = 670-version-negotiation
+test-671 = 671-version-negotiation
+test-672 = 672-version-negotiation
+test-673 = 673-version-negotiation
+test-674 = 674-version-negotiation
+test-675 = 675-version-negotiation
 # ===========================================================
 
 [0-version-negotiation]
@@ -475,6 +790,7 @@ client = 4-version-negotiation-client
 [4-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [4-version-negotiation-client]
@@ -499,8 +815,6 @@ client = 5-version-negotiation-client
 [5-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [5-version-negotiation-client]
@@ -525,7 +839,7 @@ client = 6-version-negotiation-client
 [6-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
@@ -551,7 +865,7 @@ client = 7-version-negotiation-client
 [7-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
@@ -577,7 +891,7 @@ client = 8-version-negotiation-client
 [8-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
@@ -603,6 +917,7 @@ client = 9-version-negotiation-client
 [9-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
@@ -628,8 +943,8 @@ client = 10-version-negotiation-client
 [10-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [10-version-negotiation-client]
@@ -654,8 +969,7 @@ client = 11-version-negotiation-client
 [11-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [11-version-negotiation-client]
@@ -680,7 +994,7 @@ client = 12-version-negotiation-client
 [12-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
@@ -706,6 +1020,7 @@ client = 13-version-negotiation-client
 [13-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
@@ -731,8 +1046,8 @@ client = 14-version-negotiation-client
 [14-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [14-version-negotiation-client]
@@ -757,8 +1072,8 @@ client = 15-version-negotiation-client
 [15-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [15-version-negotiation-client]
@@ -783,7 +1098,7 @@ client = 16-version-negotiation-client
 [16-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [16-version-negotiation-client]
@@ -808,8 +1123,8 @@ client = 17-version-negotiation-client
 [17-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [17-version-negotiation-client]
@@ -834,7 +1149,8 @@ client = 18-version-negotiation-client
 [18-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [18-version-negotiation-client]
@@ -859,17 +1175,18 @@ client = 19-version-negotiation-client
 [19-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [19-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-19]
-ExpectedResult = ServerFail
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -884,18 +1201,17 @@ client = 20-version-negotiation-client
 [20-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [20-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-20]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -910,18 +1226,18 @@ client = 21-version-negotiation-client
 [21-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [21-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-21]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -936,18 +1252,18 @@ client = 22-version-negotiation-client
 [22-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [22-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-22]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -962,17 +1278,17 @@ client = 23-version-negotiation-client
 [23-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [23-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-23]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -987,18 +1303,18 @@ client = 24-version-negotiation-client
 [24-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [24-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-24]
-ExpectedResult = ServerFail
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -1013,19 +1329,17 @@ client = 25-version-negotiation-client
 [25-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [25-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-25]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -1040,8 +1354,7 @@ client = 26-version-negotiation-client
 [26-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [26-version-negotiation-client]
@@ -1051,8 +1364,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-26]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1067,8 +1379,7 @@ client = 27-version-negotiation-client
 [27-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [27-version-negotiation-client]
@@ -1094,7 +1405,7 @@ client = 28-version-negotiation-client
 [28-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [28-version-negotiation-client]
@@ -1120,8 +1431,7 @@ client = 29-version-negotiation-client
 [29-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [29-version-negotiation-client]
@@ -1147,8 +1457,7 @@ client = 30-version-negotiation-client
 [30-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [30-version-negotiation-client]
@@ -1174,8 +1483,6 @@ client = 31-version-negotiation-client
 [31-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [31-version-negotiation-client]
@@ -1201,7 +1508,8 @@ client = 32-version-negotiation-client
 [32-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [32-version-negotiation-client]
@@ -1211,8 +1519,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-32]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1227,8 +1534,8 @@ client = 33-version-negotiation-client
 [33-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [33-version-negotiation-client]
@@ -1238,7 +1545,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-33]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1253,8 +1561,8 @@ client = 34-version-negotiation-client
 [34-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [34-version-negotiation-client]
@@ -1264,7 +1572,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-34]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1279,7 +1588,8 @@ client = 35-version-negotiation-client
 [35-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [35-version-negotiation-client]
@@ -1289,7 +1599,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-35]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1304,8 +1615,8 @@ client = 36-version-negotiation-client
 [36-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [36-version-negotiation-client]
@@ -1315,7 +1626,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-36]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1330,7 +1642,7 @@ client = 37-version-negotiation-client
 [37-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [37-version-negotiation-client]
@@ -1340,7 +1652,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-37]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1355,17 +1668,19 @@ client = 38-version-negotiation-client
 [38-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [38-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-38]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1380,12 +1695,13 @@ client = 39-version-negotiation-client
 [39-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [39-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -1406,17 +1722,18 @@ client = 40-version-negotiation-client
 [40-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [40-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-40]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -1432,17 +1749,18 @@ client = 41-version-negotiation-client
 [41-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [41-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-41]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -1458,16 +1776,17 @@ client = 42-version-negotiation-client
 [42-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [42-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-42]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -1483,13 +1802,13 @@ client = 43-version-negotiation-client
 [43-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [43-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -1509,19 +1828,18 @@ client = 44-version-negotiation-client
 [44-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [44-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-44]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1536,19 +1854,18 @@ client = 45-version-negotiation-client
 [45-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [45-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-45]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1563,19 +1880,17 @@ client = 46-version-negotiation-client
 [46-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [46-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-46]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1590,18 +1905,18 @@ client = 47-version-negotiation-client
 [47-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [47-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-47]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1616,19 +1931,18 @@ client = 48-version-negotiation-client
 [48-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [48-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-48]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1643,19 +1957,17 @@ client = 49-version-negotiation-client
 [49-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [49-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-49]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1670,19 +1982,18 @@ client = 50-version-negotiation-client
 [50-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [50-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-50]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1697,18 +2008,17 @@ client = 51-version-negotiation-client
 [51-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [51-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-51]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1723,8 +2033,7 @@ client = 52-version-negotiation-client
 [52-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [52-version-negotiation-client]
@@ -1734,8 +2043,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-52]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1750,8 +2058,7 @@ client = 53-version-negotiation-client
 [53-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [53-version-negotiation-client]
@@ -1761,7 +2068,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-53]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -1777,7 +2084,7 @@ client = 54-version-negotiation-client
 [54-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [54-version-negotiation-client]
@@ -1804,7 +2111,6 @@ client = 55-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [55-version-negotiation-client]
@@ -1814,7 +2120,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-55]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1829,7 +2136,7 @@ client = 56-version-negotiation-client
 [56-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [56-version-negotiation-client]
@@ -1839,7 +2146,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-56]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1854,17 +2162,17 @@ client = 57-version-negotiation-client
 [57-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [57-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-57]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -1879,18 +2187,18 @@ client = 58-version-negotiation-client
 [58-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [58-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-58]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -1905,17 +2213,18 @@ client = 59-version-negotiation-client
 [59-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [59-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-59]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -1931,17 +2240,18 @@ client = 60-version-negotiation-client
 [60-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [60-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-60]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -1957,16 +2267,18 @@ client = 61-version-negotiation-client
 [61-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [61-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-61]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -1982,18 +2294,19 @@ client = 62-version-negotiation-client
 [62-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.3
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [62-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-62]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -2008,18 +2321,17 @@ client = 63-version-negotiation-client
 [63-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [63-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-63]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2035,18 +2347,18 @@ client = 64-version-negotiation-client
 [64-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [64-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-64]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -2062,18 +2374,18 @@ client = 65-version-negotiation-client
 [65-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [65-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-65]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2089,17 +2401,18 @@ client = 66-version-negotiation-client
 [66-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [66-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-66]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2115,18 +2428,18 @@ client = 67-version-negotiation-client
 [67-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [67-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-67]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2142,13 +2455,12 @@ client = 68-version-negotiation-client
 [68-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [68-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -2169,18 +2481,18 @@ client = 69-version-negotiation-client
 [69-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [69-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-69]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2196,17 +2508,18 @@ client = 70-version-negotiation-client
 [70-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [70-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-70]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2222,13 +2535,13 @@ client = 71-version-negotiation-client
 [71-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
 MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [71-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -2249,18 +2562,17 @@ client = 72-version-negotiation-client
 [72-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
 MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [72-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-72]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2276,18 +2588,18 @@ client = 73-version-negotiation-client
 [73-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [73-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-73]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -2302,19 +2614,18 @@ client = 74-version-negotiation-client
 [74-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
 MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [74-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-74]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -2334,13 +2645,12 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [75-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-75]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -2355,11 +2665,13 @@ client = 76-version-negotiation-client
 [76-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [76-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -2379,17 +2691,17 @@ client = 77-version-negotiation-client
 [77-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [77-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-77]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -2404,17 +2716,17 @@ client = 78-version-negotiation-client
 [78-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [78-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-78]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -2429,16 +2741,17 @@ client = 79-version-negotiation-client
 [79-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [79-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-79]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -2454,15 +2767,17 @@ client = 80-version-negotiation-client
 [80-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [80-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-80]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2478,17 +2793,18 @@ client = 81-version-negotiation-client
 [81-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [81-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-81]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -2503,17 +2819,17 @@ client = 82-version-negotiation-client
 [82-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [82-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-82]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -2529,17 +2845,16 @@ client = 83-version-negotiation-client
 [83-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [83-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-83]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -2555,18 +2870,18 @@ client = 84-version-negotiation-client
 [84-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [84-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-84]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -2581,16 +2896,18 @@ client = 85-version-negotiation-client
 [85-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [85-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-85]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -2606,17 +2923,18 @@ client = 86-version-negotiation-client
 [86-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [86-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-86]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2632,17 +2950,18 @@ client = 87-version-negotiation-client
 [87-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [87-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-87]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -2658,12 +2977,13 @@ client = 88-version-negotiation-client
 [88-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [88-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -2684,11 +3004,12 @@ client = 89-version-negotiation-client
 [89-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [89-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -2709,17 +3030,18 @@ client = 90-version-negotiation-client
 [90-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [90-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-90]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -2735,17 +3057,18 @@ client = 91-version-negotiation-client
 [91-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [91-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-91]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -2761,11 +3084,13 @@ client = 92-version-negotiation-client
 [92-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [92-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -2786,12 +3111,13 @@ client = 93-version-negotiation-client
 [93-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [93-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -2812,11 +3138,12 @@ client = 94-version-negotiation-client
 [94-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [94-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -2837,18 +3164,19 @@ client = 95-version-negotiation-client
 [95-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [95-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-95]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -2863,18 +3191,19 @@ client = 96-version-negotiation-client
 [96-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [96-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-96]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -2889,18 +3218,19 @@ client = 97-version-negotiation-client
 [97-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [97-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-97]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -2915,18 +3245,18 @@ client = 98-version-negotiation-client
 [98-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [98-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-98]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -2941,17 +3271,19 @@ client = 99-version-negotiation-client
 [99-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [99-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-99]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -2966,19 +3298,19 @@ client = 100-version-negotiation-client
 [100-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [100-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-100]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -2993,19 +3325,18 @@ client = 101-version-negotiation-client
 [101-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [101-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-101]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3020,19 +3351,18 @@ client = 102-version-negotiation-client
 [102-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [102-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-102]
-ExpectedResult = InternalError
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -3047,19 +3377,17 @@ client = 103-version-negotiation-client
 [103-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [103-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-103]
-ExpectedResult = InternalError
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -3074,18 +3402,17 @@ client = 104-version-negotiation-client
 [104-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [104-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-104]
-ExpectedResult = InternalError
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -3101,18 +3428,17 @@ client = 105-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [105-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-105]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3128,18 +3454,17 @@ client = 106-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [106-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-106]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3155,18 +3480,17 @@ client = 107-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [107-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-107]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3181,18 +3505,18 @@ client = 108-version-negotiation-client
 [108-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [108-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-108]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3207,19 +3531,17 @@ client = 109-version-negotiation-client
 [109-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [109-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-109]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3234,19 +3556,18 @@ client = 110-version-negotiation-client
 [110-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [110-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-110]
-ExpectedResult = InternalError
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -3261,18 +3582,19 @@ client = 111-version-negotiation-client
 [111-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [111-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-111]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3287,19 +3609,19 @@ client = 112-version-negotiation-client
 [112-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [112-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-112]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3314,18 +3636,19 @@ client = 113-version-negotiation-client
 [113-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [113-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-113]
-ExpectedResult = InternalError
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3340,18 +3663,19 @@ client = 114-version-negotiation-client
 [114-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [114-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-114]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3366,18 +3690,17 @@ client = 115-version-negotiation-client
 [115-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [115-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-115]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -3393,13 +3716,13 @@ client = 116-version-negotiation-client
 [116-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [116-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -3420,18 +3743,18 @@ client = 117-version-negotiation-client
 [117-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [117-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-117]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -3447,17 +3770,18 @@ client = 118-version-negotiation-client
 [118-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [118-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-118]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -3473,19 +3797,19 @@ client = 119-version-negotiation-client
 [119-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [119-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-119]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3500,19 +3824,17 @@ client = 120-version-negotiation-client
 [120-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [120-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-120]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -3529,18 +3851,17 @@ client = 121-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [121-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-121]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -3557,18 +3878,17 @@ client = 122-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [122-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-122]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -3584,18 +3904,18 @@ client = 123-version-negotiation-client
 [123-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [123-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-123]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -3611,19 +3931,17 @@ client = 124-version-negotiation-client
 [124-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [124-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-124]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -3639,19 +3957,18 @@ client = 125-version-negotiation-client
 [125-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [125-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-125]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -3667,19 +3984,18 @@ client = 126-version-negotiation-client
 [126-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [126-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-126]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -3695,18 +4011,17 @@ client = 127-version-negotiation-client
 [127-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [127-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-127]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -3722,19 +4037,19 @@ client = 128-version-negotiation-client
 [128-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [128-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-128]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3749,19 +4064,18 @@ client = 129-version-negotiation-client
 [129-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [129-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-129]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3776,13 +4090,11 @@ client = 130-version-negotiation-client
 [130-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [130-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -3802,19 +4114,17 @@ client = 131-version-negotiation-client
 [131-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [131-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-131]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3829,18 +4139,17 @@ client = 132-version-negotiation-client
 [132-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [132-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-132]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3855,18 +4164,17 @@ client = 133-version-negotiation-client
 [133-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [133-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-133]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -3881,18 +4189,16 @@ client = 134-version-negotiation-client
 [134-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [134-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-134]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -3908,18 +4214,15 @@ client = 135-version-negotiation-client
 [135-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [135-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-135]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -3935,19 +4238,17 @@ client = 136-version-negotiation-client
 [136-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [136-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-136]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -3962,17 +4263,17 @@ client = 137-version-negotiation-client
 [137-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [137-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-137]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -3988,19 +4289,18 @@ client = 138-version-negotiation-client
 [138-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [138-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-138]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -4015,19 +4315,17 @@ client = 139-version-negotiation-client
 [139-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [139-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-139]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -4043,19 +4341,17 @@ client = 140-version-negotiation-client
 [140-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [140-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-140]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -4071,19 +4367,16 @@ client = 141-version-negotiation-client
 [141-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [141-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-141]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -4099,18 +4392,17 @@ client = 142-version-negotiation-client
 [142-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [142-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-142]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -4126,19 +4418,17 @@ client = 143-version-negotiation-client
 [143-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [143-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-143]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -4154,19 +4444,17 @@ client = 144-version-negotiation-client
 [144-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [144-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-144]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -4182,19 +4470,17 @@ client = 145-version-negotiation-client
 [145-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [145-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-145]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -4215,13 +4501,11 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [146-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-146]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -4243,8 +4527,6 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [147-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -4271,13 +4553,11 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [148-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-148]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -4293,18 +4573,17 @@ client = 149-version-negotiation-client
 [149-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
 MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [149-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-149]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -4320,19 +4599,17 @@ client = 150-version-negotiation-client
 [150-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [150-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-150]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -4347,18 +4624,18 @@ client = 151-version-negotiation-client
 [151-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [151-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-151]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -4373,18 +4650,18 @@ client = 152-version-negotiation-client
 [152-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [152-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-152]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -4399,18 +4676,16 @@ client = 153-version-negotiation-client
 [153-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [153-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-153]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -4426,18 +4701,17 @@ client = 154-version-negotiation-client
 [154-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [154-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-154]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -4453,18 +4727,16 @@ client = 155-version-negotiation-client
 [155-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [155-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-155]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -4480,18 +4752,18 @@ client = 156-version-negotiation-client
 [156-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [156-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-156]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4506,19 +4778,18 @@ client = 157-version-negotiation-client
 [157-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [157-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-157]
-ExpectedResult = ServerFail
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4533,20 +4804,18 @@ client = 158-version-negotiation-client
 [158-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [158-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-158]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4561,20 +4830,18 @@ client = 159-version-negotiation-client
 [159-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [159-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-159]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4589,20 +4856,18 @@ client = 160-version-negotiation-client
 [160-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [160-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-160]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4617,19 +4882,17 @@ client = 161-version-negotiation-client
 [161-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [161-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-161]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4644,20 +4907,19 @@ client = 162-version-negotiation-client
 [162-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [162-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-162]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4672,20 +4934,19 @@ client = 163-version-negotiation-client
 [163-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [163-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-163]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4700,20 +4961,19 @@ client = 164-version-negotiation-client
 [164-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [164-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-164]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4728,19 +4988,19 @@ client = 165-version-negotiation-client
 [165-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [165-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-165]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4755,20 +5015,19 @@ client = 166-version-negotiation-client
 [166-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [166-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-166]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4783,20 +5042,18 @@ client = 167-version-negotiation-client
 [167-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [167-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-167]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4811,19 +5068,19 @@ client = 168-version-negotiation-client
 [168-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [168-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-168]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4838,20 +5095,19 @@ client = 169-version-negotiation-client
 [169-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [169-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-169]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4866,19 +5122,19 @@ client = 170-version-negotiation-client
 [170-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [170-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-170]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4893,17 +5149,19 @@ client = 171-version-negotiation-client
 [171-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [171-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-171]
-ExpectedResult = ServerFail
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4918,18 +5176,18 @@ client = 172-version-negotiation-client
 [172-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [172-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-172]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4945,17 +5203,18 @@ client = 173-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [173-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-173]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4971,17 +5230,18 @@ client = 174-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [174-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-174]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -4996,17 +5256,19 @@ client = 175-version-negotiation-client
 [175-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [175-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-175]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -5021,18 +5283,18 @@ client = 176-version-negotiation-client
 [176-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [176-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-176]
-ExpectedResult = ServerFail
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -5047,19 +5309,19 @@ client = 177-version-negotiation-client
 [177-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [177-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-177]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -5074,19 +5336,19 @@ client = 178-version-negotiation-client
 [178-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [178-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-178]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -5101,19 +5363,18 @@ client = 179-version-negotiation-client
 [179-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [179-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-179]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -5128,18 +5389,19 @@ client = 180-version-negotiation-client
 [180-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [180-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-180]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -5154,19 +5416,18 @@ client = 181-version-negotiation-client
 [181-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [181-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-181]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = InternalError
 
 
 # ===========================================================
@@ -5181,19 +5442,18 @@ client = 182-version-negotiation-client
 [182-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [182-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-182]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -5208,18 +5468,18 @@ client = 183-version-negotiation-client
 [183-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [183-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-183]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -5235,17 +5495,18 @@ client = 184-version-negotiation-client
 [184-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [184-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-184]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -5261,18 +5522,18 @@ client = 185-version-negotiation-client
 [185-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [185-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-185]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -5288,18 +5549,18 @@ client = 186-version-negotiation-client
 [186-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [186-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-186]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -5315,17 +5576,17 @@ client = 187-version-negotiation-client
 [187-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [187-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-187]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -5341,19 +5602,19 @@ client = 188-version-negotiation-client
 [188-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [188-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-188]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -5368,17 +5629,19 @@ client = 189-version-negotiation-client
 [189-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [189-version-negotiation-client]
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-189]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -5394,18 +5657,20 @@ client = 190-version-negotiation-client
 [190-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [190-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-190]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -5420,13 +5685,14 @@ client = 191-version-negotiation-client
 [191-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [191-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5447,13 +5713,14 @@ client = 192-version-negotiation-client
 [192-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [192-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5474,13 +5741,13 @@ client = 193-version-negotiation-client
 [193-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [193-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5501,12 +5768,14 @@ client = 194-version-negotiation-client
 [194-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [194-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5527,19 +5796,20 @@ client = 195-version-negotiation-client
 [195-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [195-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-195]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -5554,14 +5824,14 @@ client = 196-version-negotiation-client
 [196-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [196-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5582,14 +5852,14 @@ client = 197-version-negotiation-client
 [197-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [197-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5610,14 +5880,13 @@ client = 198-version-negotiation-client
 [198-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [198-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5638,19 +5907,19 @@ client = 199-version-negotiation-client
 [199-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [199-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-199]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -5665,20 +5934,19 @@ client = 200-version-negotiation-client
 [200-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [200-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-200]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -5693,20 +5961,19 @@ client = 201-version-negotiation-client
 [201-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [201-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-201]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -5721,20 +5988,18 @@ client = 202-version-negotiation-client
 [202-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [202-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-202]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -5749,19 +6014,19 @@ client = 203-version-negotiation-client
 [203-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [203-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-203]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -5776,14 +6041,14 @@ client = 204-version-negotiation-client
 [204-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [204-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5803,14 +6068,13 @@ client = 205-version-negotiation-client
 [205-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [205-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5830,13 +6094,14 @@ client = 206-version-negotiation-client
 [206-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [206-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5856,14 +6121,13 @@ client = 207-version-negotiation-client
 [207-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [207-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5883,13 +6147,13 @@ client = 208-version-negotiation-client
 [208-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [208-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5909,18 +6173,19 @@ client = 209-version-negotiation-client
 [209-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [209-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-209]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -5935,18 +6200,18 @@ client = 210-version-negotiation-client
 [210-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [210-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-210]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -5962,13 +6227,13 @@ client = 211-version-negotiation-client
 [211-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [211-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -5989,13 +6254,13 @@ client = 212-version-negotiation-client
 [212-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [212-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6021,7 +6286,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 [213-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6049,7 +6314,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 [214-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6076,7 +6341,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 [215-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6104,7 +6369,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 [216-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6132,7 +6397,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 [217-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6153,13 +6418,14 @@ client = 218-version-negotiation-client
 [218-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [218-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6180,19 +6446,18 @@ client = 219-version-negotiation-client
 [219-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [219-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-219]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -6208,19 +6473,19 @@ client = 220-version-negotiation-client
 [220-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [220-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-220]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -6236,14 +6501,14 @@ client = 221-version-negotiation-client
 [221-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [221-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6264,13 +6529,14 @@ client = 222-version-negotiation-client
 [222-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [222-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6291,14 +6557,14 @@ client = 223-version-negotiation-client
 [223-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [223-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6319,14 +6585,13 @@ client = 224-version-negotiation-client
 [224-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [224-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6347,13 +6612,14 @@ client = 225-version-negotiation-client
 [225-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
 MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [225-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6375,18 +6641,19 @@ client = 226-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [226-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-226]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -6401,18 +6668,20 @@ client = 227-version-negotiation-client
 [227-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [227-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-227]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -6427,18 +6696,19 @@ client = 228-version-negotiation-client
 [228-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [228-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-228]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -6453,19 +6723,19 @@ client = 229-version-negotiation-client
 [229-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [229-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-229]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -6480,19 +6750,19 @@ client = 230-version-negotiation-client
 [230-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [230-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-230]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -6507,19 +6777,18 @@ client = 231-version-negotiation-client
 [231-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [231-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-231]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -6534,18 +6803,19 @@ client = 232-version-negotiation-client
 [232-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [232-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-232]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -6560,14 +6830,13 @@ client = 233-version-negotiation-client
 [233-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [233-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6587,20 +6856,18 @@ client = 234-version-negotiation-client
 [234-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [234-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-234]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -6615,19 +6882,18 @@ client = 235-version-negotiation-client
 [235-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [235-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-235]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -6643,19 +6909,18 @@ client = 236-version-negotiation-client
 [236-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [236-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-236]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -6671,13 +6936,13 @@ client = 237-version-negotiation-client
 [237-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [237-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6698,19 +6963,18 @@ client = 238-version-negotiation-client
 [238-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [238-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-238]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -6726,19 +6990,17 @@ client = 239-version-negotiation-client
 [239-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [239-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-239]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -6754,20 +7016,19 @@ client = 240-version-negotiation-client
 [240-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [240-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-240]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -6782,18 +7043,19 @@ client = 241-version-negotiation-client
 [241-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [241-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-241]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -6810,13 +7072,13 @@ client = 242-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [242-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6838,13 +7100,13 @@ client = 243-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [243-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6865,13 +7127,14 @@ client = 244-version-negotiation-client
 [244-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [244-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6892,14 +7155,13 @@ client = 245-version-negotiation-client
 [245-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [245-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -6920,18 +7182,19 @@ client = 246-version-negotiation-client
 [246-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [246-version-negotiation-client]
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-246]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -6947,17 +7210,20 @@ client = 247-version-negotiation-client
 [247-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [247-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-247]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -6972,17 +7238,19 @@ client = 248-version-negotiation-client
 [248-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [248-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-248]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -6998,17 +7266,19 @@ client = 249-version-negotiation-client
 [249-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [249-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-249]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7024,12 +7294,13 @@ client = 250-version-negotiation-client
 [250-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [250-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7050,16 +7321,19 @@ client = 251-version-negotiation-client
 [251-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [251-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-251]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -7075,18 +7349,20 @@ client = 252-version-negotiation-client
 [252-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [252-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-252]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -7101,18 +7377,19 @@ client = 253-version-negotiation-client
 [253-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [253-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-253]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7128,18 +7405,18 @@ client = 254-version-negotiation-client
 [254-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [254-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-254]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7156,12 +7433,13 @@ client = 255-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [255-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7182,12 +7460,14 @@ client = 256-version-negotiation-client
 [256-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [256-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7208,18 +7488,18 @@ client = 257-version-negotiation-client
 [257-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [257-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-257]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7235,19 +7515,19 @@ client = 258-version-negotiation-client
 [258-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [258-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-258]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -7262,19 +7542,18 @@ client = 259-version-negotiation-client
 [259-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [259-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-259]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -7289,18 +7568,18 @@ client = 260-version-negotiation-client
 [260-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [260-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-260]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -7315,18 +7594,18 @@ client = 261-version-negotiation-client
 [261-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [261-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-261]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -7342,18 +7621,18 @@ client = 262-version-negotiation-client
 [262-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [262-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-262]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -7369,12 +7648,13 @@ client = 263-version-negotiation-client
 [263-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [263-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7395,18 +7675,18 @@ client = 264-version-negotiation-client
 [264-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [264-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-264]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -7422,17 +7702,17 @@ client = 265-version-negotiation-client
 [265-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [265-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-265]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -7449,12 +7729,13 @@ client = 266-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [266-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7475,17 +7756,19 @@ client = 267-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [267-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-267]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -7501,12 +7784,13 @@ client = 268-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [268-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7528,17 +7812,18 @@ client = 269-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [269-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-269]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7554,17 +7839,19 @@ client = 270-version-negotiation-client
 [270-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [270-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-270]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -7580,19 +7867,19 @@ client = 271-version-negotiation-client
 [271-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [271-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-271]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -7608,18 +7895,19 @@ client = 272-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [272-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-272]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -7635,13 +7923,13 @@ client = 273-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [273-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7663,18 +7951,18 @@ client = 274-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [274-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-274]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7690,18 +7978,19 @@ client = 275-version-negotiation-client
 [275-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [275-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-275]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -7717,19 +8006,19 @@ client = 276-version-negotiation-client
 [276-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [276-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-276]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -7745,13 +8034,13 @@ client = 277-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [277-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -7773,18 +8062,18 @@ client = 278-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [278-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-278]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7800,18 +8089,19 @@ client = 279-version-negotiation-client
 [279-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [279-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-279]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -7827,19 +8117,18 @@ client = 280-version-negotiation-client
 [280-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
 MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [280-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-280]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -7856,18 +8145,18 @@ client = 281-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [281-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-281]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 ExpectedResult = Success
 
 
@@ -7883,18 +8172,19 @@ client = 282-version-negotiation-client
 [282-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [282-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-282]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -7910,19 +8200,19 @@ client = 283-version-negotiation-client
 [283-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
 MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [283-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-283]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -7937,18 +8227,20 @@ client = 284-version-negotiation-client
 [284-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [284-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-284]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -7963,18 +8255,19 @@ client = 285-version-negotiation-client
 [285-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [285-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-285]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -7989,18 +8282,17 @@ client = 286-version-negotiation-client
 [286-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [286-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-286]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -8015,18 +8307,17 @@ client = 287-version-negotiation-client
 [287-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [287-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-287]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8042,18 +8333,17 @@ client = 288-version-negotiation-client
 [288-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [288-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-288]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -8069,12 +8359,12 @@ client = 289-version-negotiation-client
 [289-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [289-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -8095,19 +8385,18 @@ client = 290-version-negotiation-client
 [290-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [290-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-290]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -8122,19 +8411,17 @@ client = 291-version-negotiation-client
 [291-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [291-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-291]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -8149,20 +8436,18 @@ client = 292-version-negotiation-client
 [292-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = SSLv3
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [292-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-292]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -8177,19 +8462,18 @@ client = 293-version-negotiation-client
 [293-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [293-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-293]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8205,18 +8489,18 @@ client = 294-version-negotiation-client
 [294-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [294-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-294]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -8232,19 +8516,19 @@ client = 295-version-negotiation-client
 [295-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [295-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-295]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -8259,19 +8543,18 @@ client = 296-version-negotiation-client
 [296-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [296-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-296]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -8287,19 +8570,17 @@ client = 297-version-negotiation-client
 [297-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [297-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-297]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -8315,18 +8596,18 @@ client = 298-version-negotiation-client
 [298-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [298-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-298]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8343,13 +8624,12 @@ client = 299-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [299-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -8371,13 +8651,12 @@ client = 300-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [300-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -8398,18 +8677,18 @@ client = 301-version-negotiation-client
 [301-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [301-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-301]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -8425,19 +8704,17 @@ client = 302-version-negotiation-client
 [302-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [302-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-302]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -8453,18 +8730,18 @@ client = 303-version-negotiation-client
 [303-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [303-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-303]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -8480,17 +8757,19 @@ client = 304-version-negotiation-client
 [304-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [304-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-304]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -8505,17 +8784,19 @@ client = 305-version-negotiation-client
 [305-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [305-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-305]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -8530,17 +8811,17 @@ client = 306-version-negotiation-client
 [306-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [306-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-306]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -8557,11 +8838,12 @@ client = 307-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [307-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -8582,16 +8864,18 @@ client = 308-version-negotiation-client
 [308-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [308-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-308]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -8607,18 +8891,18 @@ client = 309-version-negotiation-client
 [309-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [309-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-309]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -8633,18 +8917,19 @@ client = 310-version-negotiation-client
 [310-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [310-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-310]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -8659,18 +8944,17 @@ client = 311-version-negotiation-client
 [311-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [311-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MinProtocol = SSLv3
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-311]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 
@@ -8686,19 +8970,18 @@ client = 312-version-negotiation-client
 [312-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [312-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-312]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -8713,17 +8996,18 @@ client = 313-version-negotiation-client
 [313-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [313-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-313]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8739,18 +9023,19 @@ client = 314-version-negotiation-client
 [314-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [314-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-314]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -8765,18 +9050,18 @@ client = 315-version-negotiation-client
 [315-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [315-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-315]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8792,18 +9077,18 @@ client = 316-version-negotiation-client
 [316-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [316-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-316]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8819,17 +9104,17 @@ client = 317-version-negotiation-client
 [317-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [317-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-317]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8845,19 +9130,19 @@ client = 318-version-negotiation-client
 [318-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [318-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-318]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -8872,18 +9157,19 @@ client = 319-version-negotiation-client
 [319-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [319-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-319]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8899,17 +9185,19 @@ client = 320-version-negotiation-client
 [320-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [320-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-320]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8926,17 +9214,18 @@ client = 321-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [321-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-321]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8952,17 +9241,19 @@ client = 322-version-negotiation-client
 [322-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [322-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-322]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -8978,18 +9269,19 @@ client = 323-version-negotiation-client
 [323-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [323-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-323]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9005,17 +9297,19 @@ client = 324-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [324-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-324]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9031,17 +9325,19 @@ client = 325-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [325-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-325]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9057,17 +9353,18 @@ client = 326-version-negotiation-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [326-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-326]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -9083,17 +9380,19 @@ client = 327-version-negotiation-client
 [327-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [327-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-327]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -9109,19 +9408,19 @@ client = 328-version-negotiation-client
 [328-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [328-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-328]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9136,19 +9435,19 @@ client = 329-version-negotiation-client
 [329-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [329-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-329]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9163,19 +9462,19 @@ client = 330-version-negotiation-client
 [330-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [330-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-330]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9190,20 +9489,19 @@ client = 331-version-negotiation-client
 [331-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [331-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-331]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9218,19 +9516,18 @@ client = 332-version-negotiation-client
 [332-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [332-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-332]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9245,19 +9542,19 @@ client = 333-version-negotiation-client
 [333-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [333-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-333]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9272,19 +9569,19 @@ client = 334-version-negotiation-client
 [334-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [334-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-334]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9299,20 +9596,18 @@ client = 335-version-negotiation-client
 [335-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
+MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [335-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-335]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9327,19 +9622,19 @@ client = 336-version-negotiation-client
 [336-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [336-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-336]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9354,19 +9649,18 @@ client = 337-version-negotiation-client
 [337-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MinProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [337-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-337]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9381,20 +9675,18 @@ client = 338-version-negotiation-client
 [338-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
+MaxProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [338-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-338]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9409,18 +9701,18 @@ client = 339-version-negotiation-client
 [339-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [339-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-339]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -9436,19 +9728,18 @@ client = 340-version-negotiation-client
 [340-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [340-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-340]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -9464,18 +9755,18 @@ client = 341-version-negotiation-client
 [341-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [341-version-negotiation-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-341]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -9491,17 +9782,19 @@ client = 342-version-negotiation-client
 [342-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [342-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-342]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9516,17 +9809,18 @@ client = 343-version-negotiation-client
 [343-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [343-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-343]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9541,17 +9835,19 @@ client = 344-version-negotiation-client
 [344-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [344-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-344]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9566,17 +9862,19 @@ client = 345-version-negotiation-client
 [345-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [345-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-345]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -9592,16 +9890,19 @@ client = 346-version-negotiation-client
 [346-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [346-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-346]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -9617,18 +9918,20 @@ client = 347-version-negotiation-client
 [347-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = SSLv3
+MaxProtocol = TLSv1.2
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [347-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-347]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9643,18 +9946,20 @@ client = 348-version-negotiation-client
 [348-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [348-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-348]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9669,18 +9974,19 @@ client = 349-version-negotiation-client
 [349-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
 MinProtocol = SSLv3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [349-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-349]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9695,18 +10001,19 @@ client = 350-version-negotiation-client
 [350-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [350-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-350]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 ExpectedResult = Success
 
 
@@ -9722,17 +10029,19 @@ client = 351-version-negotiation-client
 [351-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = SSLv3
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [351-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-351]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -9748,18 +10057,20 @@ client = 352-version-negotiation-client
 [352-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [352-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-352]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9774,18 +10085,20 @@ client = 353-version-negotiation-client
 [353-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [353-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-353]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9800,18 +10113,18 @@ client = 354-version-negotiation-client
 [354-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
 MinProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [354-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-354]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -9827,17 +10140,19 @@ client = 355-version-negotiation-client
 [355-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MinProtocol = TLSv1
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [355-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-355]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -9853,18 +10168,20 @@ client = 356-version-negotiation-client
 [356-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.2
 MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [356-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-356]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
 
 
 # ===========================================================
@@ -9879,18 +10196,19 @@ client = 357-version-negotiation-client
 [357-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.3
 MinProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [357-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-357]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -9911,12 +10229,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [358-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-358]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 ExpectedResult = Success
 
 
@@ -9938,13 +10257,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [359-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-359]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
+ExpectedResult = ServerFail
 
 
 # ===========================================================
@@ -9959,17 +10278,8493 @@ client = 360-version-negotiation-client
 [360-version-negotiation-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
 MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [360-version-negotiation-client]
 CipherString = DEFAULT
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-360]
-ExpectedProtocol = TLSv1.2
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[361-version-negotiation]
+ssl_conf = 361-version-negotiation-ssl
+
+[361-version-negotiation-ssl]
+server = 361-version-negotiation-server
+client = 361-version-negotiation-client
+
+[361-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[361-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-361]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[362-version-negotiation]
+ssl_conf = 362-version-negotiation-ssl
+
+[362-version-negotiation-ssl]
+server = 362-version-negotiation-server
+client = 362-version-negotiation-client
+
+[362-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[362-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-362]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[363-version-negotiation]
+ssl_conf = 363-version-negotiation-ssl
+
+[363-version-negotiation-ssl]
+server = 363-version-negotiation-server
+client = 363-version-negotiation-client
+
+[363-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[363-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-363]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[364-version-negotiation]
+ssl_conf = 364-version-negotiation-ssl
+
+[364-version-negotiation-ssl]
+server = 364-version-negotiation-server
+client = 364-version-negotiation-client
+
+[364-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[364-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-364]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[365-version-negotiation]
+ssl_conf = 365-version-negotiation-ssl
+
+[365-version-negotiation-ssl]
+server = 365-version-negotiation-server
+client = 365-version-negotiation-client
+
+[365-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[365-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-365]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[366-version-negotiation]
+ssl_conf = 366-version-negotiation-ssl
+
+[366-version-negotiation-ssl]
+server = 366-version-negotiation-server
+client = 366-version-negotiation-client
+
+[366-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[366-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-366]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[367-version-negotiation]
+ssl_conf = 367-version-negotiation-ssl
+
+[367-version-negotiation-ssl]
+server = 367-version-negotiation-server
+client = 367-version-negotiation-client
+
+[367-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[367-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-367]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[368-version-negotiation]
+ssl_conf = 368-version-negotiation-ssl
+
+[368-version-negotiation-ssl]
+server = 368-version-negotiation-server
+client = 368-version-negotiation-client
+
+[368-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[368-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-368]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[369-version-negotiation]
+ssl_conf = 369-version-negotiation-ssl
+
+[369-version-negotiation-ssl]
+server = 369-version-negotiation-server
+client = 369-version-negotiation-client
+
+[369-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[369-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-369]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[370-version-negotiation]
+ssl_conf = 370-version-negotiation-ssl
+
+[370-version-negotiation-ssl]
+server = 370-version-negotiation-server
+client = 370-version-negotiation-client
+
+[370-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[370-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-370]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[371-version-negotiation]
+ssl_conf = 371-version-negotiation-ssl
+
+[371-version-negotiation-ssl]
+server = 371-version-negotiation-server
+client = 371-version-negotiation-client
+
+[371-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[371-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-371]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[372-version-negotiation]
+ssl_conf = 372-version-negotiation-ssl
+
+[372-version-negotiation-ssl]
+server = 372-version-negotiation-server
+client = 372-version-negotiation-client
+
+[372-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[372-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-372]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[373-version-negotiation]
+ssl_conf = 373-version-negotiation-ssl
+
+[373-version-negotiation-ssl]
+server = 373-version-negotiation-server
+client = 373-version-negotiation-client
+
+[373-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[373-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-373]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[374-version-negotiation]
+ssl_conf = 374-version-negotiation-ssl
+
+[374-version-negotiation-ssl]
+server = 374-version-negotiation-server
+client = 374-version-negotiation-client
+
+[374-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[374-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-374]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[375-version-negotiation]
+ssl_conf = 375-version-negotiation-ssl
+
+[375-version-negotiation-ssl]
+server = 375-version-negotiation-server
+client = 375-version-negotiation-client
+
+[375-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[375-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-375]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[376-version-negotiation]
+ssl_conf = 376-version-negotiation-ssl
+
+[376-version-negotiation-ssl]
+server = 376-version-negotiation-server
+client = 376-version-negotiation-client
+
+[376-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[376-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-376]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[377-version-negotiation]
+ssl_conf = 377-version-negotiation-ssl
+
+[377-version-negotiation-ssl]
+server = 377-version-negotiation-server
+client = 377-version-negotiation-client
+
+[377-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[377-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-377]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[378-version-negotiation]
+ssl_conf = 378-version-negotiation-ssl
+
+[378-version-negotiation-ssl]
+server = 378-version-negotiation-server
+client = 378-version-negotiation-client
+
+[378-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[378-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-378]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[379-version-negotiation]
+ssl_conf = 379-version-negotiation-ssl
+
+[379-version-negotiation-ssl]
+server = 379-version-negotiation-server
+client = 379-version-negotiation-client
+
+[379-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[379-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-379]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[380-version-negotiation]
+ssl_conf = 380-version-negotiation-ssl
+
+[380-version-negotiation-ssl]
+server = 380-version-negotiation-server
+client = 380-version-negotiation-client
+
+[380-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[380-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-380]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[381-version-negotiation]
+ssl_conf = 381-version-negotiation-ssl
+
+[381-version-negotiation-ssl]
+server = 381-version-negotiation-server
+client = 381-version-negotiation-client
+
+[381-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[381-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-381]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[382-version-negotiation]
+ssl_conf = 382-version-negotiation-ssl
+
+[382-version-negotiation-ssl]
+server = 382-version-negotiation-server
+client = 382-version-negotiation-client
+
+[382-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[382-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-382]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[383-version-negotiation]
+ssl_conf = 383-version-negotiation-ssl
+
+[383-version-negotiation-ssl]
+server = 383-version-negotiation-server
+client = 383-version-negotiation-client
+
+[383-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[383-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-383]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[384-version-negotiation]
+ssl_conf = 384-version-negotiation-ssl
+
+[384-version-negotiation-ssl]
+server = 384-version-negotiation-server
+client = 384-version-negotiation-client
+
+[384-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[384-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-384]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[385-version-negotiation]
+ssl_conf = 385-version-negotiation-ssl
+
+[385-version-negotiation-ssl]
+server = 385-version-negotiation-server
+client = 385-version-negotiation-client
+
+[385-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[385-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-385]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[386-version-negotiation]
+ssl_conf = 386-version-negotiation-ssl
+
+[386-version-negotiation-ssl]
+server = 386-version-negotiation-server
+client = 386-version-negotiation-client
+
+[386-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[386-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-386]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[387-version-negotiation]
+ssl_conf = 387-version-negotiation-ssl
+
+[387-version-negotiation-ssl]
+server = 387-version-negotiation-server
+client = 387-version-negotiation-client
+
+[387-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[387-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-387]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[388-version-negotiation]
+ssl_conf = 388-version-negotiation-ssl
+
+[388-version-negotiation-ssl]
+server = 388-version-negotiation-server
+client = 388-version-negotiation-client
+
+[388-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[388-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-388]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[389-version-negotiation]
+ssl_conf = 389-version-negotiation-ssl
+
+[389-version-negotiation-ssl]
+server = 389-version-negotiation-server
+client = 389-version-negotiation-client
+
+[389-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[389-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-389]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[390-version-negotiation]
+ssl_conf = 390-version-negotiation-ssl
+
+[390-version-negotiation-ssl]
+server = 390-version-negotiation-server
+client = 390-version-negotiation-client
+
+[390-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[390-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-390]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[391-version-negotiation]
+ssl_conf = 391-version-negotiation-ssl
+
+[391-version-negotiation-ssl]
+server = 391-version-negotiation-server
+client = 391-version-negotiation-client
+
+[391-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[391-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-391]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[392-version-negotiation]
+ssl_conf = 392-version-negotiation-ssl
+
+[392-version-negotiation-ssl]
+server = 392-version-negotiation-server
+client = 392-version-negotiation-client
+
+[392-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[392-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-392]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[393-version-negotiation]
+ssl_conf = 393-version-negotiation-ssl
+
+[393-version-negotiation-ssl]
+server = 393-version-negotiation-server
+client = 393-version-negotiation-client
+
+[393-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[393-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-393]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[394-version-negotiation]
+ssl_conf = 394-version-negotiation-ssl
+
+[394-version-negotiation-ssl]
+server = 394-version-negotiation-server
+client = 394-version-negotiation-client
+
+[394-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[394-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-394]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[395-version-negotiation]
+ssl_conf = 395-version-negotiation-ssl
+
+[395-version-negotiation-ssl]
+server = 395-version-negotiation-server
+client = 395-version-negotiation-client
+
+[395-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[395-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-395]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[396-version-negotiation]
+ssl_conf = 396-version-negotiation-ssl
+
+[396-version-negotiation-ssl]
+server = 396-version-negotiation-server
+client = 396-version-negotiation-client
+
+[396-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[396-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-396]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[397-version-negotiation]
+ssl_conf = 397-version-negotiation-ssl
+
+[397-version-negotiation-ssl]
+server = 397-version-negotiation-server
+client = 397-version-negotiation-client
+
+[397-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[397-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-397]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[398-version-negotiation]
+ssl_conf = 398-version-negotiation-ssl
+
+[398-version-negotiation-ssl]
+server = 398-version-negotiation-server
+client = 398-version-negotiation-client
+
+[398-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[398-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-398]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[399-version-negotiation]
+ssl_conf = 399-version-negotiation-ssl
+
+[399-version-negotiation-ssl]
+server = 399-version-negotiation-server
+client = 399-version-negotiation-client
+
+[399-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[399-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-399]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[400-version-negotiation]
+ssl_conf = 400-version-negotiation-ssl
+
+[400-version-negotiation-ssl]
+server = 400-version-negotiation-server
+client = 400-version-negotiation-client
+
+[400-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[400-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-400]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[401-version-negotiation]
+ssl_conf = 401-version-negotiation-ssl
+
+[401-version-negotiation-ssl]
+server = 401-version-negotiation-server
+client = 401-version-negotiation-client
+
+[401-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[401-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-401]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[402-version-negotiation]
+ssl_conf = 402-version-negotiation-ssl
+
+[402-version-negotiation-ssl]
+server = 402-version-negotiation-server
+client = 402-version-negotiation-client
+
+[402-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[402-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-402]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[403-version-negotiation]
+ssl_conf = 403-version-negotiation-ssl
+
+[403-version-negotiation-ssl]
+server = 403-version-negotiation-server
+client = 403-version-negotiation-client
+
+[403-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[403-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-403]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[404-version-negotiation]
+ssl_conf = 404-version-negotiation-ssl
+
+[404-version-negotiation-ssl]
+server = 404-version-negotiation-server
+client = 404-version-negotiation-client
+
+[404-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[404-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-404]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[405-version-negotiation]
+ssl_conf = 405-version-negotiation-ssl
+
+[405-version-negotiation-ssl]
+server = 405-version-negotiation-server
+client = 405-version-negotiation-client
+
+[405-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[405-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-405]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[406-version-negotiation]
+ssl_conf = 406-version-negotiation-ssl
+
+[406-version-negotiation-ssl]
+server = 406-version-negotiation-server
+client = 406-version-negotiation-client
+
+[406-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[406-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-406]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[407-version-negotiation]
+ssl_conf = 407-version-negotiation-ssl
+
+[407-version-negotiation-ssl]
+server = 407-version-negotiation-server
+client = 407-version-negotiation-client
+
+[407-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[407-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-407]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[408-version-negotiation]
+ssl_conf = 408-version-negotiation-ssl
+
+[408-version-negotiation-ssl]
+server = 408-version-negotiation-server
+client = 408-version-negotiation-client
+
+[408-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[408-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-408]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[409-version-negotiation]
+ssl_conf = 409-version-negotiation-ssl
+
+[409-version-negotiation-ssl]
+server = 409-version-negotiation-server
+client = 409-version-negotiation-client
+
+[409-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[409-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-409]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[410-version-negotiation]
+ssl_conf = 410-version-negotiation-ssl
+
+[410-version-negotiation-ssl]
+server = 410-version-negotiation-server
+client = 410-version-negotiation-client
+
+[410-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[410-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-410]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[411-version-negotiation]
+ssl_conf = 411-version-negotiation-ssl
+
+[411-version-negotiation-ssl]
+server = 411-version-negotiation-server
+client = 411-version-negotiation-client
+
+[411-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[411-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-411]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[412-version-negotiation]
+ssl_conf = 412-version-negotiation-ssl
+
+[412-version-negotiation-ssl]
+server = 412-version-negotiation-server
+client = 412-version-negotiation-client
+
+[412-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[412-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-412]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[413-version-negotiation]
+ssl_conf = 413-version-negotiation-ssl
+
+[413-version-negotiation-ssl]
+server = 413-version-negotiation-server
+client = 413-version-negotiation-client
+
+[413-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[413-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-413]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[414-version-negotiation]
+ssl_conf = 414-version-negotiation-ssl
+
+[414-version-negotiation-ssl]
+server = 414-version-negotiation-server
+client = 414-version-negotiation-client
+
+[414-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[414-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-414]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[415-version-negotiation]
+ssl_conf = 415-version-negotiation-ssl
+
+[415-version-negotiation-ssl]
+server = 415-version-negotiation-server
+client = 415-version-negotiation-client
+
+[415-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[415-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-415]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[416-version-negotiation]
+ssl_conf = 416-version-negotiation-ssl
+
+[416-version-negotiation-ssl]
+server = 416-version-negotiation-server
+client = 416-version-negotiation-client
+
+[416-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[416-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-416]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[417-version-negotiation]
+ssl_conf = 417-version-negotiation-ssl
+
+[417-version-negotiation-ssl]
+server = 417-version-negotiation-server
+client = 417-version-negotiation-client
+
+[417-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[417-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-417]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[418-version-negotiation]
+ssl_conf = 418-version-negotiation-ssl
+
+[418-version-negotiation-ssl]
+server = 418-version-negotiation-server
+client = 418-version-negotiation-client
+
+[418-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[418-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-418]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[419-version-negotiation]
+ssl_conf = 419-version-negotiation-ssl
+
+[419-version-negotiation-ssl]
+server = 419-version-negotiation-server
+client = 419-version-negotiation-client
+
+[419-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[419-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-419]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[420-version-negotiation]
+ssl_conf = 420-version-negotiation-ssl
+
+[420-version-negotiation-ssl]
+server = 420-version-negotiation-server
+client = 420-version-negotiation-client
+
+[420-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[420-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-420]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[421-version-negotiation]
+ssl_conf = 421-version-negotiation-ssl
+
+[421-version-negotiation-ssl]
+server = 421-version-negotiation-server
+client = 421-version-negotiation-client
+
+[421-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[421-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-421]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[422-version-negotiation]
+ssl_conf = 422-version-negotiation-ssl
+
+[422-version-negotiation-ssl]
+server = 422-version-negotiation-server
+client = 422-version-negotiation-client
+
+[422-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[422-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-422]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[423-version-negotiation]
+ssl_conf = 423-version-negotiation-ssl
+
+[423-version-negotiation-ssl]
+server = 423-version-negotiation-server
+client = 423-version-negotiation-client
+
+[423-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[423-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-423]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[424-version-negotiation]
+ssl_conf = 424-version-negotiation-ssl
+
+[424-version-negotiation-ssl]
+server = 424-version-negotiation-server
+client = 424-version-negotiation-client
+
+[424-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[424-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-424]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[425-version-negotiation]
+ssl_conf = 425-version-negotiation-ssl
+
+[425-version-negotiation-ssl]
+server = 425-version-negotiation-server
+client = 425-version-negotiation-client
+
+[425-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[425-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-425]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[426-version-negotiation]
+ssl_conf = 426-version-negotiation-ssl
+
+[426-version-negotiation-ssl]
+server = 426-version-negotiation-server
+client = 426-version-negotiation-client
+
+[426-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[426-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-426]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[427-version-negotiation]
+ssl_conf = 427-version-negotiation-ssl
+
+[427-version-negotiation-ssl]
+server = 427-version-negotiation-server
+client = 427-version-negotiation-client
+
+[427-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[427-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-427]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[428-version-negotiation]
+ssl_conf = 428-version-negotiation-ssl
+
+[428-version-negotiation-ssl]
+server = 428-version-negotiation-server
+client = 428-version-negotiation-client
+
+[428-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[428-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-428]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[429-version-negotiation]
+ssl_conf = 429-version-negotiation-ssl
+
+[429-version-negotiation-ssl]
+server = 429-version-negotiation-server
+client = 429-version-negotiation-client
+
+[429-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[429-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-429]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[430-version-negotiation]
+ssl_conf = 430-version-negotiation-ssl
+
+[430-version-negotiation-ssl]
+server = 430-version-negotiation-server
+client = 430-version-negotiation-client
+
+[430-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[430-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-430]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[431-version-negotiation]
+ssl_conf = 431-version-negotiation-ssl
+
+[431-version-negotiation-ssl]
+server = 431-version-negotiation-server
+client = 431-version-negotiation-client
+
+[431-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[431-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-431]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[432-version-negotiation]
+ssl_conf = 432-version-negotiation-ssl
+
+[432-version-negotiation-ssl]
+server = 432-version-negotiation-server
+client = 432-version-negotiation-client
+
+[432-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[432-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-432]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[433-version-negotiation]
+ssl_conf = 433-version-negotiation-ssl
+
+[433-version-negotiation-ssl]
+server = 433-version-negotiation-server
+client = 433-version-negotiation-client
+
+[433-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[433-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-433]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[434-version-negotiation]
+ssl_conf = 434-version-negotiation-ssl
+
+[434-version-negotiation-ssl]
+server = 434-version-negotiation-server
+client = 434-version-negotiation-client
+
+[434-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[434-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-434]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[435-version-negotiation]
+ssl_conf = 435-version-negotiation-ssl
+
+[435-version-negotiation-ssl]
+server = 435-version-negotiation-server
+client = 435-version-negotiation-client
+
+[435-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[435-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-435]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[436-version-negotiation]
+ssl_conf = 436-version-negotiation-ssl
+
+[436-version-negotiation-ssl]
+server = 436-version-negotiation-server
+client = 436-version-negotiation-client
+
+[436-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[436-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-436]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[437-version-negotiation]
+ssl_conf = 437-version-negotiation-ssl
+
+[437-version-negotiation-ssl]
+server = 437-version-negotiation-server
+client = 437-version-negotiation-client
+
+[437-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[437-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-437]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[438-version-negotiation]
+ssl_conf = 438-version-negotiation-ssl
+
+[438-version-negotiation-ssl]
+server = 438-version-negotiation-server
+client = 438-version-negotiation-client
+
+[438-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[438-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-438]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[439-version-negotiation]
+ssl_conf = 439-version-negotiation-ssl
+
+[439-version-negotiation-ssl]
+server = 439-version-negotiation-server
+client = 439-version-negotiation-client
+
+[439-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[439-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-439]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[440-version-negotiation]
+ssl_conf = 440-version-negotiation-ssl
+
+[440-version-negotiation-ssl]
+server = 440-version-negotiation-server
+client = 440-version-negotiation-client
+
+[440-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[440-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-440]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[441-version-negotiation]
+ssl_conf = 441-version-negotiation-ssl
+
+[441-version-negotiation-ssl]
+server = 441-version-negotiation-server
+client = 441-version-negotiation-client
+
+[441-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[441-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-441]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[442-version-negotiation]
+ssl_conf = 442-version-negotiation-ssl
+
+[442-version-negotiation-ssl]
+server = 442-version-negotiation-server
+client = 442-version-negotiation-client
+
+[442-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[442-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-442]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[443-version-negotiation]
+ssl_conf = 443-version-negotiation-ssl
+
+[443-version-negotiation-ssl]
+server = 443-version-negotiation-server
+client = 443-version-negotiation-client
+
+[443-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[443-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-443]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[444-version-negotiation]
+ssl_conf = 444-version-negotiation-ssl
+
+[444-version-negotiation-ssl]
+server = 444-version-negotiation-server
+client = 444-version-negotiation-client
+
+[444-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[444-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-444]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[445-version-negotiation]
+ssl_conf = 445-version-negotiation-ssl
+
+[445-version-negotiation-ssl]
+server = 445-version-negotiation-server
+client = 445-version-negotiation-client
+
+[445-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[445-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-445]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[446-version-negotiation]
+ssl_conf = 446-version-negotiation-ssl
+
+[446-version-negotiation-ssl]
+server = 446-version-negotiation-server
+client = 446-version-negotiation-client
+
+[446-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[446-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-446]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[447-version-negotiation]
+ssl_conf = 447-version-negotiation-ssl
+
+[447-version-negotiation-ssl]
+server = 447-version-negotiation-server
+client = 447-version-negotiation-client
+
+[447-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[447-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-447]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[448-version-negotiation]
+ssl_conf = 448-version-negotiation-ssl
+
+[448-version-negotiation-ssl]
+server = 448-version-negotiation-server
+client = 448-version-negotiation-client
+
+[448-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[448-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-448]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[449-version-negotiation]
+ssl_conf = 449-version-negotiation-ssl
+
+[449-version-negotiation-ssl]
+server = 449-version-negotiation-server
+client = 449-version-negotiation-client
+
+[449-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[449-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-449]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[450-version-negotiation]
+ssl_conf = 450-version-negotiation-ssl
+
+[450-version-negotiation-ssl]
+server = 450-version-negotiation-server
+client = 450-version-negotiation-client
+
+[450-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[450-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-450]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[451-version-negotiation]
+ssl_conf = 451-version-negotiation-ssl
+
+[451-version-negotiation-ssl]
+server = 451-version-negotiation-server
+client = 451-version-negotiation-client
+
+[451-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[451-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-451]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[452-version-negotiation]
+ssl_conf = 452-version-negotiation-ssl
+
+[452-version-negotiation-ssl]
+server = 452-version-negotiation-server
+client = 452-version-negotiation-client
+
+[452-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[452-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-452]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[453-version-negotiation]
+ssl_conf = 453-version-negotiation-ssl
+
+[453-version-negotiation-ssl]
+server = 453-version-negotiation-server
+client = 453-version-negotiation-client
+
+[453-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[453-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-453]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[454-version-negotiation]
+ssl_conf = 454-version-negotiation-ssl
+
+[454-version-negotiation-ssl]
+server = 454-version-negotiation-server
+client = 454-version-negotiation-client
+
+[454-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[454-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-454]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[455-version-negotiation]
+ssl_conf = 455-version-negotiation-ssl
+
+[455-version-negotiation-ssl]
+server = 455-version-negotiation-server
+client = 455-version-negotiation-client
+
+[455-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[455-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-455]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[456-version-negotiation]
+ssl_conf = 456-version-negotiation-ssl
+
+[456-version-negotiation-ssl]
+server = 456-version-negotiation-server
+client = 456-version-negotiation-client
+
+[456-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[456-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-456]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[457-version-negotiation]
+ssl_conf = 457-version-negotiation-ssl
+
+[457-version-negotiation-ssl]
+server = 457-version-negotiation-server
+client = 457-version-negotiation-client
+
+[457-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[457-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-457]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[458-version-negotiation]
+ssl_conf = 458-version-negotiation-ssl
+
+[458-version-negotiation-ssl]
+server = 458-version-negotiation-server
+client = 458-version-negotiation-client
+
+[458-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[458-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-458]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[459-version-negotiation]
+ssl_conf = 459-version-negotiation-ssl
+
+[459-version-negotiation-ssl]
+server = 459-version-negotiation-server
+client = 459-version-negotiation-client
+
+[459-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[459-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-459]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[460-version-negotiation]
+ssl_conf = 460-version-negotiation-ssl
+
+[460-version-negotiation-ssl]
+server = 460-version-negotiation-server
+client = 460-version-negotiation-client
+
+[460-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[460-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-460]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[461-version-negotiation]
+ssl_conf = 461-version-negotiation-ssl
+
+[461-version-negotiation-ssl]
+server = 461-version-negotiation-server
+client = 461-version-negotiation-client
+
+[461-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[461-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-461]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[462-version-negotiation]
+ssl_conf = 462-version-negotiation-ssl
+
+[462-version-negotiation-ssl]
+server = 462-version-negotiation-server
+client = 462-version-negotiation-client
+
+[462-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[462-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-462]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[463-version-negotiation]
+ssl_conf = 463-version-negotiation-ssl
+
+[463-version-negotiation-ssl]
+server = 463-version-negotiation-server
+client = 463-version-negotiation-client
+
+[463-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[463-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-463]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[464-version-negotiation]
+ssl_conf = 464-version-negotiation-ssl
+
+[464-version-negotiation-ssl]
+server = 464-version-negotiation-server
+client = 464-version-negotiation-client
+
+[464-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[464-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-464]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[465-version-negotiation]
+ssl_conf = 465-version-negotiation-ssl
+
+[465-version-negotiation-ssl]
+server = 465-version-negotiation-server
+client = 465-version-negotiation-client
+
+[465-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[465-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-465]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[466-version-negotiation]
+ssl_conf = 466-version-negotiation-ssl
+
+[466-version-negotiation-ssl]
+server = 466-version-negotiation-server
+client = 466-version-negotiation-client
+
+[466-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[466-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-466]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[467-version-negotiation]
+ssl_conf = 467-version-negotiation-ssl
+
+[467-version-negotiation-ssl]
+server = 467-version-negotiation-server
+client = 467-version-negotiation-client
+
+[467-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[467-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-467]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[468-version-negotiation]
+ssl_conf = 468-version-negotiation-ssl
+
+[468-version-negotiation-ssl]
+server = 468-version-negotiation-server
+client = 468-version-negotiation-client
+
+[468-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[468-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-468]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[469-version-negotiation]
+ssl_conf = 469-version-negotiation-ssl
+
+[469-version-negotiation-ssl]
+server = 469-version-negotiation-server
+client = 469-version-negotiation-client
+
+[469-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[469-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-469]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[470-version-negotiation]
+ssl_conf = 470-version-negotiation-ssl
+
+[470-version-negotiation-ssl]
+server = 470-version-negotiation-server
+client = 470-version-negotiation-client
+
+[470-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[470-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-470]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[471-version-negotiation]
+ssl_conf = 471-version-negotiation-ssl
+
+[471-version-negotiation-ssl]
+server = 471-version-negotiation-server
+client = 471-version-negotiation-client
+
+[471-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[471-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-471]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[472-version-negotiation]
+ssl_conf = 472-version-negotiation-ssl
+
+[472-version-negotiation-ssl]
+server = 472-version-negotiation-server
+client = 472-version-negotiation-client
+
+[472-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[472-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-472]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[473-version-negotiation]
+ssl_conf = 473-version-negotiation-ssl
+
+[473-version-negotiation-ssl]
+server = 473-version-negotiation-server
+client = 473-version-negotiation-client
+
+[473-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[473-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-473]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[474-version-negotiation]
+ssl_conf = 474-version-negotiation-ssl
+
+[474-version-negotiation-ssl]
+server = 474-version-negotiation-server
+client = 474-version-negotiation-client
+
+[474-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[474-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-474]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[475-version-negotiation]
+ssl_conf = 475-version-negotiation-ssl
+
+[475-version-negotiation-ssl]
+server = 475-version-negotiation-server
+client = 475-version-negotiation-client
+
+[475-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[475-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-475]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[476-version-negotiation]
+ssl_conf = 476-version-negotiation-ssl
+
+[476-version-negotiation-ssl]
+server = 476-version-negotiation-server
+client = 476-version-negotiation-client
+
+[476-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[476-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-476]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[477-version-negotiation]
+ssl_conf = 477-version-negotiation-ssl
+
+[477-version-negotiation-ssl]
+server = 477-version-negotiation-server
+client = 477-version-negotiation-client
+
+[477-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[477-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-477]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[478-version-negotiation]
+ssl_conf = 478-version-negotiation-ssl
+
+[478-version-negotiation-ssl]
+server = 478-version-negotiation-server
+client = 478-version-negotiation-client
+
+[478-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[478-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-478]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[479-version-negotiation]
+ssl_conf = 479-version-negotiation-ssl
+
+[479-version-negotiation-ssl]
+server = 479-version-negotiation-server
+client = 479-version-negotiation-client
+
+[479-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[479-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-479]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[480-version-negotiation]
+ssl_conf = 480-version-negotiation-ssl
+
+[480-version-negotiation-ssl]
+server = 480-version-negotiation-server
+client = 480-version-negotiation-client
+
+[480-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[480-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-480]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[481-version-negotiation]
+ssl_conf = 481-version-negotiation-ssl
+
+[481-version-negotiation-ssl]
+server = 481-version-negotiation-server
+client = 481-version-negotiation-client
+
+[481-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[481-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-481]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[482-version-negotiation]
+ssl_conf = 482-version-negotiation-ssl
+
+[482-version-negotiation-ssl]
+server = 482-version-negotiation-server
+client = 482-version-negotiation-client
+
+[482-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[482-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-482]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[483-version-negotiation]
+ssl_conf = 483-version-negotiation-ssl
+
+[483-version-negotiation-ssl]
+server = 483-version-negotiation-server
+client = 483-version-negotiation-client
+
+[483-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[483-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-483]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[484-version-negotiation]
+ssl_conf = 484-version-negotiation-ssl
+
+[484-version-negotiation-ssl]
+server = 484-version-negotiation-server
+client = 484-version-negotiation-client
+
+[484-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[484-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-484]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[485-version-negotiation]
+ssl_conf = 485-version-negotiation-ssl
+
+[485-version-negotiation-ssl]
+server = 485-version-negotiation-server
+client = 485-version-negotiation-client
+
+[485-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[485-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-485]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[486-version-negotiation]
+ssl_conf = 486-version-negotiation-ssl
+
+[486-version-negotiation-ssl]
+server = 486-version-negotiation-server
+client = 486-version-negotiation-client
+
+[486-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[486-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-486]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[487-version-negotiation]
+ssl_conf = 487-version-negotiation-ssl
+
+[487-version-negotiation-ssl]
+server = 487-version-negotiation-server
+client = 487-version-negotiation-client
+
+[487-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[487-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-487]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[488-version-negotiation]
+ssl_conf = 488-version-negotiation-ssl
+
+[488-version-negotiation-ssl]
+server = 488-version-negotiation-server
+client = 488-version-negotiation-client
+
+[488-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[488-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-488]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[489-version-negotiation]
+ssl_conf = 489-version-negotiation-ssl
+
+[489-version-negotiation-ssl]
+server = 489-version-negotiation-server
+client = 489-version-negotiation-client
+
+[489-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[489-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-489]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[490-version-negotiation]
+ssl_conf = 490-version-negotiation-ssl
+
+[490-version-negotiation-ssl]
+server = 490-version-negotiation-server
+client = 490-version-negotiation-client
+
+[490-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[490-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-490]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[491-version-negotiation]
+ssl_conf = 491-version-negotiation-ssl
+
+[491-version-negotiation-ssl]
+server = 491-version-negotiation-server
+client = 491-version-negotiation-client
+
+[491-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[491-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-491]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[492-version-negotiation]
+ssl_conf = 492-version-negotiation-ssl
+
+[492-version-negotiation-ssl]
+server = 492-version-negotiation-server
+client = 492-version-negotiation-client
+
+[492-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[492-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-492]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[493-version-negotiation]
+ssl_conf = 493-version-negotiation-ssl
+
+[493-version-negotiation-ssl]
+server = 493-version-negotiation-server
+client = 493-version-negotiation-client
+
+[493-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[493-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-493]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[494-version-negotiation]
+ssl_conf = 494-version-negotiation-ssl
+
+[494-version-negotiation-ssl]
+server = 494-version-negotiation-server
+client = 494-version-negotiation-client
+
+[494-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[494-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-494]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[495-version-negotiation]
+ssl_conf = 495-version-negotiation-ssl
+
+[495-version-negotiation-ssl]
+server = 495-version-negotiation-server
+client = 495-version-negotiation-client
+
+[495-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[495-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-495]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[496-version-negotiation]
+ssl_conf = 496-version-negotiation-ssl
+
+[496-version-negotiation-ssl]
+server = 496-version-negotiation-server
+client = 496-version-negotiation-client
+
+[496-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[496-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-496]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[497-version-negotiation]
+ssl_conf = 497-version-negotiation-ssl
+
+[497-version-negotiation-ssl]
+server = 497-version-negotiation-server
+client = 497-version-negotiation-client
+
+[497-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[497-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-497]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[498-version-negotiation]
+ssl_conf = 498-version-negotiation-ssl
+
+[498-version-negotiation-ssl]
+server = 498-version-negotiation-server
+client = 498-version-negotiation-client
+
+[498-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[498-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-498]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[499-version-negotiation]
+ssl_conf = 499-version-negotiation-ssl
+
+[499-version-negotiation-ssl]
+server = 499-version-negotiation-server
+client = 499-version-negotiation-client
+
+[499-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[499-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-499]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[500-version-negotiation]
+ssl_conf = 500-version-negotiation-ssl
+
+[500-version-negotiation-ssl]
+server = 500-version-negotiation-server
+client = 500-version-negotiation-client
+
+[500-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[500-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-500]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[501-version-negotiation]
+ssl_conf = 501-version-negotiation-ssl
+
+[501-version-negotiation-ssl]
+server = 501-version-negotiation-server
+client = 501-version-negotiation-client
+
+[501-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[501-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-501]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[502-version-negotiation]
+ssl_conf = 502-version-negotiation-ssl
+
+[502-version-negotiation-ssl]
+server = 502-version-negotiation-server
+client = 502-version-negotiation-client
+
+[502-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[502-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-502]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[503-version-negotiation]
+ssl_conf = 503-version-negotiation-ssl
+
+[503-version-negotiation-ssl]
+server = 503-version-negotiation-server
+client = 503-version-negotiation-client
+
+[503-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[503-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-503]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[504-version-negotiation]
+ssl_conf = 504-version-negotiation-ssl
+
+[504-version-negotiation-ssl]
+server = 504-version-negotiation-server
+client = 504-version-negotiation-client
+
+[504-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[504-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-504]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[505-version-negotiation]
+ssl_conf = 505-version-negotiation-ssl
+
+[505-version-negotiation-ssl]
+server = 505-version-negotiation-server
+client = 505-version-negotiation-client
+
+[505-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[505-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-505]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[506-version-negotiation]
+ssl_conf = 506-version-negotiation-ssl
+
+[506-version-negotiation-ssl]
+server = 506-version-negotiation-server
+client = 506-version-negotiation-client
+
+[506-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[506-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-506]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[507-version-negotiation]
+ssl_conf = 507-version-negotiation-ssl
+
+[507-version-negotiation-ssl]
+server = 507-version-negotiation-server
+client = 507-version-negotiation-client
+
+[507-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[507-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-507]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[508-version-negotiation]
+ssl_conf = 508-version-negotiation-ssl
+
+[508-version-negotiation-ssl]
+server = 508-version-negotiation-server
+client = 508-version-negotiation-client
+
+[508-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[508-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-508]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[509-version-negotiation]
+ssl_conf = 509-version-negotiation-ssl
+
+[509-version-negotiation-ssl]
+server = 509-version-negotiation-server
+client = 509-version-negotiation-client
+
+[509-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[509-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-509]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[510-version-negotiation]
+ssl_conf = 510-version-negotiation-ssl
+
+[510-version-negotiation-ssl]
+server = 510-version-negotiation-server
+client = 510-version-negotiation-client
+
+[510-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[510-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-510]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[511-version-negotiation]
+ssl_conf = 511-version-negotiation-ssl
+
+[511-version-negotiation-ssl]
+server = 511-version-negotiation-server
+client = 511-version-negotiation-client
+
+[511-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[511-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-511]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[512-version-negotiation]
+ssl_conf = 512-version-negotiation-ssl
+
+[512-version-negotiation-ssl]
+server = 512-version-negotiation-server
+client = 512-version-negotiation-client
+
+[512-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[512-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-512]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[513-version-negotiation]
+ssl_conf = 513-version-negotiation-ssl
+
+[513-version-negotiation-ssl]
+server = 513-version-negotiation-server
+client = 513-version-negotiation-client
+
+[513-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[513-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-513]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[514-version-negotiation]
+ssl_conf = 514-version-negotiation-ssl
+
+[514-version-negotiation-ssl]
+server = 514-version-negotiation-server
+client = 514-version-negotiation-client
+
+[514-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[514-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-514]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[515-version-negotiation]
+ssl_conf = 515-version-negotiation-ssl
+
+[515-version-negotiation-ssl]
+server = 515-version-negotiation-server
+client = 515-version-negotiation-client
+
+[515-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[515-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-515]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[516-version-negotiation]
+ssl_conf = 516-version-negotiation-ssl
+
+[516-version-negotiation-ssl]
+server = 516-version-negotiation-server
+client = 516-version-negotiation-client
+
+[516-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[516-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-516]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[517-version-negotiation]
+ssl_conf = 517-version-negotiation-ssl
+
+[517-version-negotiation-ssl]
+server = 517-version-negotiation-server
+client = 517-version-negotiation-client
+
+[517-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[517-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-517]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[518-version-negotiation]
+ssl_conf = 518-version-negotiation-ssl
+
+[518-version-negotiation-ssl]
+server = 518-version-negotiation-server
+client = 518-version-negotiation-client
+
+[518-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[518-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-518]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[519-version-negotiation]
+ssl_conf = 519-version-negotiation-ssl
+
+[519-version-negotiation-ssl]
+server = 519-version-negotiation-server
+client = 519-version-negotiation-client
+
+[519-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[519-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-519]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[520-version-negotiation]
+ssl_conf = 520-version-negotiation-ssl
+
+[520-version-negotiation-ssl]
+server = 520-version-negotiation-server
+client = 520-version-negotiation-client
+
+[520-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[520-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-520]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[521-version-negotiation]
+ssl_conf = 521-version-negotiation-ssl
+
+[521-version-negotiation-ssl]
+server = 521-version-negotiation-server
+client = 521-version-negotiation-client
+
+[521-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[521-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-521]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[522-version-negotiation]
+ssl_conf = 522-version-negotiation-ssl
+
+[522-version-negotiation-ssl]
+server = 522-version-negotiation-server
+client = 522-version-negotiation-client
+
+[522-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[522-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-522]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[523-version-negotiation]
+ssl_conf = 523-version-negotiation-ssl
+
+[523-version-negotiation-ssl]
+server = 523-version-negotiation-server
+client = 523-version-negotiation-client
+
+[523-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[523-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-523]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[524-version-negotiation]
+ssl_conf = 524-version-negotiation-ssl
+
+[524-version-negotiation-ssl]
+server = 524-version-negotiation-server
+client = 524-version-negotiation-client
+
+[524-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[524-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-524]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[525-version-negotiation]
+ssl_conf = 525-version-negotiation-ssl
+
+[525-version-negotiation-ssl]
+server = 525-version-negotiation-server
+client = 525-version-negotiation-client
+
+[525-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[525-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-525]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[526-version-negotiation]
+ssl_conf = 526-version-negotiation-ssl
+
+[526-version-negotiation-ssl]
+server = 526-version-negotiation-server
+client = 526-version-negotiation-client
+
+[526-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[526-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-526]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[527-version-negotiation]
+ssl_conf = 527-version-negotiation-ssl
+
+[527-version-negotiation-ssl]
+server = 527-version-negotiation-server
+client = 527-version-negotiation-client
+
+[527-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[527-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-527]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[528-version-negotiation]
+ssl_conf = 528-version-negotiation-ssl
+
+[528-version-negotiation-ssl]
+server = 528-version-negotiation-server
+client = 528-version-negotiation-client
+
+[528-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[528-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-528]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[529-version-negotiation]
+ssl_conf = 529-version-negotiation-ssl
+
+[529-version-negotiation-ssl]
+server = 529-version-negotiation-server
+client = 529-version-negotiation-client
+
+[529-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[529-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-529]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[530-version-negotiation]
+ssl_conf = 530-version-negotiation-ssl
+
+[530-version-negotiation-ssl]
+server = 530-version-negotiation-server
+client = 530-version-negotiation-client
+
+[530-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[530-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-530]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[531-version-negotiation]
+ssl_conf = 531-version-negotiation-ssl
+
+[531-version-negotiation-ssl]
+server = 531-version-negotiation-server
+client = 531-version-negotiation-client
+
+[531-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[531-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-531]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[532-version-negotiation]
+ssl_conf = 532-version-negotiation-ssl
+
+[532-version-negotiation-ssl]
+server = 532-version-negotiation-server
+client = 532-version-negotiation-client
+
+[532-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[532-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-532]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[533-version-negotiation]
+ssl_conf = 533-version-negotiation-ssl
+
+[533-version-negotiation-ssl]
+server = 533-version-negotiation-server
+client = 533-version-negotiation-client
+
+[533-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[533-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-533]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[534-version-negotiation]
+ssl_conf = 534-version-negotiation-ssl
+
+[534-version-negotiation-ssl]
+server = 534-version-negotiation-server
+client = 534-version-negotiation-client
+
+[534-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[534-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-534]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[535-version-negotiation]
+ssl_conf = 535-version-negotiation-ssl
+
+[535-version-negotiation-ssl]
+server = 535-version-negotiation-server
+client = 535-version-negotiation-client
+
+[535-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[535-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-535]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[536-version-negotiation]
+ssl_conf = 536-version-negotiation-ssl
+
+[536-version-negotiation-ssl]
+server = 536-version-negotiation-server
+client = 536-version-negotiation-client
+
+[536-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[536-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-536]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[537-version-negotiation]
+ssl_conf = 537-version-negotiation-ssl
+
+[537-version-negotiation-ssl]
+server = 537-version-negotiation-server
+client = 537-version-negotiation-client
+
+[537-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[537-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-537]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[538-version-negotiation]
+ssl_conf = 538-version-negotiation-ssl
+
+[538-version-negotiation-ssl]
+server = 538-version-negotiation-server
+client = 538-version-negotiation-client
+
+[538-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[538-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-538]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[539-version-negotiation]
+ssl_conf = 539-version-negotiation-ssl
+
+[539-version-negotiation-ssl]
+server = 539-version-negotiation-server
+client = 539-version-negotiation-client
+
+[539-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[539-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-539]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[540-version-negotiation]
+ssl_conf = 540-version-negotiation-ssl
+
+[540-version-negotiation-ssl]
+server = 540-version-negotiation-server
+client = 540-version-negotiation-client
+
+[540-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[540-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-540]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[541-version-negotiation]
+ssl_conf = 541-version-negotiation-ssl
+
+[541-version-negotiation-ssl]
+server = 541-version-negotiation-server
+client = 541-version-negotiation-client
+
+[541-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[541-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-541]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[542-version-negotiation]
+ssl_conf = 542-version-negotiation-ssl
+
+[542-version-negotiation-ssl]
+server = 542-version-negotiation-server
+client = 542-version-negotiation-client
+
+[542-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[542-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-542]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[543-version-negotiation]
+ssl_conf = 543-version-negotiation-ssl
+
+[543-version-negotiation-ssl]
+server = 543-version-negotiation-server
+client = 543-version-negotiation-client
+
+[543-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[543-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-543]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[544-version-negotiation]
+ssl_conf = 544-version-negotiation-ssl
+
+[544-version-negotiation-ssl]
+server = 544-version-negotiation-server
+client = 544-version-negotiation-client
+
+[544-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[544-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-544]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[545-version-negotiation]
+ssl_conf = 545-version-negotiation-ssl
+
+[545-version-negotiation-ssl]
+server = 545-version-negotiation-server
+client = 545-version-negotiation-client
+
+[545-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[545-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-545]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[546-version-negotiation]
+ssl_conf = 546-version-negotiation-ssl
+
+[546-version-negotiation-ssl]
+server = 546-version-negotiation-server
+client = 546-version-negotiation-client
+
+[546-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[546-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-546]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[547-version-negotiation]
+ssl_conf = 547-version-negotiation-ssl
+
+[547-version-negotiation-ssl]
+server = 547-version-negotiation-server
+client = 547-version-negotiation-client
+
+[547-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[547-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-547]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[548-version-negotiation]
+ssl_conf = 548-version-negotiation-ssl
+
+[548-version-negotiation-ssl]
+server = 548-version-negotiation-server
+client = 548-version-negotiation-client
+
+[548-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[548-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-548]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[549-version-negotiation]
+ssl_conf = 549-version-negotiation-ssl
+
+[549-version-negotiation-ssl]
+server = 549-version-negotiation-server
+client = 549-version-negotiation-client
+
+[549-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[549-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-549]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[550-version-negotiation]
+ssl_conf = 550-version-negotiation-ssl
+
+[550-version-negotiation-ssl]
+server = 550-version-negotiation-server
+client = 550-version-negotiation-client
+
+[550-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[550-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-550]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[551-version-negotiation]
+ssl_conf = 551-version-negotiation-ssl
+
+[551-version-negotiation-ssl]
+server = 551-version-negotiation-server
+client = 551-version-negotiation-client
+
+[551-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[551-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-551]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[552-version-negotiation]
+ssl_conf = 552-version-negotiation-ssl
+
+[552-version-negotiation-ssl]
+server = 552-version-negotiation-server
+client = 552-version-negotiation-client
+
+[552-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[552-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-552]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[553-version-negotiation]
+ssl_conf = 553-version-negotiation-ssl
+
+[553-version-negotiation-ssl]
+server = 553-version-negotiation-server
+client = 553-version-negotiation-client
+
+[553-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[553-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-553]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[554-version-negotiation]
+ssl_conf = 554-version-negotiation-ssl
+
+[554-version-negotiation-ssl]
+server = 554-version-negotiation-server
+client = 554-version-negotiation-client
+
+[554-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[554-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-554]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[555-version-negotiation]
+ssl_conf = 555-version-negotiation-ssl
+
+[555-version-negotiation-ssl]
+server = 555-version-negotiation-server
+client = 555-version-negotiation-client
+
+[555-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[555-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-555]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[556-version-negotiation]
+ssl_conf = 556-version-negotiation-ssl
+
+[556-version-negotiation-ssl]
+server = 556-version-negotiation-server
+client = 556-version-negotiation-client
+
+[556-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[556-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-556]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[557-version-negotiation]
+ssl_conf = 557-version-negotiation-ssl
+
+[557-version-negotiation-ssl]
+server = 557-version-negotiation-server
+client = 557-version-negotiation-client
+
+[557-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[557-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-557]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[558-version-negotiation]
+ssl_conf = 558-version-negotiation-ssl
+
+[558-version-negotiation-ssl]
+server = 558-version-negotiation-server
+client = 558-version-negotiation-client
+
+[558-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[558-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-558]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[559-version-negotiation]
+ssl_conf = 559-version-negotiation-ssl
+
+[559-version-negotiation-ssl]
+server = 559-version-negotiation-server
+client = 559-version-negotiation-client
+
+[559-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[559-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-559]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[560-version-negotiation]
+ssl_conf = 560-version-negotiation-ssl
+
+[560-version-negotiation-ssl]
+server = 560-version-negotiation-server
+client = 560-version-negotiation-client
+
+[560-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[560-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-560]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[561-version-negotiation]
+ssl_conf = 561-version-negotiation-ssl
+
+[561-version-negotiation-ssl]
+server = 561-version-negotiation-server
+client = 561-version-negotiation-client
+
+[561-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[561-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-561]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[562-version-negotiation]
+ssl_conf = 562-version-negotiation-ssl
+
+[562-version-negotiation-ssl]
+server = 562-version-negotiation-server
+client = 562-version-negotiation-client
+
+[562-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[562-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-562]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[563-version-negotiation]
+ssl_conf = 563-version-negotiation-ssl
+
+[563-version-negotiation-ssl]
+server = 563-version-negotiation-server
+client = 563-version-negotiation-client
+
+[563-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[563-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-563]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[564-version-negotiation]
+ssl_conf = 564-version-negotiation-ssl
+
+[564-version-negotiation-ssl]
+server = 564-version-negotiation-server
+client = 564-version-negotiation-client
+
+[564-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[564-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-564]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[565-version-negotiation]
+ssl_conf = 565-version-negotiation-ssl
+
+[565-version-negotiation-ssl]
+server = 565-version-negotiation-server
+client = 565-version-negotiation-client
+
+[565-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[565-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-565]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[566-version-negotiation]
+ssl_conf = 566-version-negotiation-ssl
+
+[566-version-negotiation-ssl]
+server = 566-version-negotiation-server
+client = 566-version-negotiation-client
+
+[566-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[566-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-566]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[567-version-negotiation]
+ssl_conf = 567-version-negotiation-ssl
+
+[567-version-negotiation-ssl]
+server = 567-version-negotiation-server
+client = 567-version-negotiation-client
+
+[567-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[567-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-567]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[568-version-negotiation]
+ssl_conf = 568-version-negotiation-ssl
+
+[568-version-negotiation-ssl]
+server = 568-version-negotiation-server
+client = 568-version-negotiation-client
+
+[568-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[568-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-568]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[569-version-negotiation]
+ssl_conf = 569-version-negotiation-ssl
+
+[569-version-negotiation-ssl]
+server = 569-version-negotiation-server
+client = 569-version-negotiation-client
+
+[569-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[569-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-569]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[570-version-negotiation]
+ssl_conf = 570-version-negotiation-ssl
+
+[570-version-negotiation-ssl]
+server = 570-version-negotiation-server
+client = 570-version-negotiation-client
+
+[570-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[570-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-570]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[571-version-negotiation]
+ssl_conf = 571-version-negotiation-ssl
+
+[571-version-negotiation-ssl]
+server = 571-version-negotiation-server
+client = 571-version-negotiation-client
+
+[571-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[571-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-571]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[572-version-negotiation]
+ssl_conf = 572-version-negotiation-ssl
+
+[572-version-negotiation-ssl]
+server = 572-version-negotiation-server
+client = 572-version-negotiation-client
+
+[572-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[572-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-572]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[573-version-negotiation]
+ssl_conf = 573-version-negotiation-ssl
+
+[573-version-negotiation-ssl]
+server = 573-version-negotiation-server
+client = 573-version-negotiation-client
+
+[573-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[573-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-573]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[574-version-negotiation]
+ssl_conf = 574-version-negotiation-ssl
+
+[574-version-negotiation-ssl]
+server = 574-version-negotiation-server
+client = 574-version-negotiation-client
+
+[574-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[574-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-574]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[575-version-negotiation]
+ssl_conf = 575-version-negotiation-ssl
+
+[575-version-negotiation-ssl]
+server = 575-version-negotiation-server
+client = 575-version-negotiation-client
+
+[575-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[575-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-575]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[576-version-negotiation]
+ssl_conf = 576-version-negotiation-ssl
+
+[576-version-negotiation-ssl]
+server = 576-version-negotiation-server
+client = 576-version-negotiation-client
+
+[576-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[576-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-576]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[577-version-negotiation]
+ssl_conf = 577-version-negotiation-ssl
+
+[577-version-negotiation-ssl]
+server = 577-version-negotiation-server
+client = 577-version-negotiation-client
+
+[577-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[577-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-577]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[578-version-negotiation]
+ssl_conf = 578-version-negotiation-ssl
+
+[578-version-negotiation-ssl]
+server = 578-version-negotiation-server
+client = 578-version-negotiation-client
+
+[578-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[578-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-578]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[579-version-negotiation]
+ssl_conf = 579-version-negotiation-ssl
+
+[579-version-negotiation-ssl]
+server = 579-version-negotiation-server
+client = 579-version-negotiation-client
+
+[579-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[579-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-579]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[580-version-negotiation]
+ssl_conf = 580-version-negotiation-ssl
+
+[580-version-negotiation-ssl]
+server = 580-version-negotiation-server
+client = 580-version-negotiation-client
+
+[580-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[580-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-580]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[581-version-negotiation]
+ssl_conf = 581-version-negotiation-ssl
+
+[581-version-negotiation-ssl]
+server = 581-version-negotiation-server
+client = 581-version-negotiation-client
+
+[581-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[581-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-581]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[582-version-negotiation]
+ssl_conf = 582-version-negotiation-ssl
+
+[582-version-negotiation-ssl]
+server = 582-version-negotiation-server
+client = 582-version-negotiation-client
+
+[582-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[582-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-582]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[583-version-negotiation]
+ssl_conf = 583-version-negotiation-ssl
+
+[583-version-negotiation-ssl]
+server = 583-version-negotiation-server
+client = 583-version-negotiation-client
+
+[583-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[583-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-583]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[584-version-negotiation]
+ssl_conf = 584-version-negotiation-ssl
+
+[584-version-negotiation-ssl]
+server = 584-version-negotiation-server
+client = 584-version-negotiation-client
+
+[584-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[584-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-584]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[585-version-negotiation]
+ssl_conf = 585-version-negotiation-ssl
+
+[585-version-negotiation-ssl]
+server = 585-version-negotiation-server
+client = 585-version-negotiation-client
+
+[585-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[585-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-585]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[586-version-negotiation]
+ssl_conf = 586-version-negotiation-ssl
+
+[586-version-negotiation-ssl]
+server = 586-version-negotiation-server
+client = 586-version-negotiation-client
+
+[586-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[586-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-586]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[587-version-negotiation]
+ssl_conf = 587-version-negotiation-ssl
+
+[587-version-negotiation-ssl]
+server = 587-version-negotiation-server
+client = 587-version-negotiation-client
+
+[587-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[587-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-587]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[588-version-negotiation]
+ssl_conf = 588-version-negotiation-ssl
+
+[588-version-negotiation-ssl]
+server = 588-version-negotiation-server
+client = 588-version-negotiation-client
+
+[588-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[588-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-588]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[589-version-negotiation]
+ssl_conf = 589-version-negotiation-ssl
+
+[589-version-negotiation-ssl]
+server = 589-version-negotiation-server
+client = 589-version-negotiation-client
+
+[589-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[589-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-589]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[590-version-negotiation]
+ssl_conf = 590-version-negotiation-ssl
+
+[590-version-negotiation-ssl]
+server = 590-version-negotiation-server
+client = 590-version-negotiation-client
+
+[590-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[590-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-590]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[591-version-negotiation]
+ssl_conf = 591-version-negotiation-ssl
+
+[591-version-negotiation-ssl]
+server = 591-version-negotiation-server
+client = 591-version-negotiation-client
+
+[591-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[591-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-591]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[592-version-negotiation]
+ssl_conf = 592-version-negotiation-ssl
+
+[592-version-negotiation-ssl]
+server = 592-version-negotiation-server
+client = 592-version-negotiation-client
+
+[592-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[592-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-592]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[593-version-negotiation]
+ssl_conf = 593-version-negotiation-ssl
+
+[593-version-negotiation-ssl]
+server = 593-version-negotiation-server
+client = 593-version-negotiation-client
+
+[593-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[593-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-593]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[594-version-negotiation]
+ssl_conf = 594-version-negotiation-ssl
+
+[594-version-negotiation-ssl]
+server = 594-version-negotiation-server
+client = 594-version-negotiation-client
+
+[594-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[594-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-594]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[595-version-negotiation]
+ssl_conf = 595-version-negotiation-ssl
+
+[595-version-negotiation-ssl]
+server = 595-version-negotiation-server
+client = 595-version-negotiation-client
+
+[595-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[595-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-595]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[596-version-negotiation]
+ssl_conf = 596-version-negotiation-ssl
+
+[596-version-negotiation-ssl]
+server = 596-version-negotiation-server
+client = 596-version-negotiation-client
+
+[596-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[596-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-596]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[597-version-negotiation]
+ssl_conf = 597-version-negotiation-ssl
+
+[597-version-negotiation-ssl]
+server = 597-version-negotiation-server
+client = 597-version-negotiation-client
+
+[597-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[597-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-597]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[598-version-negotiation]
+ssl_conf = 598-version-negotiation-ssl
+
+[598-version-negotiation-ssl]
+server = 598-version-negotiation-server
+client = 598-version-negotiation-client
+
+[598-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[598-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-598]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[599-version-negotiation]
+ssl_conf = 599-version-negotiation-ssl
+
+[599-version-negotiation-ssl]
+server = 599-version-negotiation-server
+client = 599-version-negotiation-client
+
+[599-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[599-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-599]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[600-version-negotiation]
+ssl_conf = 600-version-negotiation-ssl
+
+[600-version-negotiation-ssl]
+server = 600-version-negotiation-server
+client = 600-version-negotiation-client
+
+[600-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[600-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-600]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[601-version-negotiation]
+ssl_conf = 601-version-negotiation-ssl
+
+[601-version-negotiation-ssl]
+server = 601-version-negotiation-server
+client = 601-version-negotiation-client
+
+[601-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[601-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-601]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[602-version-negotiation]
+ssl_conf = 602-version-negotiation-ssl
+
+[602-version-negotiation-ssl]
+server = 602-version-negotiation-server
+client = 602-version-negotiation-client
+
+[602-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[602-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-602]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[603-version-negotiation]
+ssl_conf = 603-version-negotiation-ssl
+
+[603-version-negotiation-ssl]
+server = 603-version-negotiation-server
+client = 603-version-negotiation-client
+
+[603-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[603-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-603]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[604-version-negotiation]
+ssl_conf = 604-version-negotiation-ssl
+
+[604-version-negotiation-ssl]
+server = 604-version-negotiation-server
+client = 604-version-negotiation-client
+
+[604-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[604-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-604]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[605-version-negotiation]
+ssl_conf = 605-version-negotiation-ssl
+
+[605-version-negotiation-ssl]
+server = 605-version-negotiation-server
+client = 605-version-negotiation-client
+
+[605-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[605-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-605]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[606-version-negotiation]
+ssl_conf = 606-version-negotiation-ssl
+
+[606-version-negotiation-ssl]
+server = 606-version-negotiation-server
+client = 606-version-negotiation-client
+
+[606-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[606-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-606]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[607-version-negotiation]
+ssl_conf = 607-version-negotiation-ssl
+
+[607-version-negotiation-ssl]
+server = 607-version-negotiation-server
+client = 607-version-negotiation-client
+
+[607-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[607-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-607]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[608-version-negotiation]
+ssl_conf = 608-version-negotiation-ssl
+
+[608-version-negotiation-ssl]
+server = 608-version-negotiation-server
+client = 608-version-negotiation-client
+
+[608-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[608-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-608]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[609-version-negotiation]
+ssl_conf = 609-version-negotiation-ssl
+
+[609-version-negotiation-ssl]
+server = 609-version-negotiation-server
+client = 609-version-negotiation-client
+
+[609-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[609-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-609]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[610-version-negotiation]
+ssl_conf = 610-version-negotiation-ssl
+
+[610-version-negotiation-ssl]
+server = 610-version-negotiation-server
+client = 610-version-negotiation-client
+
+[610-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[610-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-610]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[611-version-negotiation]
+ssl_conf = 611-version-negotiation-ssl
+
+[611-version-negotiation-ssl]
+server = 611-version-negotiation-server
+client = 611-version-negotiation-client
+
+[611-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[611-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-611]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[612-version-negotiation]
+ssl_conf = 612-version-negotiation-ssl
+
+[612-version-negotiation-ssl]
+server = 612-version-negotiation-server
+client = 612-version-negotiation-client
+
+[612-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[612-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-612]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[613-version-negotiation]
+ssl_conf = 613-version-negotiation-ssl
+
+[613-version-negotiation-ssl]
+server = 613-version-negotiation-server
+client = 613-version-negotiation-client
+
+[613-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[613-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-613]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[614-version-negotiation]
+ssl_conf = 614-version-negotiation-ssl
+
+[614-version-negotiation-ssl]
+server = 614-version-negotiation-server
+client = 614-version-negotiation-client
+
+[614-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[614-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-614]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[615-version-negotiation]
+ssl_conf = 615-version-negotiation-ssl
+
+[615-version-negotiation-ssl]
+server = 615-version-negotiation-server
+client = 615-version-negotiation-client
+
+[615-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[615-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-615]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[616-version-negotiation]
+ssl_conf = 616-version-negotiation-ssl
+
+[616-version-negotiation-ssl]
+server = 616-version-negotiation-server
+client = 616-version-negotiation-client
+
+[616-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[616-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-616]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[617-version-negotiation]
+ssl_conf = 617-version-negotiation-ssl
+
+[617-version-negotiation-ssl]
+server = 617-version-negotiation-server
+client = 617-version-negotiation-client
+
+[617-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[617-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-617]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[618-version-negotiation]
+ssl_conf = 618-version-negotiation-ssl
+
+[618-version-negotiation-ssl]
+server = 618-version-negotiation-server
+client = 618-version-negotiation-client
+
+[618-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[618-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-618]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[619-version-negotiation]
+ssl_conf = 619-version-negotiation-ssl
+
+[619-version-negotiation-ssl]
+server = 619-version-negotiation-server
+client = 619-version-negotiation-client
+
+[619-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[619-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-619]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[620-version-negotiation]
+ssl_conf = 620-version-negotiation-ssl
+
+[620-version-negotiation-ssl]
+server = 620-version-negotiation-server
+client = 620-version-negotiation-client
+
+[620-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[620-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-620]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[621-version-negotiation]
+ssl_conf = 621-version-negotiation-ssl
+
+[621-version-negotiation-ssl]
+server = 621-version-negotiation-server
+client = 621-version-negotiation-client
+
+[621-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[621-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-621]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[622-version-negotiation]
+ssl_conf = 622-version-negotiation-ssl
+
+[622-version-negotiation-ssl]
+server = 622-version-negotiation-server
+client = 622-version-negotiation-client
+
+[622-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[622-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-622]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[623-version-negotiation]
+ssl_conf = 623-version-negotiation-ssl
+
+[623-version-negotiation-ssl]
+server = 623-version-negotiation-server
+client = 623-version-negotiation-client
+
+[623-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[623-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-623]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[624-version-negotiation]
+ssl_conf = 624-version-negotiation-ssl
+
+[624-version-negotiation-ssl]
+server = 624-version-negotiation-server
+client = 624-version-negotiation-client
+
+[624-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[624-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-624]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[625-version-negotiation]
+ssl_conf = 625-version-negotiation-ssl
+
+[625-version-negotiation-ssl]
+server = 625-version-negotiation-server
+client = 625-version-negotiation-client
+
+[625-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[625-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-625]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[626-version-negotiation]
+ssl_conf = 626-version-negotiation-ssl
+
+[626-version-negotiation-ssl]
+server = 626-version-negotiation-server
+client = 626-version-negotiation-client
+
+[626-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[626-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-626]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[627-version-negotiation]
+ssl_conf = 627-version-negotiation-ssl
+
+[627-version-negotiation-ssl]
+server = 627-version-negotiation-server
+client = 627-version-negotiation-client
+
+[627-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[627-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-627]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[628-version-negotiation]
+ssl_conf = 628-version-negotiation-ssl
+
+[628-version-negotiation-ssl]
+server = 628-version-negotiation-server
+client = 628-version-negotiation-client
+
+[628-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[628-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-628]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[629-version-negotiation]
+ssl_conf = 629-version-negotiation-ssl
+
+[629-version-negotiation-ssl]
+server = 629-version-negotiation-server
+client = 629-version-negotiation-client
+
+[629-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[629-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-629]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[630-version-negotiation]
+ssl_conf = 630-version-negotiation-ssl
+
+[630-version-negotiation-ssl]
+server = 630-version-negotiation-server
+client = 630-version-negotiation-client
+
+[630-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[630-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-630]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[631-version-negotiation]
+ssl_conf = 631-version-negotiation-ssl
+
+[631-version-negotiation-ssl]
+server = 631-version-negotiation-server
+client = 631-version-negotiation-client
+
+[631-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[631-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-631]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[632-version-negotiation]
+ssl_conf = 632-version-negotiation-ssl
+
+[632-version-negotiation-ssl]
+server = 632-version-negotiation-server
+client = 632-version-negotiation-client
+
+[632-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[632-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-632]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[633-version-negotiation]
+ssl_conf = 633-version-negotiation-ssl
+
+[633-version-negotiation-ssl]
+server = 633-version-negotiation-server
+client = 633-version-negotiation-client
+
+[633-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[633-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-633]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[634-version-negotiation]
+ssl_conf = 634-version-negotiation-ssl
+
+[634-version-negotiation-ssl]
+server = 634-version-negotiation-server
+client = 634-version-negotiation-client
+
+[634-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[634-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-634]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[635-version-negotiation]
+ssl_conf = 635-version-negotiation-ssl
+
+[635-version-negotiation-ssl]
+server = 635-version-negotiation-server
+client = 635-version-negotiation-client
+
+[635-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[635-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-635]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[636-version-negotiation]
+ssl_conf = 636-version-negotiation-ssl
+
+[636-version-negotiation-ssl]
+server = 636-version-negotiation-server
+client = 636-version-negotiation-client
+
+[636-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[636-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-636]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[637-version-negotiation]
+ssl_conf = 637-version-negotiation-ssl
+
+[637-version-negotiation-ssl]
+server = 637-version-negotiation-server
+client = 637-version-negotiation-client
+
+[637-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[637-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-637]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[638-version-negotiation]
+ssl_conf = 638-version-negotiation-ssl
+
+[638-version-negotiation-ssl]
+server = 638-version-negotiation-server
+client = 638-version-negotiation-client
+
+[638-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[638-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-638]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[639-version-negotiation]
+ssl_conf = 639-version-negotiation-ssl
+
+[639-version-negotiation-ssl]
+server = 639-version-negotiation-server
+client = 639-version-negotiation-client
+
+[639-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[639-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-639]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[640-version-negotiation]
+ssl_conf = 640-version-negotiation-ssl
+
+[640-version-negotiation-ssl]
+server = 640-version-negotiation-server
+client = 640-version-negotiation-client
+
+[640-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[640-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-640]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[641-version-negotiation]
+ssl_conf = 641-version-negotiation-ssl
+
+[641-version-negotiation-ssl]
+server = 641-version-negotiation-server
+client = 641-version-negotiation-client
+
+[641-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[641-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-641]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[642-version-negotiation]
+ssl_conf = 642-version-negotiation-ssl
+
+[642-version-negotiation-ssl]
+server = 642-version-negotiation-server
+client = 642-version-negotiation-client
+
+[642-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[642-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-642]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[643-version-negotiation]
+ssl_conf = 643-version-negotiation-ssl
+
+[643-version-negotiation-ssl]
+server = 643-version-negotiation-server
+client = 643-version-negotiation-client
+
+[643-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[643-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-643]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[644-version-negotiation]
+ssl_conf = 644-version-negotiation-ssl
+
+[644-version-negotiation-ssl]
+server = 644-version-negotiation-server
+client = 644-version-negotiation-client
+
+[644-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[644-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-644]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[645-version-negotiation]
+ssl_conf = 645-version-negotiation-ssl
+
+[645-version-negotiation-ssl]
+server = 645-version-negotiation-server
+client = 645-version-negotiation-client
+
+[645-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[645-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-645]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[646-version-negotiation]
+ssl_conf = 646-version-negotiation-ssl
+
+[646-version-negotiation-ssl]
+server = 646-version-negotiation-server
+client = 646-version-negotiation-client
+
+[646-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[646-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-646]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[647-version-negotiation]
+ssl_conf = 647-version-negotiation-ssl
+
+[647-version-negotiation-ssl]
+server = 647-version-negotiation-server
+client = 647-version-negotiation-client
+
+[647-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[647-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-647]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[648-version-negotiation]
+ssl_conf = 648-version-negotiation-ssl
+
+[648-version-negotiation-ssl]
+server = 648-version-negotiation-server
+client = 648-version-negotiation-client
+
+[648-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[648-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-648]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[649-version-negotiation]
+ssl_conf = 649-version-negotiation-ssl
+
+[649-version-negotiation-ssl]
+server = 649-version-negotiation-server
+client = 649-version-negotiation-client
+
+[649-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[649-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-649]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[650-version-negotiation]
+ssl_conf = 650-version-negotiation-ssl
+
+[650-version-negotiation-ssl]
+server = 650-version-negotiation-server
+client = 650-version-negotiation-client
+
+[650-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[650-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-650]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[651-version-negotiation]
+ssl_conf = 651-version-negotiation-ssl
+
+[651-version-negotiation-ssl]
+server = 651-version-negotiation-server
+client = 651-version-negotiation-client
+
+[651-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[651-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-651]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[652-version-negotiation]
+ssl_conf = 652-version-negotiation-ssl
+
+[652-version-negotiation-ssl]
+server = 652-version-negotiation-server
+client = 652-version-negotiation-client
+
+[652-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[652-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-652]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[653-version-negotiation]
+ssl_conf = 653-version-negotiation-ssl
+
+[653-version-negotiation-ssl]
+server = 653-version-negotiation-server
+client = 653-version-negotiation-client
+
+[653-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[653-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-653]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[654-version-negotiation]
+ssl_conf = 654-version-negotiation-ssl
+
+[654-version-negotiation-ssl]
+server = 654-version-negotiation-server
+client = 654-version-negotiation-client
+
+[654-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[654-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-654]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[655-version-negotiation]
+ssl_conf = 655-version-negotiation-ssl
+
+[655-version-negotiation-ssl]
+server = 655-version-negotiation-server
+client = 655-version-negotiation-client
+
+[655-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[655-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-655]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[656-version-negotiation]
+ssl_conf = 656-version-negotiation-ssl
+
+[656-version-negotiation-ssl]
+server = 656-version-negotiation-server
+client = 656-version-negotiation-client
+
+[656-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[656-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-656]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[657-version-negotiation]
+ssl_conf = 657-version-negotiation-ssl
+
+[657-version-negotiation-ssl]
+server = 657-version-negotiation-server
+client = 657-version-negotiation-client
+
+[657-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[657-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-657]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[658-version-negotiation]
+ssl_conf = 658-version-negotiation-ssl
+
+[658-version-negotiation-ssl]
+server = 658-version-negotiation-server
+client = 658-version-negotiation-client
+
+[658-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[658-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-658]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[659-version-negotiation]
+ssl_conf = 659-version-negotiation-ssl
+
+[659-version-negotiation-ssl]
+server = 659-version-negotiation-server
+client = 659-version-negotiation-client
+
+[659-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[659-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-659]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[660-version-negotiation]
+ssl_conf = 660-version-negotiation-ssl
+
+[660-version-negotiation-ssl]
+server = 660-version-negotiation-server
+client = 660-version-negotiation-client
+
+[660-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[660-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-660]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[661-version-negotiation]
+ssl_conf = 661-version-negotiation-ssl
+
+[661-version-negotiation-ssl]
+server = 661-version-negotiation-server
+client = 661-version-negotiation-client
+
+[661-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[661-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-661]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[662-version-negotiation]
+ssl_conf = 662-version-negotiation-ssl
+
+[662-version-negotiation-ssl]
+server = 662-version-negotiation-server
+client = 662-version-negotiation-client
+
+[662-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[662-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-662]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[663-version-negotiation]
+ssl_conf = 663-version-negotiation-ssl
+
+[663-version-negotiation-ssl]
+server = 663-version-negotiation-server
+client = 663-version-negotiation-client
+
+[663-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[663-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-663]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[664-version-negotiation]
+ssl_conf = 664-version-negotiation-ssl
+
+[664-version-negotiation-ssl]
+server = 664-version-negotiation-server
+client = 664-version-negotiation-client
+
+[664-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[664-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-664]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[665-version-negotiation]
+ssl_conf = 665-version-negotiation-ssl
+
+[665-version-negotiation-ssl]
+server = 665-version-negotiation-server
+client = 665-version-negotiation-client
+
+[665-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[665-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-665]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[666-version-negotiation]
+ssl_conf = 666-version-negotiation-ssl
+
+[666-version-negotiation-ssl]
+server = 666-version-negotiation-server
+client = 666-version-negotiation-client
+
+[666-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[666-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-666]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[667-version-negotiation]
+ssl_conf = 667-version-negotiation-ssl
+
+[667-version-negotiation-ssl]
+server = 667-version-negotiation-server
+client = 667-version-negotiation-client
+
+[667-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[667-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-667]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[668-version-negotiation]
+ssl_conf = 668-version-negotiation-ssl
+
+[668-version-negotiation-ssl]
+server = 668-version-negotiation-server
+client = 668-version-negotiation-client
+
+[668-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[668-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-668]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[669-version-negotiation]
+ssl_conf = 669-version-negotiation-ssl
+
+[669-version-negotiation-ssl]
+server = 669-version-negotiation-server
+client = 669-version-negotiation-client
+
+[669-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[669-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-669]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[670-version-negotiation]
+ssl_conf = 670-version-negotiation-ssl
+
+[670-version-negotiation-ssl]
+server = 670-version-negotiation-server
+client = 670-version-negotiation-client
+
+[670-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[670-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-670]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[671-version-negotiation]
+ssl_conf = 671-version-negotiation-ssl
+
+[671-version-negotiation-ssl]
+server = 671-version-negotiation-server
+client = 671-version-negotiation-client
+
+[671-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[671-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-671]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[672-version-negotiation]
+ssl_conf = 672-version-negotiation-ssl
+
+[672-version-negotiation-ssl]
+server = 672-version-negotiation-server
+client = 672-version-negotiation-client
+
+[672-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[672-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-672]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[673-version-negotiation]
+ssl_conf = 673-version-negotiation-ssl
+
+[673-version-negotiation-ssl]
+server = 673-version-negotiation-server
+client = 673-version-negotiation-client
+
+[673-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[673-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-673]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[674-version-negotiation]
+ssl_conf = 674-version-negotiation-ssl
+
+[674-version-negotiation-ssl]
+server = 674-version-negotiation-server
+client = 674-version-negotiation-client
+
+[674-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[674-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-674]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[675-version-negotiation]
+ssl_conf = 675-version-negotiation-ssl
+
+[675-version-negotiation-ssl]
+server = 675-version-negotiation-server
+client = 675-version-negotiation-client
+
+[675-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[675-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-675]
+ExpectedProtocol = TLSv1.3
 ExpectedResult = Success
 
 

diff --git a/test/ssl-tests/10-resumption.conf b/test/ssl-tests/10-resumption.conf
index b2deee4209fdbae3bd2d746a89d3d90a1bf93497..0a58f48f6271fe58766a83c946b6ebf1915d7399 100644 (file)
--- a/test/ssl-tests/10-resumption.conf
+++ b/test/ssl-tests/10-resumption.conf
@@ -1,6 +1,6 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 36
+num_tests = 64
 
 test-0 = 0-resumption
 test-1 = 1-resumption
@@ -38,6 +38,34 @@ test-32 = 32-resumption
 test-33 = 33-resumption
 test-34 = 34-resumption
 test-35 = 35-resumption
+test-36 = 36-resumption
+test-37 = 37-resumption
+test-38 = 38-resumption
+test-39 = 39-resumption
+test-40 = 40-resumption
+test-41 = 41-resumption
+test-42 = 42-resumption
+test-43 = 43-resumption
+test-44 = 44-resumption
+test-45 = 45-resumption
+test-46 = 46-resumption
+test-47 = 47-resumption
+test-48 = 48-resumption
+test-49 = 49-resumption
+test-50 = 50-resumption
+test-51 = 51-resumption
+test-52 = 52-resumption
+test-53 = 53-resumption
+test-54 = 54-resumption
+test-55 = 55-resumption
+test-56 = 56-resumption
+test-57 = 57-resumption
+test-58 = 58-resumption
+test-59 = 59-resumption
+test-60 = 60-resumption
+test-61 = 61-resumption
+test-62 = 62-resumption
+test-63 = 63-resumption
 # ===========================================================
 
 [0-resumption]
@@ -268,15 +296,15 @@ resume-client = 6-resumption-client
 [6-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [6-resumption-resume-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [6-resumption-client]
@@ -285,7 +313,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-6]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
 HandshakeMode = Resume
 ResumptionExpected = No
 
@@ -304,15 +332,15 @@ resume-client = 7-resumption-client
 [7-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [7-resumption-resume-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [7-resumption-client]
@@ -321,7 +349,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-7]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
 HandshakeMode = Resume
 ResumptionExpected = No
 
@@ -348,7 +376,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 [8-resumption-resume-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [8-resumption-client]
@@ -357,9 +385,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-8]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
 
 
 # ===========================================================
@@ -384,7 +412,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 [9-resumption-resume-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [9-resumption-client]
@@ -393,9 +421,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-9]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
 
 
 # ===========================================================
@@ -420,7 +448,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 [10-resumption-resume-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [10-resumption-client]
@@ -429,9 +457,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-10]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
 
 
 # ===========================================================
@@ -456,7 +484,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 [11-resumption-resume-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [11-resumption-client]
@@ -465,9 +493,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-11]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
 
 
 # ===========================================================
@@ -484,15 +512,15 @@ resume-client = 12-resumption-client
 [12-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [12-resumption-resume-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [12-resumption-client]
@@ -501,7 +529,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-12]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 HandshakeMode = Resume
 ResumptionExpected = No
 
@@ -520,15 +548,15 @@ resume-client = 13-resumption-client
 [13-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [13-resumption-resume-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [13-resumption-client]
@@ -537,7 +565,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-13]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
 HandshakeMode = Resume
 ResumptionExpected = No
 
@@ -556,15 +584,15 @@ resume-client = 14-resumption-client
 [14-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [14-resumption-resume-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [14-resumption-client]
@@ -573,7 +601,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-14]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 HandshakeMode = Resume
 ResumptionExpected = No
 
@@ -592,15 +620,15 @@ resume-client = 15-resumption-client
 [15-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [15-resumption-resume-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [15-resumption-client]
@@ -609,7 +637,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-15]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
 HandshakeMode = Resume
 ResumptionExpected = No
 
@@ -636,7 +664,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 [16-resumption-resume-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [16-resumption-client]
@@ -645,9 +673,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-16]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
 
 
 # ===========================================================
@@ -672,7 +700,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 [17-resumption-resume-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [17-resumption-client]
@@ -681,9 +709,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-17]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
 HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
 
 
 # ===========================================================
@@ -694,32 +722,32 @@ ssl_conf = 18-resumption-ssl
 [18-resumption-ssl]
 server = 18-resumption-server
 client = 18-resumption-client
-resume-server = 18-resumption-server
-resume-client = 18-resumption-resume-client
+resume-server = 18-resumption-resume-server
+resume-client = 18-resumption-client
 
 [18-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[18-resumption-client]
+[18-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[18-resumption-resume-client]
+[18-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-18]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
 
 
 # ===========================================================
@@ -730,32 +758,32 @@ ssl_conf = 19-resumption-ssl
 [19-resumption-ssl]
 server = 19-resumption-server
 client = 19-resumption-client
-resume-server = 19-resumption-server
-resume-client = 19-resumption-resume-client
+resume-server = 19-resumption-resume-server
+resume-client = 19-resumption-client
 
 [19-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[19-resumption-client]
+[19-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[19-resumption-resume-client]
+[19-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-19]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
 HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
 
 
 # ===========================================================
@@ -766,32 +794,32 @@ ssl_conf = 20-resumption-ssl
 [20-resumption-ssl]
 server = 20-resumption-server
 client = 20-resumption-client
-resume-server = 20-resumption-server
-resume-client = 20-resumption-resume-client
+resume-server = 20-resumption-resume-server
+resume-client = 20-resumption-client
 
 [20-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[20-resumption-client]
+[20-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[20-resumption-resume-client]
+[20-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-20]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
 
 
 # ===========================================================
@@ -802,32 +830,32 @@ ssl_conf = 21-resumption-ssl
 [21-resumption-ssl]
 server = 21-resumption-server
 client = 21-resumption-client
-resume-server = 21-resumption-server
-resume-client = 21-resumption-resume-client
+resume-server = 21-resumption-resume-server
+resume-client = 21-resumption-client
 
 [21-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[21-resumption-client]
+[21-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[21-resumption-resume-client]
+[21-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-21]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
 HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
 
 
 # ===========================================================
@@ -838,30 +866,30 @@ ssl_conf = 22-resumption-ssl
 [22-resumption-ssl]
 server = 22-resumption-server
 client = 22-resumption-client
-resume-server = 22-resumption-server
-resume-client = 22-resumption-resume-client
+resume-server = 22-resumption-resume-server
+resume-client = 22-resumption-client
 
 [22-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[22-resumption-client]
+[22-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[22-resumption-resume-client]
+[22-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-22]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
 HandshakeMode = Resume
 ResumptionExpected = No
 
@@ -874,30 +902,30 @@ ssl_conf = 23-resumption-ssl
 [23-resumption-ssl]
 server = 23-resumption-server
 client = 23-resumption-client
-resume-server = 23-resumption-server
-resume-client = 23-resumption-resume-client
+resume-server = 23-resumption-resume-server
+resume-client = 23-resumption-client
 
 [23-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[23-resumption-client]
+[23-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[23-resumption-resume-client]
+[23-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-23]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
 HandshakeMode = Resume
 ResumptionExpected = No
 
@@ -910,25 +938,25 @@ ssl_conf = 24-resumption-ssl
 [24-resumption-ssl]
 server = 24-resumption-server
 client = 24-resumption-client
-resume-server = 24-resumption-server
-resume-client = 24-resumption-resume-client
+resume-server = 24-resumption-resume-server
+resume-client = 24-resumption-client
 
 [24-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[24-resumption-client]
+[24-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[24-resumption-resume-client]
+[24-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -946,25 +974,25 @@ ssl_conf = 25-resumption-ssl
 [25-resumption-ssl]
 server = 25-resumption-server
 client = 25-resumption-client
-resume-server = 25-resumption-server
-resume-client = 25-resumption-resume-client
+resume-server = 25-resumption-resume-server
+resume-client = 25-resumption-client
 
 [25-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[25-resumption-client]
+[25-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[25-resumption-resume-client]
+[25-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -982,32 +1010,32 @@ ssl_conf = 26-resumption-ssl
 [26-resumption-ssl]
 server = 26-resumption-server
 client = 26-resumption-client
-resume-server = 26-resumption-server
-resume-client = 26-resumption-resume-client
+resume-server = 26-resumption-resume-server
+resume-client = 26-resumption-client
 
 [26-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[26-resumption-client]
+[26-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[26-resumption-resume-client]
+[26-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-26]
 ExpectedProtocol = TLSv1.1
 HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
 
 
 # ===========================================================
@@ -1018,32 +1046,32 @@ ssl_conf = 27-resumption-ssl
 [27-resumption-ssl]
 server = 27-resumption-server
 client = 27-resumption-client
-resume-server = 27-resumption-server
-resume-client = 27-resumption-resume-client
+resume-server = 27-resumption-resume-server
+resume-client = 27-resumption-client
 
 [27-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[27-resumption-client]
+[27-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[27-resumption-resume-client]
+[27-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-27]
 ExpectedProtocol = TLSv1.1
 HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
 
 
 # ===========================================================
@@ -1054,25 +1082,25 @@ ssl_conf = 28-resumption-ssl
 [28-resumption-ssl]
 server = 28-resumption-server
 client = 28-resumption-client
-resume-server = 28-resumption-server
-resume-client = 28-resumption-resume-client
+resume-server = 28-resumption-resume-server
+resume-client = 28-resumption-client
 
 [28-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[28-resumption-client]
+[28-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[28-resumption-resume-client]
+[28-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -1090,25 +1118,25 @@ ssl_conf = 29-resumption-ssl
 [29-resumption-ssl]
 server = 29-resumption-server
 client = 29-resumption-client
-resume-server = 29-resumption-server
-resume-client = 29-resumption-resume-client
+resume-server = 29-resumption-resume-server
+resume-client = 29-resumption-client
 
 [29-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[29-resumption-client]
+[29-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[29-resumption-resume-client]
+[29-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -1126,32 +1154,32 @@ ssl_conf = 30-resumption-ssl
 [30-resumption-ssl]
 server = 30-resumption-server
 client = 30-resumption-client
-resume-server = 30-resumption-server
-resume-client = 30-resumption-resume-client
+resume-server = 30-resumption-resume-server
+resume-client = 30-resumption-client
 
 [30-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 Options = SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[30-resumption-client]
+[30-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[30-resumption-resume-client]
+[30-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-30]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
 HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
 
 
 # ===========================================================
@@ -1162,32 +1190,32 @@ ssl_conf = 31-resumption-ssl
 [31-resumption-ssl]
 server = 31-resumption-server
 client = 31-resumption-client
-resume-server = 31-resumption-server
-resume-client = 31-resumption-resume-client
+resume-server = 31-resumption-resume-server
+resume-client = 31-resumption-client
 
 [31-resumption-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
 Options = -SessionTicket
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[31-resumption-client]
+[31-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
-[31-resumption-resume-client]
+[31-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-31]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
 HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
 
 
 # ===========================================================
@@ -1209,21 +1237,21 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [32-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [32-resumption-resume-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-32]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
 
 
 # ===========================================================
@@ -1245,21 +1273,21 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [33-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [33-resumption-resume-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-33]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
 HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
 
 
 # ===========================================================
@@ -1281,21 +1309,21 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [34-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [34-resumption-resume-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-34]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
 HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
 
 
 # ===========================================================
@@ -1317,20 +1345,1028 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [35-resumption-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [35-resumption-resume-client]
 CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
 [test-35]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[36-resumption]
+ssl_conf = 36-resumption-ssl
+
+[36-resumption-ssl]
+server = 36-resumption-server
+client = 36-resumption-client
+resume-server = 36-resumption-server
+resume-client = 36-resumption-resume-client
+
+[36-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[36-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[36-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-36]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[37-resumption]
+ssl_conf = 37-resumption-ssl
+
+[37-resumption-ssl]
+server = 37-resumption-server
+client = 37-resumption-client
+resume-server = 37-resumption-server
+resume-client = 37-resumption-resume-client
+
+[37-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[37-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[37-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-37]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[38-resumption]
+ssl_conf = 38-resumption-ssl
+
+[38-resumption-ssl]
+server = 38-resumption-server
+client = 38-resumption-client
+resume-server = 38-resumption-server
+resume-client = 38-resumption-resume-client
+
+[38-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[38-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[38-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-38]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[39-resumption]
+ssl_conf = 39-resumption-ssl
+
+[39-resumption-ssl]
+server = 39-resumption-server
+client = 39-resumption-client
+resume-server = 39-resumption-server
+resume-client = 39-resumption-resume-client
+
+[39-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[39-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[39-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-39]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[40-resumption]
+ssl_conf = 40-resumption-ssl
+
+[40-resumption-ssl]
+server = 40-resumption-server
+client = 40-resumption-client
+resume-server = 40-resumption-server
+resume-client = 40-resumption-resume-client
+
+[40-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[40-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[40-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-40]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[41-resumption]
+ssl_conf = 41-resumption-ssl
+
+[41-resumption-ssl]
+server = 41-resumption-server
+client = 41-resumption-client
+resume-server = 41-resumption-server
+resume-client = 41-resumption-resume-client
+
+[41-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[41-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[41-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-41]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[42-resumption]
+ssl_conf = 42-resumption-ssl
+
+[42-resumption-ssl]
+server = 42-resumption-server
+client = 42-resumption-client
+resume-server = 42-resumption-server
+resume-client = 42-resumption-resume-client
+
+[42-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[42-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[42-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-42]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[43-resumption]
+ssl_conf = 43-resumption-ssl
+
+[43-resumption-ssl]
+server = 43-resumption-server
+client = 43-resumption-client
+resume-server = 43-resumption-server
+resume-client = 43-resumption-resume-client
+
+[43-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[43-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[43-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-43]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[44-resumption]
+ssl_conf = 44-resumption-ssl
+
+[44-resumption-ssl]
+server = 44-resumption-server
+client = 44-resumption-client
+resume-server = 44-resumption-server
+resume-client = 44-resumption-resume-client
+
+[44-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[44-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[44-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-44]
 ExpectedProtocol = TLSv1.2
 HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[45-resumption]
+ssl_conf = 45-resumption-ssl
+
+[45-resumption-ssl]
+server = 45-resumption-server
+client = 45-resumption-client
+resume-server = 45-resumption-server
+resume-client = 45-resumption-resume-client
+
+[45-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[45-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[45-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-45]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[46-resumption]
+ssl_conf = 46-resumption-ssl
+
+[46-resumption-ssl]
+server = 46-resumption-server
+client = 46-resumption-client
+resume-server = 46-resumption-server
+resume-client = 46-resumption-resume-client
+
+[46-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[46-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[46-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-46]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[47-resumption]
+ssl_conf = 47-resumption-ssl
+
+[47-resumption-ssl]
+server = 47-resumption-server
+client = 47-resumption-client
+resume-server = 47-resumption-server
+resume-client = 47-resumption-resume-client
+
+[47-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[47-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[47-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-47]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[48-resumption]
+ssl_conf = 48-resumption-ssl
+
+[48-resumption-ssl]
+server = 48-resumption-server
+client = 48-resumption-client
+resume-server = 48-resumption-server
+resume-client = 48-resumption-resume-client
+
+[48-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[48-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[48-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-48]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[49-resumption]
+ssl_conf = 49-resumption-ssl
+
+[49-resumption-ssl]
+server = 49-resumption-server
+client = 49-resumption-client
+resume-server = 49-resumption-server
+resume-client = 49-resumption-resume-client
+
+[49-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[49-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[49-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-49]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[50-resumption]
+ssl_conf = 50-resumption-ssl
+
+[50-resumption-ssl]
+server = 50-resumption-server
+client = 50-resumption-client
+resume-server = 50-resumption-server
+resume-client = 50-resumption-resume-client
+
+[50-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[50-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[50-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-50]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[51-resumption]
+ssl_conf = 51-resumption-ssl
+
+[51-resumption-ssl]
+server = 51-resumption-server
+client = 51-resumption-client
+resume-server = 51-resumption-server
+resume-client = 51-resumption-resume-client
+
+[51-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[51-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[51-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-51]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[52-resumption]
+ssl_conf = 52-resumption-ssl
+
+[52-resumption-ssl]
+server = 52-resumption-server
+client = 52-resumption-client
+resume-server = 52-resumption-server
+resume-client = 52-resumption-resume-client
+
+[52-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[52-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[52-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-52]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[53-resumption]
+ssl_conf = 53-resumption-ssl
+
+[53-resumption-ssl]
+server = 53-resumption-server
+client = 53-resumption-client
+resume-server = 53-resumption-server
+resume-client = 53-resumption-resume-client
+
+[53-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[53-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[53-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-53]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[54-resumption]
+ssl_conf = 54-resumption-ssl
+
+[54-resumption-ssl]
+server = 54-resumption-server
+client = 54-resumption-client
+resume-server = 54-resumption-server
+resume-client = 54-resumption-resume-client
+
+[54-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[54-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[54-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-54]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[55-resumption]
+ssl_conf = 55-resumption-ssl
+
+[55-resumption-ssl]
+server = 55-resumption-server
+client = 55-resumption-client
+resume-server = 55-resumption-server
+resume-client = 55-resumption-resume-client
+
+[55-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[55-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[55-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-55]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[56-resumption]
+ssl_conf = 56-resumption-ssl
+
+[56-resumption-ssl]
+server = 56-resumption-server
+client = 56-resumption-client
+resume-server = 56-resumption-server
+resume-client = 56-resumption-resume-client
+
+[56-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[56-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[56-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-56]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[57-resumption]
+ssl_conf = 57-resumption-ssl
+
+[57-resumption-ssl]
+server = 57-resumption-server
+client = 57-resumption-client
+resume-server = 57-resumption-server
+resume-client = 57-resumption-resume-client
+
+[57-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[57-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[57-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-57]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[58-resumption]
+ssl_conf = 58-resumption-ssl
+
+[58-resumption-ssl]
+server = 58-resumption-server
+client = 58-resumption-client
+resume-server = 58-resumption-server
+resume-client = 58-resumption-resume-client
+
+[58-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[58-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[58-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-58]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[59-resumption]
+ssl_conf = 59-resumption-ssl
+
+[59-resumption-ssl]
+server = 59-resumption-server
+client = 59-resumption-client
+resume-server = 59-resumption-server
+resume-client = 59-resumption-resume-client
+
+[59-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[59-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[59-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-59]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[60-resumption]
+ssl_conf = 60-resumption-ssl
+
+[60-resumption-ssl]
+server = 60-resumption-server
+client = 60-resumption-client
+resume-server = 60-resumption-server
+resume-client = 60-resumption-resume-client
+
+[60-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[60-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[60-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-60]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[61-resumption]
+ssl_conf = 61-resumption-ssl
+
+[61-resumption-ssl]
+server = 61-resumption-server
+client = 61-resumption-client
+resume-server = 61-resumption-server
+resume-client = 61-resumption-resume-client
+
+[61-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[61-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[61-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-61]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[62-resumption]
+ssl_conf = 62-resumption-ssl
+
+[62-resumption-ssl]
+server = 62-resumption-server
+client = 62-resumption-client
+resume-server = 62-resumption-server
+resume-client = 62-resumption-resume-client
+
+[62-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[62-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[62-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-62]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[63-resumption]
+ssl_conf = 63-resumption-ssl
+
+[63-resumption-ssl]
+server = 63-resumption-server
+client = 63-resumption-client
+resume-server = 63-resumption-server
+resume-client = 63-resumption-resume-client
+
+[63-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[63-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[63-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-63]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
 ResumptionExpected = Yes
 
 

diff --git a/test/ssl-tests/13-fragmentation.conf b/test/ssl-tests/13-fragmentation.conf
index 4c1e9e2b3389431d78b3124fefb7d5d2668f7ec3..14aec20f70defb71cbe4d82c2397c202774ad99f 100644 (file)
--- a/test/ssl-tests/13-fragmentation.conf
+++ b/test/ssl-tests/13-fragmentation.conf
@@ -267,6 +267,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [10-large-app-data-aes-sha1-multibuffer-client]
 CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -291,6 +292,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [11-large-app-data-aes-sha2-multibuffer-client]
 CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -315,6 +317,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [12-large-app-data-aes-sha1-multibuffer-odd-fragment-client]
 CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -339,6 +342,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [13-large-app-data-aes-sha2-multibuffer-odd-fragment-client]
 CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -363,6 +367,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [14-small-app-data-aes-sha1-multibuffer-client]
 CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 
@@ -387,6 +392,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [15-small-app-data-aes-sha2-multibuffer-client]
 CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 VerifyMode = Peer
 

diff --git a/test/ssl-tests/13-fragmentation.conf.in b/test/ssl-tests/13-fragmentation.conf.in
index 645163ca893c0dd2ac554813c33e8065b04aa24a..ae6446ed3469492377771669121fb4459bbce020 100644 (file)
--- a/test/ssl-tests/13-fragmentation.conf.in
+++ b/test/ssl-tests/13-fragmentation.conf.in
@@ -114,6 +114,7 @@ our @tests = (
         server => { },
         client => {
             CipherString => "AES128-SHA",
+            MaxProtocol => "TLSv1.2"
         },
         test => {
             ApplicationData => 1024 * 1024,
@@ -125,6 +126,7 @@ our @tests = (
         server => { },
         client => {
             CipherString => "AES128-SHA256",
+            MaxProtocol => "TLSv1.2"
         },
         test => {
             ApplicationData => 1024 * 1024,
@@ -136,6 +138,7 @@ our @tests = (
         server => { },
         client => {
             CipherString => "AES128-SHA",
+            MaxProtocol => "TLSv1.2"
         },
         test => {
             ApplicationData => 1024 * 1024 + 3,
@@ -147,6 +150,7 @@ our @tests = (
         server => { },
         client => {
             CipherString => "AES128-SHA256",
+            MaxProtocol => "TLSv1.2"
         },
         test => {
             ApplicationData => 1024 * 1024 - 3,
@@ -161,6 +165,7 @@ our @tests = (
         server => { },
         client => {
             CipherString => "AES128-SHA",
+            MaxProtocol => "TLSv1.2"
         },
         test => {
             ApplicationData => 4 * 1024,
@@ -172,6 +177,7 @@ our @tests = (
         server => { },
         client => {
             CipherString => "AES128-SHA256",
+            MaxProtocol => "TLSv1.2"
         },
         test => {
             ApplicationData => 4 * 1024,

diff --git a/test/ssl-tests/14-curves.conf b/test/ssl-tests/14-curves.conf
index d4c19c7a70fa7cde3ea07330ef5fdae8e28b5bf6..17d00b58a78c0528d5fa2ab314f72b59aa855c75 100644 (file)
--- a/test/ssl-tests/14-curves.conf
+++ b/test/ssl-tests/14-curves.conf
@@ -44,6 +44,7 @@ client = 0-curve-sect163k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect163k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [0-curve-sect163k1-client]
@@ -69,6 +70,7 @@ client = 1-curve-sect163r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect163r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [1-curve-sect163r1-client]
@@ -94,6 +96,7 @@ client = 2-curve-sect163r2-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect163r2
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [2-curve-sect163r2-client]
@@ -119,6 +122,7 @@ client = 3-curve-sect193r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect193r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [3-curve-sect193r1-client]
@@ -144,6 +148,7 @@ client = 4-curve-sect193r2-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect193r2
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [4-curve-sect193r2-client]
@@ -169,6 +174,7 @@ client = 5-curve-sect233k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect233k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [5-curve-sect233k1-client]
@@ -194,6 +200,7 @@ client = 6-curve-sect233r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect233r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [6-curve-sect233r1-client]
@@ -219,6 +226,7 @@ client = 7-curve-sect239k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect239k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [7-curve-sect239k1-client]
@@ -244,6 +252,7 @@ client = 8-curve-sect283k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect283k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [8-curve-sect283k1-client]
@@ -269,6 +278,7 @@ client = 9-curve-sect283r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect283r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [9-curve-sect283r1-client]
@@ -294,6 +304,7 @@ client = 10-curve-sect409k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect409k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [10-curve-sect409k1-client]
@@ -319,6 +330,7 @@ client = 11-curve-sect409r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect409r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [11-curve-sect409r1-client]
@@ -344,6 +356,7 @@ client = 12-curve-sect571k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect571k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [12-curve-sect571k1-client]
@@ -369,6 +382,7 @@ client = 13-curve-sect571r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = sect571r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [13-curve-sect571r1-client]
@@ -394,6 +408,7 @@ client = 14-curve-secp160k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp160k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [14-curve-secp160k1-client]
@@ -419,6 +434,7 @@ client = 15-curve-secp160r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp160r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [15-curve-secp160r1-client]
@@ -444,6 +460,7 @@ client = 16-curve-secp160r2-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp160r2
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [16-curve-secp160r2-client]
@@ -469,6 +486,7 @@ client = 17-curve-secp192k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp192k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [17-curve-secp192k1-client]
@@ -494,6 +512,7 @@ client = 18-curve-prime192v1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = prime192v1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [18-curve-prime192v1-client]
@@ -519,6 +538,7 @@ client = 19-curve-secp224k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp224k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [19-curve-secp224k1-client]
@@ -544,6 +564,7 @@ client = 20-curve-secp224r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp224r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [20-curve-secp224r1-client]
@@ -569,6 +590,7 @@ client = 21-curve-secp256k1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp256k1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [21-curve-secp256k1-client]
@@ -594,6 +616,7 @@ client = 22-curve-prime256v1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = prime256v1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [22-curve-prime256v1-client]
@@ -619,6 +642,7 @@ client = 23-curve-secp384r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp384r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [23-curve-secp384r1-client]
@@ -644,6 +668,7 @@ client = 24-curve-secp521r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = secp521r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [24-curve-secp521r1-client]
@@ -669,6 +694,7 @@ client = 25-curve-brainpoolP256r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = brainpoolP256r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [25-curve-brainpoolP256r1-client]
@@ -694,6 +720,7 @@ client = 26-curve-brainpoolP384r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = brainpoolP384r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [26-curve-brainpoolP384r1-client]
@@ -719,6 +746,7 @@ client = 27-curve-brainpoolP512r1-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = brainpoolP512r1
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [27-curve-brainpoolP512r1-client]
@@ -744,6 +772,7 @@ client = 28-curve-X25519-client
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
 Curves = X25519
+MaxProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 
 [28-curve-X25519-client]

diff --git a/test/ssl-tests/14-curves.conf.in b/test/ssl-tests/14-curves.conf.in
index f39ff7d22af7b7cfed94ebe19ab7bb4edcd7d2e7..dec2be210cad87e03194fb90c9a1ed2ac4c053a1 100644 (file)
--- a/test/ssl-tests/14-curves.conf.in
+++ b/test/ssl-tests/14-curves.conf.in
@@ -27,7 +27,9 @@ sub generate_tests() {
         push @tests, {
            name => "curve-${curve}",
             server => {
-                "Curves" => $curve
+                "Curves" => $curve,
+                # TODO(TLS1.3): Can we get this to work for TLSv1.3?
+                "MaxProtocol" => "TLSv1.2"
             },
             client => {
                "CipherString" => "ECDHE",

diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm
index c7113629496fcfd76538e2f0c9b1e6d984c9c7c8..7146b8a54ee417245577f4cc19a1716485656b61 100644 (file)
--- a/test/ssl-tests/protocol_version.pm
+++ b/test/ssl-tests/protocol_version.pm
@@ -20,12 +20,12 @@ use OpenSSL::Test;
 use OpenSSL::Test::Utils qw/anydisabled alldisabled/;
 setup("no_test_here");
 
-my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
+my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
 # undef stands for "no limit".
-my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2");
-my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef);
+my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
+my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", undef);
 
-my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2");
+my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3");
 
 my $min_tls_enabled; my $max_tls_enabled;
 
@@ -74,7 +74,7 @@ foreach my $i (0..$#dtls_protocols) {
 sub no_tests {
     my ($dtls) = @_;
     return $dtls ? alldisabled("dtls1", "dtls1_2") :
-      alldisabled("ssl3", "tls1", "tls1_1", "tls1_2");
+      alldisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3");
 }
 
 sub generate_version_tests {
@@ -234,9 +234,15 @@ sub expected_result {
         # Server doesn't support the client range.
         return ("ServerFail", undef);
     } elsif ($c_min > $s_max) {
-        # Server will try with a version that is lower than the lowest
-        # supported client version.
-        return ("ClientFail", undef);
+        my @prots = @$protocols;
+        if ($prots[$c_min] eq "TLSv1.3") {
+            # Client won't have sent any ciphersuite the server recognises
+                        return ("ServerFail", undef);
+        } else {
+            # Server will try with a version that is lower than the lowest
+            # supported client version.
+            return ("ClientFail", undef);
+        }
     } else {
         # Server and client ranges overlap.
         my $max_common = $s_max < $c_max ? $s_max : $c_max;

diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c
index 0a528d805b47ad9f56a422f4f56a3dda3dc86a19..e8f29433da5a86e78c2d5f25d3d3a7d300c15d6b 100644 (file)
--- a/test/ssl_test_ctx.c
+++ b/test/ssl_test_ctx.c
@@ -152,6 +152,7 @@ const char *ssl_alert_name(int alert)
 /********************/
 
 static const test_enum ssl_protocols[] = {
+     {"TLSv1.3", TLS1_3_VERSION},
      {"TLSv1.2", TLS1_2_VERSION},
      {"TLSv1.1", TLS1_1_VERSION},
      {"TLSv1", TLS1_VERSION},

diff --git a/test/ssltest_old.c b/test/ssltest_old.c
index 6a5cd7038d9a3d4e39c54ef519c80f59653a10e5..356359d4e39b66ad27cd7ab3740a46c9f3da95d2 100644 (file)
--- a/test/ssltest_old.c
+++ b/test/ssltest_old.c
@@ -886,6 +886,7 @@ static int protocol_from_string(const char *value)
         {"tls1", TLS1_VERSION},
         {"tls1.1", TLS1_1_VERSION},
         {"tls1.2", TLS1_2_VERSION},
+        {"tls1.3", TLS1_3_VERSION},
         {"dtls1", DTLS1_VERSION},
         {"dtls1.2", DTLS1_2_VERSION}};
     size_t i;
@@ -958,7 +959,7 @@ int main(int argc, char *argv[])
     int badop = 0;
     enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
     int force = 0;
-    int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, ssl3 = 0, ret = 1;
+    int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0, ret = 1;
     int client_auth = 0;
     int server_auth = 0, i;
     struct app_verify_arg app_verify_arg =
@@ -1123,7 +1124,9 @@ int main(int argc, char *argv[])
             min_version = TLS1_VERSION;
         }
 #endif
-        else if (strcmp(*argv, "-tls1") == 0) {
+        else if (strcmp(*argv, "-tls1_2") == 0) {
+            tls1_2 = 1;
+        } else if (strcmp(*argv, "-tls1") == 0) {
             tls1 = 1;
         } else if (strcmp(*argv, "-ssl3") == 0) {
             ssl3 = 1;
@@ -1329,8 +1332,8 @@ int main(int argc, char *argv[])
         goto end;
     }
 
-    if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) {
-        fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should "
+    if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
+        fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
                 "be requested.\n");
         EXIT(1);
     }
@@ -1345,6 +1348,11 @@ int main(int argc, char *argv[])
         no_protocol = 1;
     else
 #endif
+#ifdef OPENSSL_NO_TLS1_2
+    if (tls1_2)
+        no_protocol = 1;
+    else
+#endif
 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
     if (dtls1)
         no_protocol = 1;
@@ -1369,10 +1377,11 @@ int main(int argc, char *argv[])
         goto end;
     }
 
-    if (!ssl3 && !tls1 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
+    if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
+            && !reuse && !force) {
         fprintf(stderr, "This case cannot work.  Use -f to perform "
                 "the test anyway (and\n-d to see what happens), "
-                "or add one of -ssl3, -tls1, -dtls, -dtls1, -dtls12, -reuse\n"
+                "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
                 "to avoid protocol mismatch.\n");
         EXIT(1);
     }
@@ -1435,6 +1444,9 @@ int main(int argc, char *argv[])
     } else if (tls1) {
         min_version = TLS1_VERSION;
         max_version = TLS1_VERSION;
+    } else if (tls1_2) {
+        min_version = TLS1_2_VERSION;
+        max_version = TLS1_2_VERSION;
     }
 #endif
 #ifndef OPENSSL_NO_DTLS

diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm
index eeb83ed74f88950c1f67dabde9276fe5993a8eda..c15019dace64b33ad6426dd3f674a81b9a590d1f 100644 (file)
--- a/util/TLSProxy/Proxy.pm
+++ b/util/TLSProxy/Proxy.pm
@@ -147,8 +147,10 @@ sub start
                 or die "Failed to redirect stdout: $!";
             open(STDERR, ">&STDOUT");
         }
+        # TODO(TLS1.3): Temporarily disabled for TLS1.3...no shared cipher
+        # because the TLS1.3 ciphersuites are not compatible with ossltest
         my $execcmd = $self->execute
-            ." s_server -no_comp -rev -engine ossltest -accept "
+            ." s_server -no_tls1_3 -no_comp -rev -engine ossltest -accept "
             .($self->server_port)
             ." -cert ".$self->cert." -naccept ".$self->serverconnects;
         if ($self->ciphers ne "") {