sources:
- ubuntu-toolchain-r-test
compiler: gcc-5
- env: CONFIG_OPTS="--strict-warnings enable-tls1_3" TESTS="-test_fuzz" COMMENT="Move to the BORINGTEST build when interoperable"
+ env: CONFIG_OPTS="--strict-warnings" TESTS="-test_fuzz" COMMENT="Move to the BORINGTEST build when interoperable"
- os: linux
compiler: clang-3.9
env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes"
Changes between 1.1.0f and 1.1.1 [xx XXX xxxx]
+ *) Support for TLSv1.3 added. Note that users upgrading from an earlier
+ version of OpenSSL should review their configuration settings to ensure
+ that they are still appropriate for TLSv1.3. In particular if no TLSv1.3
+ ciphersuites are enabled then OpenSSL will refuse to make a connection
+ unless (1) TLSv1.3 is explicitly disabled or (2) the ciphersuite
+ configuration is updated to include suitable ciphersuites. The DEFAULT
+ ciphersuite configuration does include TLSv1.3 ciphersuites. For further
+ information on this and other related issues please see:
+ https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/
+
+ NOTE: In this pre-release of OpenSSL a draft version of the
+ TLSv1.3 standard has been implemented. Implementations of different draft
+ versions of the standard do not inter-operate, and this version will not
+ inter-operate with an implementation of the final standard when it is
+ eventually published. Different pre-release versions may implement
+ different versions of the draft. The final version of OpenSSL 1.1.1 will
+ implement the final version of the standard.
+ TODO(TLS1.3): Remove the above note before final release
+ [Matt Caswell]
+
*) Changed Configure so it only says what it does and doesn't dump
so much data. Instead, ./configdata.pm should be used as a script
to display all sorts of configuration data.
"ssl3" => "default",
"ssl3-method" => "default",
"ubsan" => "default",
- #TODO(TLS1.3): Temporarily disabled while this is a WIP
- "tls1_3" => "default",
"tls13downgrade" => "default",
"unit-test" => "default",
"weak-ssl-ciphers" => "default",
likely to complement configuration command line with
suitable compiler-specific option.
- enable-tls1_3
- TODO(TLS1.3): Make this enabled by default
- Build support for TLS1.3. Note: This is a WIP feature and
- only a single draft version is supported. Implementations
- of different draft versions will negotiate TLS 1.2 instead
- of (draft) TLS 1.3. Use with caution!!
-
no-<prot>
Don't build support for negotiating the specified SSL/TLS
- protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls,
- dtls1 or dtls1_2). If "no-tls" is selected then all of tls1,
- tls1_1 and tls1_2 are disabled. Similarly "no-dtls" will
- disable dtls1 and dtls1_2. The "no-ssl" option is synonymous
- with "no-ssl3". Note this only affects version negotiation.
- OpenSSL will still provide the methods for applications to
- explicitly select the individual protocol versions.
+ protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2,
+ tls1_3, dtls, dtls1 or dtls1_2). If "no-tls" is selected then
+ all of tls1, tls1_1, tls1_2 and tls1_3 are disabled.
+ Similarly "no-dtls" will disable dtls1 and dtls1_2. The
+ "no-ssl" option is synonymous with "no-ssl3". Note this only
+ affects version negotiation. OpenSSL will still provide the
+ methods for applications to explicitly select the individual
+ protocol versions.
no-<prot>-method
As for no-<prot> but in addition do not build the methods for
applications to explicitly select individual protocol
- versions.
+ versions. Note that there is no "no-tls1_3-method" option
+ because there is no application method for TLSv1.3. Using
+ invidivial protocol methods directly is deprecated.
+ Applications should use TLS_method() instead.
enable-<alg>
Build with support for the specified algorithm, where <alg>
Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.1 [under development]
+ o Support for TLSv1.3 added
o Move the display of configuration data to configdata.pm.
o Allow GNU style "make variables" to be used with Configure.
o Add a STORE module (OSSL_STORE)
# verify generated sources in the default configuration.
my $is_default_tls = (disabled("ssl3") && !disabled("tls1") &&
!disabled("tls1_1") && !disabled("tls1_2") &&
- disabled("tls1_3"));
+ !disabled("tls1_3"));
my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2"));
# Generated with generate_ssl_tests.pl
-num_tests = 676
+num_tests = 678
test-0 = 0-version-negotiation
test-1 = 1-version-negotiation
test-673 = 673-version-negotiation
test-674 = 674-version-negotiation
test-675 = 675-version-negotiation
+test-676 = 676-ciphersuite-sanity-check-client
+test-677 = 677-ciphersuite-sanity-check-server
# ===========================================================
[0-version-negotiation]
VerifyMode = Peer
[test-108]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-109]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-114]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-115]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-119]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-120]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-123]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-124]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-126]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-127]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-128]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-129]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-134]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-135]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-140]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-141]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-145]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-146]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-149]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-150]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-152]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-153]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-154]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-155]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-264]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-265]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-270]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-271]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-275]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-276]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-279]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-280]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-282]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-283]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-284]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-285]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-290]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-291]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-296]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-297]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-301]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-302]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-305]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-306]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-308]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-309]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-310]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-311]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-394]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-395]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-400]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-401]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-405]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-406]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-409]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-410]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-412]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-413]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-414]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-415]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-420]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-421]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-426]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-427]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-431]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-432]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-435]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-436]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-438]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-439]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-440]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-441]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-495]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-498]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-499]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-501]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-504]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-505]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-506]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-509]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-510]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-513]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-514]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-516]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-517]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-518]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-519]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-521]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-524]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-525]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-527]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-530]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-531]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-532]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-535]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-536]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-539]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-540]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-542]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-543]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-544]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-545]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-573]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-574]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-576]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-577]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-579]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-580]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-582]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-583]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-584]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-585]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-587]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-588]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-589]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-591]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-592]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-594]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-595]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-596]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-597]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-599]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-600]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-602]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-603]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-605]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-606]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-608]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-609]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-610]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-611]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-613]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-614]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-615]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-617]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-618]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-620]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-621]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
ExpectedResult = Success
VerifyMode = Peer
[test-622]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-623]
-ExpectedResult = ServerFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-624]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-625]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-626]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-627]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-628]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-629]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-630]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-631]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-632]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-633]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-634]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-635]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-636]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-637]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-638]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-639]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-640]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-641]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-642]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-643]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-644]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-645]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-646]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-647]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-648]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-649]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-650]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-651]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-652]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-653]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-654]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-655]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-656]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-657]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-658]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-659]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-660]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-661]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-662]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-663]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-664]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-665]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-666]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-667]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-668]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-669]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-670]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-671]
-ExpectedResult = ClientFail
+ExpectedResult = ServerFail
# ===========================================================
VerifyMode = Peer
[test-672]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-673]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-674]
-ExpectedResult = ClientFail
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
# ===========================================================
VerifyMode = Peer
[test-675]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[676-ciphersuite-sanity-check-client]
+ssl_conf = 676-ciphersuite-sanity-check-client-ssl
+
+[676-ciphersuite-sanity-check-client-ssl]
+server = 676-ciphersuite-sanity-check-client-server
+client = 676-ciphersuite-sanity-check-client-client
+
+[676-ciphersuite-sanity-check-client-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[676-ciphersuite-sanity-check-client-client]
+CipherString = AES128-SHA
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-676]
ExpectedResult = ClientFail
+# ===========================================================
+
+[677-ciphersuite-sanity-check-server]
+ssl_conf = 677-ciphersuite-sanity-check-server-ssl
+
+[677-ciphersuite-sanity-check-server-ssl]
+server = 677-ciphersuite-sanity-check-server-server
+client = 677-ciphersuite-sanity-check-server-client
+
+[677-ciphersuite-sanity-check-server-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = AES128-SHA
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[677-ciphersuite-sanity-check-server-client]
+CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-677]
+ExpectedResult = ServerFail
+
+
# Generated with generate_ssl_tests.pl
-num_tests = 36
+num_tests = 65
test-0 = 0-resumption
test-1 = 1-resumption
test-33 = 33-resumption
test-34 = 34-resumption
test-35 = 35-resumption
+test-36 = 36-resumption
+test-37 = 37-resumption
+test-38 = 38-resumption
+test-39 = 39-resumption
+test-40 = 40-resumption
+test-41 = 41-resumption
+test-42 = 42-resumption
+test-43 = 43-resumption
+test-44 = 44-resumption
+test-45 = 45-resumption
+test-46 = 46-resumption
+test-47 = 47-resumption
+test-48 = 48-resumption
+test-49 = 49-resumption
+test-50 = 50-resumption
+test-51 = 51-resumption
+test-52 = 52-resumption
+test-53 = 53-resumption
+test-54 = 54-resumption
+test-55 = 55-resumption
+test-56 = 56-resumption
+test-57 = 57-resumption
+test-58 = 58-resumption
+test-59 = 59-resumption
+test-60 = 60-resumption
+test-61 = 61-resumption
+test-62 = 62-resumption
+test-63 = 63-resumption
+test-64 = 64-resumption-with-hrr
# ===========================================================
[0-resumption]
[6-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[6-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[6-resumption-client]
VerifyMode = Peer
[test-6]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
HandshakeMode = Resume
ResumptionExpected = No
[7-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[7-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[7-resumption-client]
VerifyMode = Peer
[test-7]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
HandshakeMode = Resume
ResumptionExpected = No
[8-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[8-resumption-client]
VerifyMode = Peer
[test-8]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
[9-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[9-resumption-client]
VerifyMode = Peer
[test-9]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
[10-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[10-resumption-client]
VerifyMode = Peer
[test-10]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
# ===========================================================
[11-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[11-resumption-client]
VerifyMode = Peer
[test-11]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
# ===========================================================
[12-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[12-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[12-resumption-client]
VerifyMode = Peer
[test-12]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
ResumptionExpected = No
[13-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[13-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
+MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[13-resumption-client]
VerifyMode = Peer
[test-13]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
ResumptionExpected = No
[14-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[14-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[14-resumption-client]
VerifyMode = Peer
[test-14]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
HandshakeMode = Resume
ResumptionExpected = No
[15-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[15-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1.3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[15-resumption-client]
VerifyMode = Peer
[test-15]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.3
HandshakeMode = Resume
ResumptionExpected = No
[16-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[16-resumption-client]
VerifyMode = Peer
[test-16]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
[17-resumption-resume-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[17-resumption-client]
VerifyMode = Peer
[test-17]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
[18-resumption-ssl]
server = 18-resumption-server
client = 18-resumption-client
-resume-server = 18-resumption-server
-resume-client = 18-resumption-resume-client
+resume-server = 18-resumption-resume-server
+resume-client = 18-resumption-client
[18-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[18-resumption-client]
+[18-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[18-resumption-resume-client]
+[18-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-18]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
[19-resumption-ssl]
server = 19-resumption-server
client = 19-resumption-client
-resume-server = 19-resumption-server
-resume-client = 19-resumption-resume-client
+resume-server = 19-resumption-resume-server
+resume-client = 19-resumption-client
[19-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[19-resumption-client]
+[19-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[19-resumption-resume-client]
+[19-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-19]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
[20-resumption-ssl]
server = 20-resumption-server
client = 20-resumption-client
-resume-server = 20-resumption-server
-resume-client = 20-resumption-resume-client
+resume-server = 20-resumption-resume-server
+resume-client = 20-resumption-client
[20-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[20-resumption-client]
+[20-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[20-resumption-resume-client]
+[20-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-20]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
# ===========================================================
[21-resumption-ssl]
server = 21-resumption-server
client = 21-resumption-client
-resume-server = 21-resumption-server
-resume-client = 21-resumption-resume-client
+resume-server = 21-resumption-resume-server
+resume-client = 21-resumption-client
[21-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[21-resumption-client]
+[21-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[21-resumption-resume-client]
+[21-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-21]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
# ===========================================================
[22-resumption-ssl]
server = 22-resumption-server
client = 22-resumption-client
-resume-server = 22-resumption-server
-resume-client = 22-resumption-resume-client
+resume-server = 22-resumption-resume-server
+resume-client = 22-resumption-client
[22-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[22-resumption-client]
+[22-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[22-resumption-resume-client]
+[22-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-22]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
HandshakeMode = Resume
ResumptionExpected = No
[23-resumption-ssl]
server = 23-resumption-server
client = 23-resumption-client
-resume-server = 23-resumption-server
-resume-client = 23-resumption-resume-client
+resume-server = 23-resumption-resume-server
+resume-client = 23-resumption-client
[23-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[23-resumption-client]
+[23-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[23-resumption-resume-client]
+[23-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-23]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.3
HandshakeMode = Resume
ResumptionExpected = No
[24-resumption-ssl]
server = 24-resumption-server
client = 24-resumption-client
-resume-server = 24-resumption-server
-resume-client = 24-resumption-resume-client
+resume-server = 24-resumption-resume-server
+resume-client = 24-resumption-client
[24-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[24-resumption-client]
+[24-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[24-resumption-resume-client]
+[24-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[25-resumption-ssl]
server = 25-resumption-server
client = 25-resumption-client
-resume-server = 25-resumption-server
-resume-client = 25-resumption-resume-client
+resume-server = 25-resumption-resume-server
+resume-client = 25-resumption-client
[25-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[25-resumption-client]
+[25-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[25-resumption-resume-client]
+[25-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[26-resumption-ssl]
server = 26-resumption-server
client = 26-resumption-client
-resume-server = 26-resumption-server
-resume-client = 26-resumption-resume-client
+resume-server = 26-resumption-resume-server
+resume-client = 26-resumption-client
[26-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[26-resumption-client]
+[26-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[26-resumption-resume-client]
+[26-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-26]
ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
[27-resumption-ssl]
server = 27-resumption-server
client = 27-resumption-client
-resume-server = 27-resumption-server
-resume-client = 27-resumption-resume-client
+resume-server = 27-resumption-resume-server
+resume-client = 27-resumption-client
[27-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[27-resumption-client]
+[27-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[27-resumption-resume-client]
+[27-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-27]
ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
[28-resumption-ssl]
server = 28-resumption-server
client = 28-resumption-client
-resume-server = 28-resumption-server
-resume-client = 28-resumption-resume-client
+resume-server = 28-resumption-resume-server
+resume-client = 28-resumption-client
[28-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[28-resumption-client]
+[28-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[28-resumption-resume-client]
+[28-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[29-resumption-ssl]
server = 29-resumption-server
client = 29-resumption-client
-resume-server = 29-resumption-server
-resume-client = 29-resumption-resume-client
+resume-server = 29-resumption-resume-server
+resume-client = 29-resumption-client
[29-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[29-resumption-client]
+[29-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[29-resumption-resume-client]
+[29-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[30-resumption-ssl]
server = 30-resumption-server
client = 30-resumption-client
-resume-server = 30-resumption-server
-resume-client = 30-resumption-resume-client
+resume-server = 30-resumption-resume-server
+resume-client = 30-resumption-client
[30-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
Options = SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[30-resumption-client]
+[30-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[30-resumption-resume-client]
+[30-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-30]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
# ===========================================================
[31-resumption-ssl]
server = 31-resumption-server
client = 31-resumption-client
-resume-server = 31-resumption-server
-resume-client = 31-resumption-resume-client
+resume-server = 31-resumption-resume-server
+resume-client = 31-resumption-client
[31-resumption-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
Options = -SessionTicket
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[31-resumption-client]
+[31-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[31-resumption-resume-client]
+[31-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-31]
-ExpectedProtocol = TLSv1
+ExpectedProtocol = TLSv1.3
HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
# ===========================================================
[32-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[32-resumption-resume-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-32]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
# ===========================================================
[33-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[33-resumption-resume-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.1
+MaxProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-33]
-ExpectedProtocol = TLSv1.1
+ExpectedProtocol = TLSv1
HandshakeMode = Resume
-ResumptionExpected = No
+ResumptionExpected = Yes
# ===========================================================
[34-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[34-resumption-resume-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-34]
-ExpectedProtocol = TLSv1.2
+ExpectedProtocol = TLSv1.1
HandshakeMode = Resume
-ResumptionExpected = Yes
+ResumptionExpected = No
# ===========================================================
[35-resumption-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[35-resumption-resume-client]
CipherString = DEFAULT
-MaxProtocol = TLSv1.2
+MaxProtocol = TLSv1.1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-35]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[36-resumption]
+ssl_conf = 36-resumption-ssl
+
+[36-resumption-ssl]
+server = 36-resumption-server
+client = 36-resumption-client
+resume-server = 36-resumption-server
+resume-client = 36-resumption-resume-client
+
+[36-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[36-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[36-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-36]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[37-resumption]
+ssl_conf = 37-resumption-ssl
+
+[37-resumption-ssl]
+server = 37-resumption-server
+client = 37-resumption-client
+resume-server = 37-resumption-server
+resume-client = 37-resumption-resume-client
+
+[37-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[37-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[37-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-37]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[38-resumption]
+ssl_conf = 38-resumption-ssl
+
+[38-resumption-ssl]
+server = 38-resumption-server
+client = 38-resumption-client
+resume-server = 38-resumption-server
+resume-client = 38-resumption-resume-client
+
+[38-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[38-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[38-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-38]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[39-resumption]
+ssl_conf = 39-resumption-ssl
+
+[39-resumption-ssl]
+server = 39-resumption-server
+client = 39-resumption-client
+resume-server = 39-resumption-server
+resume-client = 39-resumption-resume-client
+
+[39-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[39-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[39-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-39]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[40-resumption]
+ssl_conf = 40-resumption-ssl
+
+[40-resumption-ssl]
+server = 40-resumption-server
+client = 40-resumption-client
+resume-server = 40-resumption-server
+resume-client = 40-resumption-resume-client
+
+[40-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[40-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[40-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-40]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[41-resumption]
+ssl_conf = 41-resumption-ssl
+
+[41-resumption-ssl]
+server = 41-resumption-server
+client = 41-resumption-client
+resume-server = 41-resumption-server
+resume-client = 41-resumption-resume-client
+
+[41-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[41-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[41-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-41]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[42-resumption]
+ssl_conf = 42-resumption-ssl
+
+[42-resumption-ssl]
+server = 42-resumption-server
+client = 42-resumption-client
+resume-server = 42-resumption-server
+resume-client = 42-resumption-resume-client
+
+[42-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[42-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[42-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-42]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[43-resumption]
+ssl_conf = 43-resumption-ssl
+
+[43-resumption-ssl]
+server = 43-resumption-server
+client = 43-resumption-client
+resume-server = 43-resumption-server
+resume-client = 43-resumption-resume-client
+
+[43-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[43-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[43-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-43]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[44-resumption]
+ssl_conf = 44-resumption-ssl
+
+[44-resumption-ssl]
+server = 44-resumption-server
+client = 44-resumption-client
+resume-server = 44-resumption-server
+resume-client = 44-resumption-resume-client
+
+[44-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[44-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[44-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-44]
ExpectedProtocol = TLSv1.2
HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[45-resumption]
+ssl_conf = 45-resumption-ssl
+
+[45-resumption-ssl]
+server = 45-resumption-server
+client = 45-resumption-client
+resume-server = 45-resumption-server
+resume-client = 45-resumption-resume-client
+
+[45-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[45-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[45-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-45]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[46-resumption]
+ssl_conf = 46-resumption-ssl
+
+[46-resumption-ssl]
+server = 46-resumption-server
+client = 46-resumption-client
+resume-server = 46-resumption-server
+resume-client = 46-resumption-resume-client
+
+[46-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[46-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[46-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-46]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[47-resumption]
+ssl_conf = 47-resumption-ssl
+
+[47-resumption-ssl]
+server = 47-resumption-server
+client = 47-resumption-client
+resume-server = 47-resumption-server
+resume-client = 47-resumption-resume-client
+
+[47-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[47-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[47-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-47]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[48-resumption]
+ssl_conf = 48-resumption-ssl
+
+[48-resumption-ssl]
+server = 48-resumption-server
+client = 48-resumption-client
+resume-server = 48-resumption-server
+resume-client = 48-resumption-resume-client
+
+[48-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[48-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[48-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-48]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[49-resumption]
+ssl_conf = 49-resumption-ssl
+
+[49-resumption-ssl]
+server = 49-resumption-server
+client = 49-resumption-client
+resume-server = 49-resumption-server
+resume-client = 49-resumption-resume-client
+
+[49-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[49-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[49-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-49]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[50-resumption]
+ssl_conf = 50-resumption-ssl
+
+[50-resumption-ssl]
+server = 50-resumption-server
+client = 50-resumption-client
+resume-server = 50-resumption-server
+resume-client = 50-resumption-resume-client
+
+[50-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[50-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[50-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-50]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[51-resumption]
+ssl_conf = 51-resumption-ssl
+
+[51-resumption-ssl]
+server = 51-resumption-server
+client = 51-resumption-client
+resume-server = 51-resumption-server
+resume-client = 51-resumption-resume-client
+
+[51-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[51-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[51-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-51]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[52-resumption]
+ssl_conf = 52-resumption-ssl
+
+[52-resumption-ssl]
+server = 52-resumption-server
+client = 52-resumption-client
+resume-server = 52-resumption-server
+resume-client = 52-resumption-resume-client
+
+[52-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[52-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[52-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-52]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[53-resumption]
+ssl_conf = 53-resumption-ssl
+
+[53-resumption-ssl]
+server = 53-resumption-server
+client = 53-resumption-client
+resume-server = 53-resumption-server
+resume-client = 53-resumption-resume-client
+
+[53-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[53-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[53-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-53]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[54-resumption]
+ssl_conf = 54-resumption-ssl
+
+[54-resumption-ssl]
+server = 54-resumption-server
+client = 54-resumption-client
+resume-server = 54-resumption-server
+resume-client = 54-resumption-resume-client
+
+[54-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[54-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[54-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-54]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[55-resumption]
+ssl_conf = 55-resumption-ssl
+
+[55-resumption-ssl]
+server = 55-resumption-server
+client = 55-resumption-client
+resume-server = 55-resumption-server
+resume-client = 55-resumption-resume-client
+
+[55-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[55-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[55-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-55]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[56-resumption]
+ssl_conf = 56-resumption-ssl
+
+[56-resumption-ssl]
+server = 56-resumption-server
+client = 56-resumption-client
+resume-server = 56-resumption-server
+resume-client = 56-resumption-resume-client
+
+[56-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[56-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[56-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-56]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[57-resumption]
+ssl_conf = 57-resumption-ssl
+
+[57-resumption-ssl]
+server = 57-resumption-server
+client = 57-resumption-client
+resume-server = 57-resumption-server
+resume-client = 57-resumption-resume-client
+
+[57-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[57-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[57-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-57]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[58-resumption]
+ssl_conf = 58-resumption-ssl
+
+[58-resumption-ssl]
+server = 58-resumption-server
+client = 58-resumption-client
+resume-server = 58-resumption-server
+resume-client = 58-resumption-resume-client
+
+[58-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[58-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[58-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-58]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[59-resumption]
+ssl_conf = 59-resumption-ssl
+
+[59-resumption-ssl]
+server = 59-resumption-server
+client = 59-resumption-client
+resume-server = 59-resumption-server
+resume-client = 59-resumption-resume-client
+
+[59-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[59-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[59-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-59]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[60-resumption]
+ssl_conf = 60-resumption-ssl
+
+[60-resumption-ssl]
+server = 60-resumption-server
+client = 60-resumption-client
+resume-server = 60-resumption-server
+resume-client = 60-resumption-resume-client
+
+[60-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[60-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[60-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-60]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[61-resumption]
+ssl_conf = 61-resumption-ssl
+
+[61-resumption-ssl]
+server = 61-resumption-server
+client = 61-resumption-client
+resume-server = 61-resumption-server
+resume-client = 61-resumption-resume-client
+
+[61-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[61-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[61-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-61]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[62-resumption]
+ssl_conf = 62-resumption-ssl
+
+[62-resumption-ssl]
+server = 62-resumption-server
+client = 62-resumption-client
+resume-server = 62-resumption-server
+resume-client = 62-resumption-resume-client
+
+[62-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[62-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[62-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-62]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[63-resumption]
+ssl_conf = 63-resumption-ssl
+
+[63-resumption-ssl]
+server = 63-resumption-server
+client = 63-resumption-client
+resume-server = 63-resumption-server
+resume-client = 63-resumption-resume-client
+
+[63-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[63-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[63-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-63]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[64-resumption-with-hrr]
+ssl_conf = 64-resumption-with-hrr-ssl
+
+[64-resumption-with-hrr-ssl]
+server = 64-resumption-with-hrr-server
+client = 64-resumption-with-hrr-client
+resume-server = 64-resumption-with-hrr-server
+resume-client = 64-resumption-with-hrr-resume-client
+
+[64-resumption-with-hrr-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = P-256
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[64-resumption-with-hrr-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[64-resumption-with-hrr-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-64]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+Method = TLS
ResumptionExpected = Yes
# Generated with generate_ssl_tests.pl
-num_tests = 23
+num_tests = 39
test-0 = 0-ECDSA CipherString Selection
test-1 = 1-Ed25519 CipherString and Signature Algorithm Selection
test-19 = 19-Suite B P-384 Hash Algorithm Selection
test-20 = 20-TLS 1.2 Ed25519 Client Auth
test-21 = 21-Only RSA-PSS Certificate, TLS v1.1
-test-22 = 22-TLS 1.2 DSA Certificate Test
+test-22 = 22-TLS 1.3 ECDSA Signature Algorithm Selection
+test-23 = 23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
+test-24 = 24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
+test-25 = 25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
+test-26 = 26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
+test-27 = 27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
+test-28 = 28-TLS 1.3 RSA Signature Algorithm Selection, no PSS
+test-29 = 29-TLS 1.3 RSA-PSS Signature Algorithm Selection
+test-30 = 30-TLS 1.3 Ed25519 Signature Algorithm Selection
+test-31 = 31-TLS 1.3 Ed25519 CipherString and Groups Selection
+test-32 = 32-TLS 1.3 RSA Client Auth Signature Algorithm Selection
+test-33 = 33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names
+test-34 = 34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
+test-35 = 35-TLS 1.3 Ed25519 Client Auth
+test-36 = 36-TLS 1.2 DSA Certificate Test
+test-37 = 37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
+test-38 = 38-TLS 1.3 DSA Certificate Test
# ===========================================================
[0-ECDSA CipherString Selection]
# ===========================================================
-[22-TLS 1.2 DSA Certificate Test]
-ssl_conf = 22-TLS 1.2 DSA Certificate Test-ssl
+[22-TLS 1.3 ECDSA Signature Algorithm Selection]
+ssl_conf = 22-TLS 1.3 ECDSA Signature Algorithm Selection-ssl
-[22-TLS 1.2 DSA Certificate Test-ssl]
-server = 22-TLS 1.2 DSA Certificate Test-server
-client = 22-TLS 1.2 DSA Certificate Test-client
+[22-TLS 1.3 ECDSA Signature Algorithm Selection-ssl]
+server = 22-TLS 1.3 ECDSA Signature Algorithm Selection-server
+client = 22-TLS 1.3 ECDSA Signature Algorithm Selection-client
-[22-TLS 1.2 DSA Certificate Test-server]
+[22-TLS 1.3 ECDSA Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[22-TLS 1.3 ECDSA Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-22]
+ExpectedResult = Success
+ExpectedServerCANames = empty
+ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point]
+ssl_conf = 23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl
+
+[23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl]
+server = 23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server
+client = 23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client
+
+[23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[23-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-23]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1]
+ssl_conf = 24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl
+
+[24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl]
+server = 24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server
+client = 24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
+
+[24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[24-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-24]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS]
+ssl_conf = 25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl
+
+[25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl]
+server = 25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server
+client = 25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client
+
+[25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[25-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client]
+CipherString = DEFAULT
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-25]
+ExpectedResult = Success
+ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS]
+ssl_conf = 26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl
+
+[26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl]
+server = 26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server
+client = 26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client
+
+[26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[26-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-26]
+ExpectedResult = Success
+ExpectedServerCertType = RSA
+ExpectedServerSignHash = SHA384
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate]
+ssl_conf = 27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
+
+[27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
+server = 27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server
+client = 27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client
+
+[27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[27-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-27]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[28-TLS 1.3 RSA Signature Algorithm Selection, no PSS]
+ssl_conf = 28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl
+
+[28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl]
+server = 28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server
+client = 28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client
+
+[28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[28-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client]
+CipherString = DEFAULT
+SignatureAlgorithms = RSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-28]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[29-TLS 1.3 RSA-PSS Signature Algorithm Selection]
+ssl_conf = 29-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl
+
+[29-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl]
+server = 29-TLS 1.3 RSA-PSS Signature Algorithm Selection-server
+client = 29-TLS 1.3 RSA-PSS Signature Algorithm Selection-client
+
+[29-TLS 1.3 RSA-PSS Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[29-TLS 1.3 RSA-PSS Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = RSA-PSS+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-29]
+ExpectedResult = Success
+ExpectedServerCertType = RSA
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[30-TLS 1.3 Ed25519 Signature Algorithm Selection]
+ssl_conf = 30-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl
+
+[30-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl]
+server = 30-TLS 1.3 Ed25519 Signature Algorithm Selection-server
+client = 30-TLS 1.3 Ed25519 Signature Algorithm Selection-client
+
+[30-TLS 1.3 Ed25519 Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[30-TLS 1.3 Ed25519 Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ed25519
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-30]
+ExpectedResult = Success
+ExpectedServerCertType = Ed25519
+ExpectedServerSignType = Ed25519
+
+
+# ===========================================================
+
+[31-TLS 1.3 Ed25519 CipherString and Groups Selection]
+ssl_conf = 31-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl
+
+[31-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl]
+server = 31-TLS 1.3 Ed25519 CipherString and Groups Selection-server
+client = 31-TLS 1.3 Ed25519 CipherString and Groups Selection-client
+
+[31-TLS 1.3 Ed25519 CipherString and Groups Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[31-TLS 1.3 Ed25519 CipherString and Groups Selection-client]
+CipherString = DEFAULT
+Groups = X25519
+SignatureAlgorithms = ECDSA+SHA256:ed25519
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-31]
+ExpectedResult = Success
+ExpectedServerCertType = P-256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[32-TLS 1.3 RSA Client Auth Signature Algorithm Selection]
+ssl_conf = 32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl
+
+[32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl]
+server = 32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server
+client = 32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client
+
+[32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = PSS+SHA256
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[32-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client]
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-32]
+ExpectedClientCANames = empty
+ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
+ExpectedClientSignType = RSA-PSS
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names]
+ssl_conf = 33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl
+
+[33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl]
+server = 33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server
+client = 33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client
+
+[33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = PSS+SHA256
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[33-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client]
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-33]
+ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
+ExpectedClientSignType = RSA-PSS
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection]
+ssl_conf = 34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl
+
+[34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl]
+server = 34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server
+client = 34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client
+
+[34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = ECDSA+SHA256
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[34-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client]
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-34]
+ExpectedClientCertType = P-256
+ExpectedClientSignHash = SHA256
+ExpectedClientSignType = EC
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[35-TLS 1.3 Ed25519 Client Auth]
+ssl_conf = 35-TLS 1.3 Ed25519 Client Auth-ssl
+
+[35-TLS 1.3 Ed25519 Client Auth-ssl]
+server = 35-TLS 1.3 Ed25519 Client Auth-server
+client = 35-TLS 1.3 Ed25519 Client Auth-client
+
+[35-TLS 1.3 Ed25519 Client Auth-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[35-TLS 1.3 Ed25519 Client Auth-client]
+CipherString = DEFAULT
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-35]
+ExpectedClientCertType = Ed25519
+ExpectedClientSignType = Ed25519
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[36-TLS 1.2 DSA Certificate Test]
+ssl_conf = 36-TLS 1.2 DSA Certificate Test-ssl
+
+[36-TLS 1.2 DSA Certificate Test-ssl]
+server = 36-TLS 1.2 DSA Certificate Test-server
+client = 36-TLS 1.2 DSA Certificate Test-client
+
+[36-TLS 1.2 DSA Certificate Test-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = ALL
DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
MinProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[22-TLS 1.2 DSA Certificate Test-client]
+[36-TLS 1.2 DSA Certificate Test-client]
CipherString = ALL
SignatureAlgorithms = DSA+SHA256:DSA+SHA1
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-22]
+[test-36]
ExpectedResult = Success
+# ===========================================================
+
+[37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms]
+ssl_conf = 37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl
+
+[37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl]
+server = 37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server
+client = 37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client
+
+[37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[37-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-37]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[38-TLS 1.3 DSA Certificate Test]
+ssl_conf = 38-TLS 1.3 DSA Certificate Test-ssl
+
+[38-TLS 1.3 DSA Certificate Test-ssl]
+server = 38-TLS 1.3 DSA Certificate Test-server
+client = 38-TLS 1.3 DSA Certificate Test-client
+
+[38-TLS 1.3 DSA Certificate Test-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = ALL
+DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
+DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[38-TLS 1.3 DSA Certificate Test-client]
+CipherString = ALL
+SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-38]
+ExpectedResult = ServerFail
+
+
# Generated with generate_ssl_tests.pl
-num_tests = 4
+num_tests = 8
+
+test-0 = 0-tlsv1_3-both-compress
+test-1 = 1-tlsv1_3-client-compress
+test-2 = 2-tlsv1_3-server-compress
+test-3 = 3-tlsv1_3-neither-compress
+test-4 = 4-tlsv1_2-both-compress
+test-5 = 5-tlsv1_2-client-compress
+test-6 = 6-tlsv1_2-server-compress
+test-7 = 7-tlsv1_2-neither-compress
+# ===========================================================
+
+[0-tlsv1_3-both-compress]
+ssl_conf = 0-tlsv1_3-both-compress-ssl
+
+[0-tlsv1_3-both-compress-ssl]
+server = 0-tlsv1_3-both-compress-server
+client = 0-tlsv1_3-both-compress-client
+
+[0-tlsv1_3-both-compress-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = Compression
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-tlsv1_3-both-compress-client]
+CipherString = DEFAULT
+Options = Compression
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+CompressionExpected = No
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[1-tlsv1_3-client-compress]
+ssl_conf = 1-tlsv1_3-client-compress-ssl
+
+[1-tlsv1_3-client-compress-ssl]
+server = 1-tlsv1_3-client-compress-server
+client = 1-tlsv1_3-client-compress-client
+
+[1-tlsv1_3-client-compress-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-tlsv1_3-client-compress-client]
+CipherString = DEFAULT
+Options = Compression
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+CompressionExpected = No
+ExpectedResult = Success
+
-test-0 = 0-tlsv1_2-both-compress
-test-1 = 1-tlsv1_2-client-compress
-test-2 = 2-tlsv1_2-server-compress
-test-3 = 3-tlsv1_2-neither-compress
# ===========================================================
-[0-tlsv1_2-both-compress]
-ssl_conf = 0-tlsv1_2-both-compress-ssl
+[2-tlsv1_3-server-compress]
+ssl_conf = 2-tlsv1_3-server-compress-ssl
-[0-tlsv1_2-both-compress-ssl]
-server = 0-tlsv1_2-both-compress-server
-client = 0-tlsv1_2-both-compress-client
+[2-tlsv1_3-server-compress-ssl]
+server = 2-tlsv1_3-server-compress-server
+client = 2-tlsv1_3-server-compress-client
-[0-tlsv1_2-both-compress-server]
+[2-tlsv1_3-server-compress-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Options = Compression
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[0-tlsv1_2-both-compress-client]
+[2-tlsv1_3-server-compress-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+CompressionExpected = No
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[3-tlsv1_3-neither-compress]
+ssl_conf = 3-tlsv1_3-neither-compress-ssl
+
+[3-tlsv1_3-neither-compress-ssl]
+server = 3-tlsv1_3-neither-compress-server
+client = 3-tlsv1_3-neither-compress-client
+
+[3-tlsv1_3-neither-compress-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-tlsv1_3-neither-compress-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+CompressionExpected = No
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[4-tlsv1_2-both-compress]
+ssl_conf = 4-tlsv1_2-both-compress-ssl
+
+[4-tlsv1_2-both-compress-ssl]
+server = 4-tlsv1_2-both-compress-server
+client = 4-tlsv1_2-both-compress-client
+
+[4-tlsv1_2-both-compress-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = Compression
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-tlsv1_2-both-compress-client]
CipherString = DEFAULT
MaxProtocol = TLSv1.2
Options = Compression
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-0]
+[test-4]
CompressionExpected = Yes
ExpectedResult = Success
# ===========================================================
-[1-tlsv1_2-client-compress]
-ssl_conf = 1-tlsv1_2-client-compress-ssl
+[5-tlsv1_2-client-compress]
+ssl_conf = 5-tlsv1_2-client-compress-ssl
-[1-tlsv1_2-client-compress-ssl]
-server = 1-tlsv1_2-client-compress-server
-client = 1-tlsv1_2-client-compress-client
+[5-tlsv1_2-client-compress-ssl]
+server = 5-tlsv1_2-client-compress-server
+client = 5-tlsv1_2-client-compress-client
-[1-tlsv1_2-client-compress-server]
+[5-tlsv1_2-client-compress-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[1-tlsv1_2-client-compress-client]
+[5-tlsv1_2-client-compress-client]
CipherString = DEFAULT
MaxProtocol = TLSv1.2
Options = Compression
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-1]
+[test-5]
CompressionExpected = No
ExpectedResult = Success
# ===========================================================
-[2-tlsv1_2-server-compress]
-ssl_conf = 2-tlsv1_2-server-compress-ssl
+[6-tlsv1_2-server-compress]
+ssl_conf = 6-tlsv1_2-server-compress-ssl
-[2-tlsv1_2-server-compress-ssl]
-server = 2-tlsv1_2-server-compress-server
-client = 2-tlsv1_2-server-compress-client
+[6-tlsv1_2-server-compress-ssl]
+server = 6-tlsv1_2-server-compress-server
+client = 6-tlsv1_2-server-compress-client
-[2-tlsv1_2-server-compress-server]
+[6-tlsv1_2-server-compress-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
Options = Compression
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[2-tlsv1_2-server-compress-client]
+[6-tlsv1_2-server-compress-client]
CipherString = DEFAULT
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-2]
+[test-6]
CompressionExpected = No
ExpectedResult = Success
# ===========================================================
-[3-tlsv1_2-neither-compress]
-ssl_conf = 3-tlsv1_2-neither-compress-ssl
+[7-tlsv1_2-neither-compress]
+ssl_conf = 7-tlsv1_2-neither-compress-ssl
-[3-tlsv1_2-neither-compress-ssl]
-server = 3-tlsv1_2-neither-compress-server
-client = 3-tlsv1_2-neither-compress-client
+[7-tlsv1_2-neither-compress-ssl]
+server = 7-tlsv1_2-neither-compress-server
+client = 7-tlsv1_2-neither-compress-client
-[3-tlsv1_2-neither-compress-server]
+[7-tlsv1_2-neither-compress-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-[3-tlsv1_2-neither-compress-client]
+[7-tlsv1_2-neither-compress-client]
CipherString = DEFAULT
MaxProtocol = TLSv1.2
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
-[test-3]
+[test-7]
CompressionExpected = No
ExpectedResult = Success