From 582a17d662d123eafbb70c9eaaa140a2559b7cdb Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 21 Oct 2016 17:39:33 +0100 Subject: [PATCH] Add the SSL_METHOD for TLSv1.3 and all other base changes required Includes addition of the various options to s_server/s_client. Also adds one of the new TLS1.3 ciphersuites. This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not a "real" TLS1.3 ciphersuite). Reviewed-by: Rich Salz --- apps/apps.h | 6 +- apps/ciphers.c | 8 + apps/s_cb.c | 2 + apps/s_client.c | 11 +- apps/s_server.c | 11 +- doc/man1/ciphers.pod | 6 + doc/man1/s_client.pod | 4 +- doc/man1/s_server.pod | 6 +- doc/man3/SSL_CONF_cmd.pod | 11 +- doc/man3/SSL_CTX_new.pod | 12 +- doc/man3/SSL_CTX_set_min_proto_version.pod | 4 +- doc/man3/SSL_CTX_set_options.pod | 4 +- include/openssl/ssl.h | 3 +- include/openssl/tls1.h | 13 +- ssl/methods.c | 18 + ssl/s3_lib.c | 15 + ssl/ssl_conf.c | 4 + ssl/ssl_lib.c | 4 +- ssl/ssl_locl.h | 4 + ssl/ssl_sess.c | 3 + ssl/statem/statem_lib.c | 9 +- ssl/t1_lib.c | 20 + ssl/t1_trce.c | 2 + test/cipherlist_test.c | 6 +- test/recipes/80-test_ssl_old.t | 30 +- test/ssl-tests/02-protocol-version.conf | 11197 +++++++++++++++++-- test/ssl-tests/10-resumption.conf | 1438 ++- test/ssl-tests/13-fragmentation.conf | 6 + test/ssl-tests/13-fragmentation.conf.in | 6 + test/ssl-tests/14-curves.conf | 29 + test/ssl-tests/14-curves.conf.in | 4 +- test/ssl-tests/protocol_version.pm | 22 +- test/ssl_test_ctx.c | 1 + test/ssltest_old.c | 24 +- util/TLSProxy/Proxy.pm | 4 +- 35 files changed, 11488 insertions(+), 1459 deletions(-) diff --git a/apps/apps.h b/apps/apps.h index 9dc473767e..d9f7c08e94 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -210,7 +210,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, # define OPT_S_ENUM \ OPT_S__FIRST=3000, \ OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \ - OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \ + OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \ OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \ OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_STRICT, OPT_S_SIGALGS, \ OPT_S_CLIENTSIGALGS, OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, \ @@ -222,6 +222,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \ {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \ {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \ + {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \ {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \ {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \ {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \ @@ -259,6 +260,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, case OPT_S_NOTLS1: \ case OPT_S_NOTLS1_1: \ case OPT_S_NOTLS1_2: \ + case OPT_S_NOTLS1_3: \ case OPT_S_BUGS: \ case OPT_S_NO_COMP: \ case OPT_S_COMP: \ @@ -279,7 +281,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate, #define IS_NO_PROT_FLAG(o) \ (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \ - || o == OPT_S_NOTLS1_2) + || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3) /* * Option parsing. diff --git a/apps/ciphers.c b/apps/ciphers.c index 7b99757d7b..531bf8db23 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -21,6 +21,7 @@ typedef enum OPTION_choice { OPT_TLS1, OPT_TLS1_1, OPT_TLS1_2, + OPT_TLS1_3, OPT_PSK, OPT_SRP, OPT_V, OPT_UPPER_V, OPT_S @@ -43,6 +44,9 @@ const OPTIONS ciphers_options[] = { #ifndef OPENSSL_NO_TLS1_2 {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"}, #endif +#ifndef OPENSSL_NO_TLS1_3 + {"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"}, +#endif #ifndef OPENSSL_NO_SSL_TRACE {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, #endif @@ -135,6 +139,10 @@ int ciphers_main(int argc, char **argv) min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; break; + case OPT_TLS1_3: + min_version = TLS1_3_VERSION; + max_version = TLS1_3_VERSION; + break; case OPT_PSK: #ifndef OPENSSL_NO_PSK psk = 1; diff --git a/apps/s_cb.c b/apps/s_cb.c index 9535f12690..c37b9a1cda 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -453,6 +453,7 @@ static STRINT_PAIR ssl_versions[] = { {"TLS 1.0", TLS1_VERSION}, {"TLS 1.1", TLS1_1_VERSION}, {"TLS 1.2", TLS1_2_VERSION}, + {"TLS 1.3", TLS1_3_VERSION}, {"DTLS 1.0", DTLS1_VERSION}, {"DTLS 1.0 (bad)", DTLS1_BAD_VER}, {NULL} @@ -522,6 +523,7 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, version == TLS1_VERSION || version == TLS1_1_VERSION || version == TLS1_2_VERSION || + version == TLS1_3_VERSION || version == DTLS1_VERSION || version == DTLS1_BAD_VER) { switch (content_type) { case 20: diff --git a/apps/s_client.c b/apps/s_client.c index 55803e98dd..a407303a07 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -539,7 +539,7 @@ typedef enum OPTION_choice { OPT_SRP_MOREGROUPS, #endif OPT_SSL3, OPT_SSL_CONFIG, - OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, + OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS, OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, @@ -680,6 +680,9 @@ const OPTIONS s_client_options[] = { #ifndef OPENSSL_NO_TLS1_2 {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"}, #endif +#ifndef OPENSSL_NO_TLS1_3 + {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"}, +#endif #ifndef OPENSSL_NO_DTLS {"dtls", OPT_DTLS, '-', "Use any version of DTLS"}, {"timeout", OPT_TIMEOUT, '-', @@ -762,7 +765,7 @@ static const OPT_PAIR services[] = { #define IS_PROT_FLAG(o) \ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ - || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) + || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) /* Free |*dest| and optionally set it to a copy of |source|. */ static void freeandcopy(char **dest, const char *source) @@ -1156,6 +1159,10 @@ int s_client_main(int argc, char **argv) min_version = SSL3_VERSION; max_version = SSL3_VERSION; break; + case OPT_TLS1_3: + min_version = TLS1_3_VERSION; + max_version = TLS1_3_VERSION; + break; case OPT_TLS1_2: min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; diff --git a/apps/s_server.c b/apps/s_server.c index d32b9dffd5..24841c528e 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -669,7 +669,7 @@ typedef enum OPTION_choice { OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, OPT_SSL_CONFIG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF, - OPT_SSL3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, + OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN, OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, @@ -834,6 +834,9 @@ const OPTIONS s_server_options[] = { #ifndef OPENSSL_NO_TLS1_2 {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"}, #endif +#ifndef OPENSSL_NO_TLS1_3 + {"tls1_3", OPT_TLS1_3, '-', "just talk TLSv1.3"}, +#endif #ifndef OPENSSL_NO_DTLS {"dtls", OPT_DTLS, '-', "Use any DTLS version"}, {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"}, @@ -868,7 +871,7 @@ const OPTIONS s_server_options[] = { #define IS_PROT_FLAG(o) \ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ - || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) + || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) int s_server_main(int argc, char *argv[]) { @@ -1321,6 +1324,10 @@ int s_server_main(int argc, char *argv[]) min_version = SSL3_VERSION; max_version = SSL3_VERSION; break; + case OPT_TLS1_3: + min_version = TLS1_3_VERSION; + max_version = TLS1_3_VERSION; + break; case OPT_TLS1_2: min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod index c392077653..30f572139c 100644 --- a/doc/man1/ciphers.pod +++ b/doc/man1/ciphers.pod @@ -15,6 +15,7 @@ B B [B<-tls1>] [B<-tls1_1>] [B<-tls1_2>] +[B<-tls1_3>] [B<-s>] [B<-psk>] [B<-srp>] @@ -69,6 +70,11 @@ L. Like B<-v>, but include the official cipher suite values in hex. +=item B<-tls1_3> + +In combination with the B<-s> option, list the ciphers which would be used if +TLSv1.3 were negotiated. + =item B<-tls1_2> In combination with the B<-s> option, list the ciphers which would be used if diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 4a2a28021c..4f21ea4093 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -68,10 +68,12 @@ B B [B<-tls1>] [B<-tls1_1>] [B<-tls1_2>] +[B<-tls1_3>] [B<-no_ssl3>] [B<-no_tls1>] [B<-no_tls1_1>] [B<-no_tls1_2>] +[B<-no_tls1_3>] [B<-dtls>] [B<-dtls1>] [B<-dtls1_2>] @@ -336,7 +338,7 @@ Use the PSK key B when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. -=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> +=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> These options require or disable the use of the specified SSL or TLS protocols. By default B will negotiate the highest mutually supported protocol diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index b0d7888730..b6c5659972 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -69,6 +69,9 @@ B B [B<-quiet>] [B<-ssl3>] [B<-tls1>] +[B<-tls1_1>] +[B<-tls1_2>] +[B<-tls1_3>] [B<-dtls>] [B<-dtls1>] [B<-dtls1_2>] @@ -81,6 +84,7 @@ B B [B<-no_tls1>] [B<-no_tls1_1>] [B<-no_tls1_2>] +[B<-no_tls1_3>] [B<-no_dhe>] [B<-bugs>] [B<-comp>] @@ -295,7 +299,7 @@ Use the PSK key B when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> +=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> These options require or disable the use of the specified SSL or TLS protocols. By default B will negotiate the highest mutually supported protocol diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index d8c0e9b95d..60b80d39ee 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -121,12 +121,13 @@ if specified. To restrict the supported protocol versions use these commands rather than the deprecated alternative commands below. -=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> +=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> -Disables protocol support for SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2 by setting the -corresponding options B, B, B -and B respectively. -These options are deprecated, instead use B<-min_protocol> and B<-max_protocol>. +Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by +setting the corresponding options B, B, +B, B and B +respectively. These options are deprecated, instead use B<-min_protocol> and +B<-max_protocol>. =item B<-bugs> diff --git a/doc/man3/SSL_CTX_new.pod b/doc/man3/SSL_CTX_new.pod index 29387d343f..512fca8de0 100644 --- a/doc/man3/SSL_CTX_new.pod +++ b/doc/man3/SSL_CTX_new.pod @@ -156,12 +156,12 @@ and be able to negotiate with all possible clients, but to only allow newer protocols like TLS 1.0, TLS 1.1 or TLS 1.2. The list of protocols available can also be limited using the -B, B, B and -B options of the L or -L functions, but this approach is not recommended. -Clients should avoid creating "holes" in the set of protocols they support. -When disabling a protocol, make sure that you also disable either all previous -or all subsequent protocol versions. +B, B, B, +B and B options of the +L or L functions, but this approach +is not recommended. Clients should avoid creating "holes" in the set of +protocols they support. When disabling a protocol, make sure that you also +disable either all previous or all subsequent protocol versions. In clients, when a protocol version is disabled without disabling I previous protocol versions, the effect is to also disable all subsequent protocol versions. diff --git a/doc/man3/SSL_CTX_set_min_proto_version.pod b/doc/man3/SSL_CTX_set_min_proto_version.pod index 3e9fe80b70..5996d48fe3 100644 --- a/doc/man3/SSL_CTX_set_min_proto_version.pod +++ b/doc/man3/SSL_CTX_set_min_proto_version.pod @@ -29,8 +29,8 @@ versions down to the lowest version, or up to the highest version supported by the library, respectively. Currently supported versions are B, B, -B, B for TLS and B, -B for DTLS. +B, B, B for TLS and +B, B for DTLS. =head1 RETURN VALUES diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index 63609f3a31..921c812ef3 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -155,9 +155,9 @@ own preferences. =item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, -SSL_OP_NO_TLSv1_2, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2 +SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2 -These options turn off the SSLv3, TLSv1, TLSv1.1 or TLSv1.2 protocol +These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol versions with TLS or the DTLSv1, DTLSv1.2 versions with DTLS, respectively. As of OpenSSL 1.1.0, these options are deprecated, use diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 20013dbfe8..f0aa306133 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -343,12 +343,13 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, # define SSL_OP_NO_TLSv1 0x04000000U # define SSL_OP_NO_TLSv1_2 0x08000000U # define SSL_OP_NO_TLSv1_1 0x10000000U +# define SSL_OP_NO_TLSv1_3 0x20000000U # define SSL_OP_NO_DTLSv1 0x04000000U # define SSL_OP_NO_DTLSv1_2 0x08000000U # define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ - SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) + SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3) # define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 23e382cdd3..3f7e749c69 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -65,7 +65,8 @@ extern "C" { # define TLS1_VERSION 0x0301 # define TLS1_1_VERSION 0x0302 # define TLS1_2_VERSION 0x0303 -# define TLS_MAX_VERSION TLS1_2_VERSION +# define TLS1_3_VERSION 0x0304 +# define TLS_MAX_VERSION TLS1_3_VERSION /* Special value for method supporting multiple versions */ # define TLS_ANY_VERSION 0x10000 @@ -599,6 +600,9 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD # define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE +/* TLS v1.3 ciphersuites */ +# define TLS1_3_CK_AES_128_GCM_SHA256 0x03000D01 + /* * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE * ciphers names with "EDH" instead of "DHE". Going forward, we should be @@ -868,6 +872,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" # define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" +/* TLSv1.3 ciphersuites */ +/* + * TODO(TLS1.3): Review the naming scheme for TLSv1.3 ciphers and also the + * cipherstring selection process for these ciphers + */ +# define TLS1_3_TXT_AES_128_GCM_SHA256 "TLS13-AES-128-GCM-SHA256" + # define TLS_CT_RSA_SIGN 1 # define TLS_CT_DSS_SIGN 2 # define TLS_CT_RSA_FIXED_DH 3 diff --git a/ssl/methods.c b/ssl/methods.c index c846143277..f0926b7ce0 100644 --- a/ssl/methods.c +++ b/ssl/methods.c @@ -19,6 +19,12 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, TLS_method, ossl_statem_accept, ossl_statem_connect, TLSv1_2_enc_data) +#ifndef OPENSSL_NO_TLS1_3_METHOD +IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, + tlsv1_3_method, + ossl_statem_accept, + ossl_statem_connect, TLSv1_3_enc_data) +#endif #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, tlsv1_2_method, @@ -46,6 +52,12 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, TLS_server_method, ossl_statem_accept, ssl_undefined_function, TLSv1_2_enc_data) +#ifndef OPENSSL_NO_TLS1_3_METHOD +IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, + tlsv1_3_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_3_enc_data) +#endif #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, tlsv1_2_server_method, @@ -75,6 +87,12 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, TLS_client_method, ssl_undefined_function, ossl_statem_connect, TLSv1_2_enc_data) +#ifndef OPENSSL_NO_TLS1_3_METHOD +IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, + tlsv1_3_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_3_enc_data) +#endif #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, tlsv1_2_client_method, diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index d19b97a4d9..ffdb45403d 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -834,6 +834,21 @@ static SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, + { + 1, + TLS1_3_TXT_AES_128_GCM_SHA256, + TLS1_3_CK_AES_128_GCM_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, #ifndef OPENSSL_NO_EC { diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 3957946092..63687b5ba1 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -257,6 +257,7 @@ static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL_INV("TLSv1", SSL_OP_NO_TLSv1), SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1), SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2), + SSL_FLAG_TBL_INV("TLSv1.3", SSL_OP_NO_TLSv1_3), SSL_FLAG_TBL_INV("DTLSv1", SSL_OP_NO_DTLSv1), SSL_FLAG_TBL_INV("DTLSv1.2", SSL_OP_NO_DTLSv1_2) }; @@ -282,6 +283,7 @@ static int protocol_from_string(const char *value) {"TLSv1", TLS1_VERSION}, {"TLSv1.1", TLS1_1_VERSION}, {"TLSv1.2", TLS1_2_VERSION}, + {"TLSv1.3", TLS1_3_VERSION}, {"DTLSv1", DTLS1_VERSION}, {"DTLSv1.2", DTLS1_2_VERSION} }; @@ -526,6 +528,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_SWITCH("no_tls1", 0), SSL_CONF_CMD_SWITCH("no_tls1_1", 0), SSL_CONF_CMD_SWITCH("no_tls1_2", 0), + SSL_CONF_CMD_SWITCH("no_tls1_3", 0), SSL_CONF_CMD_SWITCH("bugs", 0), SSL_CONF_CMD_SWITCH("no_comp", 0), SSL_CONF_CMD_SWITCH("comp", 0), @@ -583,6 +586,7 @@ static const ssl_switch_tbl ssl_cmd_switches[] = { {SSL_OP_NO_TLSv1, 0}, /* no_tls1 */ {SSL_OP_NO_TLSv1_1, 0}, /* no_tls1_1 */ {SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */ + {SSL_OP_NO_TLSv1_3, 0}, /* no_tls1_3 */ {SSL_OP_ALL, 0}, /* bugs */ {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */ {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */ diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 8bf872beec..84dd39371a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3072,7 +3072,9 @@ const SSL_METHOD *ssl_bad_method(int ver) const char *ssl_protocol_to_string(int version) { - if (version == TLS1_2_VERSION) + if (version == TLS1_3_VERSION) + return "TLSv1.3"; + else if (version == TLS1_2_VERSION) return "TLSv1.2"; else if (version == TLS1_1_VERSION) return "TLSv1.1"; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 8a7e1a9474..d5a6fe236e 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1641,6 +1641,9 @@ __owur const SSL_METHOD *tlsv1_1_client_method(void); __owur const SSL_METHOD *tlsv1_2_method(void); __owur const SSL_METHOD *tlsv1_2_server_method(void); __owur const SSL_METHOD *tlsv1_2_client_method(void); +__owur const SSL_METHOD *tlsv1_3_method(void); +__owur const SSL_METHOD *tlsv1_3_server_method(void); +__owur const SSL_METHOD *tlsv1_3_client_method(void); __owur const SSL_METHOD *dtlsv1_method(void); __owur const SSL_METHOD *dtlsv1_server_method(void); __owur const SSL_METHOD *dtlsv1_client_method(void); @@ -1652,6 +1655,7 @@ __owur const SSL_METHOD *dtlsv1_2_client_method(void); extern const SSL3_ENC_METHOD TLSv1_enc_data; extern const SSL3_ENC_METHOD TLSv1_1_enc_data; extern const SSL3_ENC_METHOD TLSv1_2_enc_data; +extern const SSL3_ENC_METHOD TLSv1_3_enc_data; extern const SSL3_ENC_METHOD SSLv3_enc_data; extern const SSL3_ENC_METHOD DTLSv1_enc_data; extern const SSL3_ENC_METHOD DTLSv1_2_enc_data; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index eee1ca1f5b..e0ec918c91 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -320,6 +320,9 @@ int ssl_get_new_session(SSL *s, int session) } else if (s->version == TLS1_2_VERSION) { ss->ssl_version = TLS1_2_VERSION; ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == TLS1_3_VERSION) { + ss->ssl_version = TLS1_3_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; } else if (s->version == DTLS1_BAD_VER) { ss->ssl_version = DTLS1_BAD_VER; ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index c185d7c72a..a3d8d1ee26 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -647,11 +647,16 @@ typedef struct { const SSL_METHOD *(*smeth) (void); } version_info; -#if TLS_MAX_VERSION != TLS1_2_VERSION -# error Code needs update for TLS_method() support beyond TLS1_2_VERSION. +#if TLS_MAX_VERSION != TLS1_3_VERSION +# error Code needs update for TLS_method() support beyond TLS1_3_VERSION. #endif static const version_info tls_version_table[] = { +#ifndef OPENSSL_NO_TLS1_3 + {TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method}, +#else + {TLS1_3_VERSION, NULL, NULL}, +#endif #ifndef OPENSSL_NO_TLS1_2 {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method}, #else diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 87ebbf3625..e19f93d21c 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -84,6 +84,26 @@ SSL3_ENC_METHOD const TLSv1_2_enc_data = { ssl3_handshake_write }; +SSL3_ENC_METHOD const TLSv1_3_enc_data = { + tls1_enc, + tls1_mac, + tls1_setup_key_block, + tls1_generate_master_secret, + tls1_change_cipher_state, + tls1_final_finish_mac, + TLS1_FINISH_MAC_LENGTH, + TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, + TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, + tls1_alert_code, + tls1_export_keying_material, + SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF + | SSL_ENC_FLAG_TLS1_2_CIPHERS, + SSL3_HM_HEADER_LENGTH, + ssl3_set_handshake_header, + tls_close_construct_packet, + ssl3_handshake_write +}; + long tls1_default_timeout(void) { /* diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 4577f038a3..ab5d2dac76 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -61,6 +61,7 @@ static ssl_trace_tbl ssl_version_tbl[] = { {TLS1_VERSION, "TLS 1.0"}, {TLS1_1_VERSION, "TLS 1.1"}, {TLS1_2_VERSION, "TLS 1.2"}, + {TLS1_3_VERSION, "TLS 1.3"}, {DTLS1_VERSION, "DTLS 1.0"}, {DTLS1_2_VERSION, "DTLS 1.2"}, {DTLS1_BAD_VER, "DTLS 1.0 (bad)"} @@ -422,6 +423,7 @@ static ssl_trace_tbl ssl_ciphers_tbl[] = { {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305"}, {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305"}, {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305"}, + {0x0D01, "TLS_AES_128_GCM_SHA256"}, {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, }; diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c index d6556e0537..70ebd83566 100644 --- a/test/cipherlist_test.c +++ b/test/cipherlist_test.c @@ -107,10 +107,14 @@ static const uint32_t default_ciphers_in_order[] = { #ifndef OPENSSL_NO_TLS1_2 TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, +#endif +#ifndef OPENSSL_NO_TLS1_3 + TLS1_3_CK_AES_128_GCM_SHA256, +#endif +#ifndef OPENSSL_NO_TLS1_2 TLS1_CK_RSA_WITH_AES_256_SHA256, TLS1_CK_RSA_WITH_AES_128_SHA256, #endif - TLS1_CK_RSA_WITH_AES_256_SHA, TLS1_CK_RSA_WITH_AES_128_SHA, }; diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index ff1a50ab8f..d413de33b2 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -21,10 +21,10 @@ setup("test_ssl"); $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf"); my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_srp, $no_psk, - $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, + $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3, $no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) = anydisabled qw/rsa dsa dh ec srp psk - ssl3 tls1 tls1_1 tls1_2 + ssl3 tls1 tls1_1 tls1_2 tls1_3 dtls dtls1 dtls1_2 ct/; my $no_anytls = alldisabled(available_protocols("tls")); my $no_anydtls = alldisabled(available_protocols("dtls")); @@ -446,6 +446,7 @@ sub testssl { my @protocols = (); # FIXME: I feel unsure about the following line, is that really just TLSv1.2, or is it all of the SSLv3/TLS protocols? + push(@protocols, "TLSv1.3") unless $no_tls1_3; push(@protocols, "TLSv1.2") unless $no_tls1_2; push(@protocols, "SSLv3") unless $no_ssl3; my $protocolciphersuitcount = 0; @@ -463,22 +464,27 @@ sub testssl { # The count of protocols is because in addition to the ciphersuits # we got above, we're running a weak DH test for each protocol - plan tests => $protocolciphersuitcount + scalar(@protocols); - - foreach my $protocol (@protocols) { - note "Testing ciphersuites for $protocol"; - foreach my $cipher (@{$ciphersuites{$protocol}}) { - ok(run(test([@ssltest, @exkeys, "-cipher", $cipher, - $protocol eq "SSLv3" ? ("-ssl3") : ()])), - "Testing $cipher"); - } + plan tests => $protocolciphersuitcount + scalar(@protocols); + + foreach my $protocol (@protocols) { + note "Testing ciphersuites for $protocol"; + my $flag = ""; + if ($protocol eq "SSLv3") { + $flag = "-ssl3"; + } elsif ($protocol eq "TLSv1.2") { + $flag = "-tls1_2"; + } + foreach my $cipher (@{$ciphersuites{$protocol}}) { + ok(run(test([@ssltest, @exkeys, "-cipher", $cipher, $flag])), + "Testing $cipher"); + } is(run(test([@ssltest, "-s_cipher", "EDH", "-c_cipher", 'EDH:@SECLEVEL=1', "-dhe512", $protocol eq "SSLv3" ? ("-ssl3") : ()])), 0, "testing connection with weak DH, expecting failure"); - } + } }; subtest 'RSA/(EC)DHE/PSK tests' => sub { diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf index cb89dbc10a..cf618f4e28 100644 --- a/test/ssl-tests/02-protocol-version.conf +++ b/test/ssl-tests/02-protocol-version.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 361 +num_tests = 676 test-0 = 0-version-negotiation test-1 = 1-version-negotiation @@ -363,6 +363,321 @@ test-357 = 357-version-negotiation test-358 = 358-version-negotiation test-359 = 359-version-negotiation test-360 = 360-version-negotiation +test-361 = 361-version-negotiation +test-362 = 362-version-negotiation +test-363 = 363-version-negotiation +test-364 = 364-version-negotiation +test-365 = 365-version-negotiation +test-366 = 366-version-negotiation +test-367 = 367-version-negotiation +test-368 = 368-version-negotiation +test-369 = 369-version-negotiation +test-370 = 370-version-negotiation +test-371 = 371-version-negotiation +test-372 = 372-version-negotiation +test-373 = 373-version-negotiation +test-374 = 374-version-negotiation +test-375 = 375-version-negotiation +test-376 = 376-version-negotiation +test-377 = 377-version-negotiation +test-378 = 378-version-negotiation +test-379 = 379-version-negotiation +test-380 = 380-version-negotiation +test-381 = 381-version-negotiation +test-382 = 382-version-negotiation +test-383 = 383-version-negotiation +test-384 = 384-version-negotiation +test-385 = 385-version-negotiation +test-386 = 386-version-negotiation +test-387 = 387-version-negotiation +test-388 = 388-version-negotiation +test-389 = 389-version-negotiation +test-390 = 390-version-negotiation +test-391 = 391-version-negotiation +test-392 = 392-version-negotiation +test-393 = 393-version-negotiation +test-394 = 394-version-negotiation +test-395 = 395-version-negotiation +test-396 = 396-version-negotiation +test-397 = 397-version-negotiation +test-398 = 398-version-negotiation +test-399 = 399-version-negotiation +test-400 = 400-version-negotiation +test-401 = 401-version-negotiation +test-402 = 402-version-negotiation +test-403 = 403-version-negotiation +test-404 = 404-version-negotiation +test-405 = 405-version-negotiation +test-406 = 406-version-negotiation +test-407 = 407-version-negotiation +test-408 = 408-version-negotiation +test-409 = 409-version-negotiation +test-410 = 410-version-negotiation +test-411 = 411-version-negotiation +test-412 = 412-version-negotiation +test-413 = 413-version-negotiation +test-414 = 414-version-negotiation +test-415 = 415-version-negotiation +test-416 = 416-version-negotiation +test-417 = 417-version-negotiation +test-418 = 418-version-negotiation +test-419 = 419-version-negotiation +test-420 = 420-version-negotiation +test-421 = 421-version-negotiation +test-422 = 422-version-negotiation +test-423 = 423-version-negotiation +test-424 = 424-version-negotiation +test-425 = 425-version-negotiation +test-426 = 426-version-negotiation +test-427 = 427-version-negotiation +test-428 = 428-version-negotiation +test-429 = 429-version-negotiation +test-430 = 430-version-negotiation +test-431 = 431-version-negotiation +test-432 = 432-version-negotiation +test-433 = 433-version-negotiation +test-434 = 434-version-negotiation +test-435 = 435-version-negotiation +test-436 = 436-version-negotiation +test-437 = 437-version-negotiation +test-438 = 438-version-negotiation +test-439 = 439-version-negotiation +test-440 = 440-version-negotiation +test-441 = 441-version-negotiation +test-442 = 442-version-negotiation +test-443 = 443-version-negotiation +test-444 = 444-version-negotiation +test-445 = 445-version-negotiation +test-446 = 446-version-negotiation +test-447 = 447-version-negotiation +test-448 = 448-version-negotiation +test-449 = 449-version-negotiation +test-450 = 450-version-negotiation +test-451 = 451-version-negotiation +test-452 = 452-version-negotiation +test-453 = 453-version-negotiation +test-454 = 454-version-negotiation +test-455 = 455-version-negotiation +test-456 = 456-version-negotiation +test-457 = 457-version-negotiation +test-458 = 458-version-negotiation +test-459 = 459-version-negotiation +test-460 = 460-version-negotiation +test-461 = 461-version-negotiation +test-462 = 462-version-negotiation +test-463 = 463-version-negotiation +test-464 = 464-version-negotiation +test-465 = 465-version-negotiation +test-466 = 466-version-negotiation +test-467 = 467-version-negotiation +test-468 = 468-version-negotiation +test-469 = 469-version-negotiation +test-470 = 470-version-negotiation +test-471 = 471-version-negotiation +test-472 = 472-version-negotiation +test-473 = 473-version-negotiation +test-474 = 474-version-negotiation +test-475 = 475-version-negotiation +test-476 = 476-version-negotiation +test-477 = 477-version-negotiation +test-478 = 478-version-negotiation +test-479 = 479-version-negotiation +test-480 = 480-version-negotiation +test-481 = 481-version-negotiation +test-482 = 482-version-negotiation +test-483 = 483-version-negotiation +test-484 = 484-version-negotiation +test-485 = 485-version-negotiation +test-486 = 486-version-negotiation +test-487 = 487-version-negotiation +test-488 = 488-version-negotiation +test-489 = 489-version-negotiation +test-490 = 490-version-negotiation +test-491 = 491-version-negotiation +test-492 = 492-version-negotiation +test-493 = 493-version-negotiation +test-494 = 494-version-negotiation +test-495 = 495-version-negotiation +test-496 = 496-version-negotiation +test-497 = 497-version-negotiation +test-498 = 498-version-negotiation +test-499 = 499-version-negotiation +test-500 = 500-version-negotiation +test-501 = 501-version-negotiation +test-502 = 502-version-negotiation +test-503 = 503-version-negotiation +test-504 = 504-version-negotiation +test-505 = 505-version-negotiation +test-506 = 506-version-negotiation +test-507 = 507-version-negotiation +test-508 = 508-version-negotiation +test-509 = 509-version-negotiation +test-510 = 510-version-negotiation +test-511 = 511-version-negotiation +test-512 = 512-version-negotiation +test-513 = 513-version-negotiation +test-514 = 514-version-negotiation +test-515 = 515-version-negotiation +test-516 = 516-version-negotiation +test-517 = 517-version-negotiation +test-518 = 518-version-negotiation +test-519 = 519-version-negotiation +test-520 = 520-version-negotiation +test-521 = 521-version-negotiation +test-522 = 522-version-negotiation +test-523 = 523-version-negotiation +test-524 = 524-version-negotiation +test-525 = 525-version-negotiation +test-526 = 526-version-negotiation +test-527 = 527-version-negotiation +test-528 = 528-version-negotiation +test-529 = 529-version-negotiation +test-530 = 530-version-negotiation +test-531 = 531-version-negotiation +test-532 = 532-version-negotiation +test-533 = 533-version-negotiation +test-534 = 534-version-negotiation +test-535 = 535-version-negotiation +test-536 = 536-version-negotiation +test-537 = 537-version-negotiation +test-538 = 538-version-negotiation +test-539 = 539-version-negotiation +test-540 = 540-version-negotiation +test-541 = 541-version-negotiation +test-542 = 542-version-negotiation +test-543 = 543-version-negotiation +test-544 = 544-version-negotiation +test-545 = 545-version-negotiation +test-546 = 546-version-negotiation +test-547 = 547-version-negotiation +test-548 = 548-version-negotiation +test-549 = 549-version-negotiation +test-550 = 550-version-negotiation +test-551 = 551-version-negotiation +test-552 = 552-version-negotiation +test-553 = 553-version-negotiation +test-554 = 554-version-negotiation +test-555 = 555-version-negotiation +test-556 = 556-version-negotiation +test-557 = 557-version-negotiation +test-558 = 558-version-negotiation +test-559 = 559-version-negotiation +test-560 = 560-version-negotiation +test-561 = 561-version-negotiation +test-562 = 562-version-negotiation +test-563 = 563-version-negotiation +test-564 = 564-version-negotiation +test-565 = 565-version-negotiation +test-566 = 566-version-negotiation +test-567 = 567-version-negotiation +test-568 = 568-version-negotiation +test-569 = 569-version-negotiation +test-570 = 570-version-negotiation +test-571 = 571-version-negotiation +test-572 = 572-version-negotiation +test-573 = 573-version-negotiation +test-574 = 574-version-negotiation +test-575 = 575-version-negotiation +test-576 = 576-version-negotiation +test-577 = 577-version-negotiation +test-578 = 578-version-negotiation +test-579 = 579-version-negotiation +test-580 = 580-version-negotiation +test-581 = 581-version-negotiation +test-582 = 582-version-negotiation +test-583 = 583-version-negotiation +test-584 = 584-version-negotiation +test-585 = 585-version-negotiation +test-586 = 586-version-negotiation +test-587 = 587-version-negotiation +test-588 = 588-version-negotiation +test-589 = 589-version-negotiation +test-590 = 590-version-negotiation +test-591 = 591-version-negotiation +test-592 = 592-version-negotiation +test-593 = 593-version-negotiation +test-594 = 594-version-negotiation +test-595 = 595-version-negotiation +test-596 = 596-version-negotiation +test-597 = 597-version-negotiation +test-598 = 598-version-negotiation +test-599 = 599-version-negotiation +test-600 = 600-version-negotiation +test-601 = 601-version-negotiation +test-602 = 602-version-negotiation +test-603 = 603-version-negotiation +test-604 = 604-version-negotiation +test-605 = 605-version-negotiation +test-606 = 606-version-negotiation +test-607 = 607-version-negotiation +test-608 = 608-version-negotiation +test-609 = 609-version-negotiation +test-610 = 610-version-negotiation +test-611 = 611-version-negotiation +test-612 = 612-version-negotiation +test-613 = 613-version-negotiation +test-614 = 614-version-negotiation +test-615 = 615-version-negotiation +test-616 = 616-version-negotiation +test-617 = 617-version-negotiation +test-618 = 618-version-negotiation +test-619 = 619-version-negotiation +test-620 = 620-version-negotiation +test-621 = 621-version-negotiation +test-622 = 622-version-negotiation +test-623 = 623-version-negotiation +test-624 = 624-version-negotiation +test-625 = 625-version-negotiation +test-626 = 626-version-negotiation +test-627 = 627-version-negotiation +test-628 = 628-version-negotiation +test-629 = 629-version-negotiation +test-630 = 630-version-negotiation +test-631 = 631-version-negotiation +test-632 = 632-version-negotiation +test-633 = 633-version-negotiation +test-634 = 634-version-negotiation +test-635 = 635-version-negotiation +test-636 = 636-version-negotiation +test-637 = 637-version-negotiation +test-638 = 638-version-negotiation +test-639 = 639-version-negotiation +test-640 = 640-version-negotiation +test-641 = 641-version-negotiation +test-642 = 642-version-negotiation +test-643 = 643-version-negotiation +test-644 = 644-version-negotiation +test-645 = 645-version-negotiation +test-646 = 646-version-negotiation +test-647 = 647-version-negotiation +test-648 = 648-version-negotiation +test-649 = 649-version-negotiation +test-650 = 650-version-negotiation +test-651 = 651-version-negotiation +test-652 = 652-version-negotiation +test-653 = 653-version-negotiation +test-654 = 654-version-negotiation +test-655 = 655-version-negotiation +test-656 = 656-version-negotiation +test-657 = 657-version-negotiation +test-658 = 658-version-negotiation +test-659 = 659-version-negotiation +test-660 = 660-version-negotiation +test-661 = 661-version-negotiation +test-662 = 662-version-negotiation +test-663 = 663-version-negotiation +test-664 = 664-version-negotiation +test-665 = 665-version-negotiation +test-666 = 666-version-negotiation +test-667 = 667-version-negotiation +test-668 = 668-version-negotiation +test-669 = 669-version-negotiation +test-670 = 670-version-negotiation +test-671 = 671-version-negotiation +test-672 = 672-version-negotiation +test-673 = 673-version-negotiation +test-674 = 674-version-negotiation +test-675 = 675-version-negotiation # =========================================================== [0-version-negotiation] @@ -475,6 +790,7 @@ client = 4-version-negotiation-client [4-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-version-negotiation-client] @@ -499,8 +815,6 @@ client = 5-version-negotiation-client [5-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-version-negotiation-client] @@ -525,7 +839,7 @@ client = 6-version-negotiation-client [6-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -551,7 +865,7 @@ client = 7-version-negotiation-client [7-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -577,7 +891,7 @@ client = 8-version-negotiation-client [8-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -603,6 +917,7 @@ client = 9-version-negotiation-client [9-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -628,8 +943,8 @@ client = 10-version-negotiation-client [10-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-version-negotiation-client] @@ -654,8 +969,7 @@ client = 11-version-negotiation-client [11-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-version-negotiation-client] @@ -680,7 +994,7 @@ client = 12-version-negotiation-client [12-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -706,6 +1020,7 @@ client = 13-version-negotiation-client [13-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem @@ -731,8 +1046,8 @@ client = 14-version-negotiation-client [14-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-version-negotiation-client] @@ -757,8 +1072,8 @@ client = 15-version-negotiation-client [15-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-version-negotiation-client] @@ -783,7 +1098,7 @@ client = 16-version-negotiation-client [16-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-version-negotiation-client] @@ -808,8 +1123,8 @@ client = 17-version-negotiation-client [17-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-version-negotiation-client] @@ -834,7 +1149,8 @@ client = 18-version-negotiation-client [18-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [18-version-negotiation-client] @@ -859,17 +1175,18 @@ client = 19-version-negotiation-client [19-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [19-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-19] -ExpectedResult = ServerFail +ExpectedResult = InternalError # =========================================================== @@ -884,18 +1201,17 @@ client = 20-version-negotiation-client [20-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [20-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-20] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -910,18 +1226,18 @@ client = 21-version-negotiation-client [21-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [21-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-21] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -936,18 +1252,18 @@ client = 22-version-negotiation-client [22-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [22-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-22] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -962,17 +1278,17 @@ client = 23-version-negotiation-client [23-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [23-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-23] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -987,18 +1303,18 @@ client = 24-version-negotiation-client [24-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [24-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-24] -ExpectedResult = ServerFail +ExpectedResult = InternalError # =========================================================== @@ -1013,19 +1329,17 @@ client = 25-version-negotiation-client [25-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [25-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-25] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -1040,8 +1354,7 @@ client = 26-version-negotiation-client [26-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [26-version-negotiation-client] @@ -1051,8 +1364,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-26] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1067,8 +1379,7 @@ client = 27-version-negotiation-client [27-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [27-version-negotiation-client] @@ -1094,7 +1405,7 @@ client = 28-version-negotiation-client [28-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [28-version-negotiation-client] @@ -1120,8 +1431,7 @@ client = 29-version-negotiation-client [29-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [29-version-negotiation-client] @@ -1147,8 +1457,7 @@ client = 30-version-negotiation-client [30-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [30-version-negotiation-client] @@ -1174,8 +1483,6 @@ client = 31-version-negotiation-client [31-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [31-version-negotiation-client] @@ -1201,7 +1508,8 @@ client = 32-version-negotiation-client [32-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [32-version-negotiation-client] @@ -1211,8 +1519,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-32] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1227,8 +1534,8 @@ client = 33-version-negotiation-client [33-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [33-version-negotiation-client] @@ -1238,7 +1545,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-33] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1253,8 +1561,8 @@ client = 34-version-negotiation-client [34-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [34-version-negotiation-client] @@ -1264,7 +1572,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-34] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1279,7 +1588,8 @@ client = 35-version-negotiation-client [35-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [35-version-negotiation-client] @@ -1289,7 +1599,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-35] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1304,8 +1615,8 @@ client = 36-version-negotiation-client [36-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [36-version-negotiation-client] @@ -1315,7 +1626,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-36] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1330,7 +1642,7 @@ client = 37-version-negotiation-client [37-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [37-version-negotiation-client] @@ -1340,7 +1652,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-37] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1355,17 +1668,19 @@ client = 38-version-negotiation-client [38-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [38-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-38] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1380,12 +1695,13 @@ client = 39-version-negotiation-client [39-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [39-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1406,17 +1722,18 @@ client = 40-version-negotiation-client [40-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [40-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-40] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -1432,17 +1749,18 @@ client = 41-version-negotiation-client [41-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [41-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-41] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -1458,16 +1776,17 @@ client = 42-version-negotiation-client [42-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [42-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-42] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -1483,13 +1802,13 @@ client = 43-version-negotiation-client [43-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [43-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1509,19 +1828,18 @@ client = 44-version-negotiation-client [44-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [44-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-44] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1536,19 +1854,18 @@ client = 45-version-negotiation-client [45-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [45-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-45] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1563,19 +1880,17 @@ client = 46-version-negotiation-client [46-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [46-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-46] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1590,18 +1905,18 @@ client = 47-version-negotiation-client [47-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [47-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-47] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1616,19 +1931,18 @@ client = 48-version-negotiation-client [48-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [48-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-48] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1643,19 +1957,17 @@ client = 49-version-negotiation-client [49-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [49-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-49] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1670,19 +1982,18 @@ client = 50-version-negotiation-client [50-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [50-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-50] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1697,18 +2008,17 @@ client = 51-version-negotiation-client [51-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [51-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-51] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1723,8 +2033,7 @@ client = 52-version-negotiation-client [52-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [52-version-negotiation-client] @@ -1734,8 +2043,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-52] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1750,8 +2058,7 @@ client = 53-version-negotiation-client [53-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [53-version-negotiation-client] @@ -1761,7 +2068,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-53] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -1777,7 +2084,7 @@ client = 54-version-negotiation-client [54-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [54-version-negotiation-client] @@ -1804,7 +2111,6 @@ client = 55-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [55-version-negotiation-client] @@ -1814,7 +2120,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-55] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1829,7 +2136,7 @@ client = 56-version-negotiation-client [56-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [56-version-negotiation-client] @@ -1839,7 +2146,8 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-56] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1854,17 +2162,17 @@ client = 57-version-negotiation-client [57-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [57-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-57] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1879,18 +2187,18 @@ client = 58-version-negotiation-client [58-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [58-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-58] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1905,17 +2213,18 @@ client = 59-version-negotiation-client [59-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [59-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-59] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -1931,17 +2240,18 @@ client = 60-version-negotiation-client [60-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [60-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-60] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -1957,16 +2267,18 @@ client = 61-version-negotiation-client [61-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [61-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-61] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -1982,18 +2294,19 @@ client = 62-version-negotiation-client [62-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [62-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-62] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -2008,18 +2321,17 @@ client = 63-version-negotiation-client [63-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [63-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-63] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2035,18 +2347,18 @@ client = 64-version-negotiation-client [64-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [64-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-64] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -2062,18 +2374,18 @@ client = 65-version-negotiation-client [65-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [65-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-65] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2089,17 +2401,18 @@ client = 66-version-negotiation-client [66-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [66-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-66] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2115,18 +2428,18 @@ client = 67-version-negotiation-client [67-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [67-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-67] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2142,13 +2455,12 @@ client = 68-version-negotiation-client [68-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [68-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2169,18 +2481,18 @@ client = 69-version-negotiation-client [69-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [69-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-69] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2196,17 +2508,18 @@ client = 70-version-negotiation-client [70-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [70-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-70] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2222,13 +2535,13 @@ client = 71-version-negotiation-client [71-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [71-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2249,18 +2562,17 @@ client = 72-version-negotiation-client [72-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [72-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-72] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2276,18 +2588,18 @@ client = 73-version-negotiation-client [73-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [73-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-73] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2302,19 +2614,18 @@ client = 74-version-negotiation-client [74-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [74-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-74] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2334,13 +2645,12 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [75-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-75] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2355,11 +2665,13 @@ client = 76-version-negotiation-client [76-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [76-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2379,17 +2691,17 @@ client = 77-version-negotiation-client [77-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [77-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-77] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2404,17 +2716,17 @@ client = 78-version-negotiation-client [78-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [78-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-78] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2429,16 +2741,17 @@ client = 79-version-negotiation-client [79-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [79-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-79] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -2454,15 +2767,17 @@ client = 80-version-negotiation-client [80-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [80-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-80] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2478,17 +2793,18 @@ client = 81-version-negotiation-client [81-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [81-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-81] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2503,17 +2819,17 @@ client = 82-version-negotiation-client [82-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [82-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-82] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -2529,17 +2845,16 @@ client = 83-version-negotiation-client [83-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [83-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-83] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -2555,18 +2870,18 @@ client = 84-version-negotiation-client [84-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [84-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-84] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2581,16 +2896,18 @@ client = 85-version-negotiation-client [85-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [85-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-85] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -2606,17 +2923,18 @@ client = 86-version-negotiation-client [86-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [86-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-86] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2632,17 +2950,18 @@ client = 87-version-negotiation-client [87-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [87-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-87] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -2658,12 +2977,13 @@ client = 88-version-negotiation-client [88-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [88-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2684,11 +3004,12 @@ client = 89-version-negotiation-client [89-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [89-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2709,17 +3030,18 @@ client = 90-version-negotiation-client [90-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [90-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-90] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -2735,17 +3057,18 @@ client = 91-version-negotiation-client [91-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [91-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-91] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2761,11 +3084,13 @@ client = 92-version-negotiation-client [92-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [92-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2786,12 +3111,13 @@ client = 93-version-negotiation-client [93-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [93-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2812,11 +3138,12 @@ client = 94-version-negotiation-client [94-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [94-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2837,18 +3164,19 @@ client = 95-version-negotiation-client [95-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [95-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-95] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -2863,18 +3191,19 @@ client = 96-version-negotiation-client [96-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [96-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-96] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2889,18 +3218,19 @@ client = 97-version-negotiation-client [97-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [97-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-97] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2915,18 +3245,18 @@ client = 98-version-negotiation-client [98-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [98-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-98] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2941,17 +3271,19 @@ client = 99-version-negotiation-client [99-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [99-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-99] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2966,19 +3298,19 @@ client = 100-version-negotiation-client [100-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [100-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-100] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2993,19 +3325,18 @@ client = 101-version-negotiation-client [101-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [101-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-101] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -3020,19 +3351,18 @@ client = 102-version-negotiation-client [102-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [102-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-102] -ExpectedResult = InternalError +ExpectedResult = ServerFail # =========================================================== @@ -3047,19 +3377,17 @@ client = 103-version-negotiation-client [103-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [103-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-103] -ExpectedResult = InternalError +ExpectedResult = ServerFail # =========================================================== @@ -3074,18 +3402,17 @@ client = 104-version-negotiation-client [104-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [104-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-104] -ExpectedResult = InternalError +ExpectedResult = ServerFail # =========================================================== @@ -3101,18 +3428,17 @@ client = 105-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [105-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-105] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -3128,18 +3454,17 @@ client = 106-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [106-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-106] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -3155,18 +3480,17 @@ client = 107-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [107-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-107] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -3181,18 +3505,18 @@ client = 108-version-negotiation-client [108-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [108-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-108] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -3207,19 +3531,17 @@ client = 109-version-negotiation-client [109-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [109-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-109] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -3234,19 +3556,18 @@ client = 110-version-negotiation-client [110-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [110-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-110] -ExpectedResult = InternalError +ExpectedResult = ServerFail # =========================================================== @@ -3261,18 +3582,19 @@ client = 111-version-negotiation-client [111-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [111-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-111] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -3287,19 +3609,19 @@ client = 112-version-negotiation-client [112-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [112-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-112] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -3314,18 +3636,19 @@ client = 113-version-negotiation-client [113-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [113-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-113] -ExpectedResult = InternalError +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -3340,18 +3663,19 @@ client = 114-version-negotiation-client [114-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [114-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-114] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -3366,18 +3690,17 @@ client = 115-version-negotiation-client [115-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [115-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-115] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3393,13 +3716,13 @@ client = 116-version-negotiation-client [116-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [116-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -3420,18 +3743,18 @@ client = 117-version-negotiation-client [117-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [117-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-117] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -3447,17 +3770,18 @@ client = 118-version-negotiation-client [118-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [118-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-118] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3473,19 +3797,19 @@ client = 119-version-negotiation-client [119-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [119-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-119] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -3500,19 +3824,17 @@ client = 120-version-negotiation-client [120-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [120-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-120] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3529,18 +3851,17 @@ client = 121-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [121-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-121] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -3557,18 +3878,17 @@ client = 122-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [122-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-122] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3584,18 +3904,18 @@ client = 123-version-negotiation-client [123-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [123-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-123] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3611,19 +3931,17 @@ client = 124-version-negotiation-client [124-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [124-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-124] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3639,19 +3957,18 @@ client = 125-version-negotiation-client [125-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [125-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-125] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3667,19 +3984,18 @@ client = 126-version-negotiation-client [126-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [126-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-126] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3695,18 +4011,17 @@ client = 127-version-negotiation-client [127-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [127-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-127] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3722,19 +4037,19 @@ client = 128-version-negotiation-client [128-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [128-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-128] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -3749,19 +4064,18 @@ client = 129-version-negotiation-client [129-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [129-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-129] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -3776,13 +4090,11 @@ client = 130-version-negotiation-client [130-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [130-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -3802,19 +4114,17 @@ client = 131-version-negotiation-client [131-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [131-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-131] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -3829,18 +4139,17 @@ client = 132-version-negotiation-client [132-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [132-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-132] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -3855,18 +4164,17 @@ client = 133-version-negotiation-client [133-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [133-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-133] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -3881,18 +4189,16 @@ client = 134-version-negotiation-client [134-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [134-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-134] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3908,18 +4214,15 @@ client = 135-version-negotiation-client [135-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [135-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-135] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3935,19 +4238,17 @@ client = 136-version-negotiation-client [136-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [136-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-136] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -3962,17 +4263,17 @@ client = 137-version-negotiation-client [137-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [137-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-137] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -3988,19 +4289,18 @@ client = 138-version-negotiation-client [138-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [138-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-138] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -4015,19 +4315,17 @@ client = 139-version-negotiation-client [139-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [139-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-139] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4043,19 +4341,17 @@ client = 140-version-negotiation-client [140-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [140-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-140] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4071,19 +4367,16 @@ client = 141-version-negotiation-client [141-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [141-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-141] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4099,18 +4392,17 @@ client = 142-version-negotiation-client [142-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [142-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-142] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -4126,19 +4418,17 @@ client = 143-version-negotiation-client [143-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [143-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-143] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -4154,19 +4444,17 @@ client = 144-version-negotiation-client [144-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [144-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-144] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4182,19 +4470,17 @@ client = 145-version-negotiation-client [145-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [145-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-145] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4215,13 +4501,11 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [146-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-146] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4243,8 +4527,6 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [147-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -4271,13 +4553,11 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [148-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-148] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4293,18 +4573,17 @@ client = 149-version-negotiation-client [149-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [149-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-149] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4320,19 +4599,17 @@ client = 150-version-negotiation-client [150-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [150-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-150] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -4347,18 +4624,18 @@ client = 151-version-negotiation-client [151-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [151-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-151] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -4373,18 +4650,18 @@ client = 152-version-negotiation-client [152-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [152-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-152] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -4399,18 +4676,16 @@ client = 153-version-negotiation-client [153-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [153-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-153] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4426,18 +4701,17 @@ client = 154-version-negotiation-client [154-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [154-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-154] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4453,18 +4727,16 @@ client = 155-version-negotiation-client [155-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [155-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-155] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -4480,18 +4752,18 @@ client = 156-version-negotiation-client [156-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [156-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-156] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4506,19 +4778,18 @@ client = 157-version-negotiation-client [157-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [157-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-157] -ExpectedResult = ServerFail +ExpectedResult = InternalError # =========================================================== @@ -4533,20 +4804,18 @@ client = 158-version-negotiation-client [158-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [158-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-158] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4561,20 +4830,18 @@ client = 159-version-negotiation-client [159-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [159-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-159] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4589,20 +4856,18 @@ client = 160-version-negotiation-client [160-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [160-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-160] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4617,19 +4882,17 @@ client = 161-version-negotiation-client [161-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [161-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-161] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4644,20 +4907,19 @@ client = 162-version-negotiation-client [162-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [162-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-162] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4672,20 +4934,19 @@ client = 163-version-negotiation-client [163-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [163-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-163] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4700,20 +4961,19 @@ client = 164-version-negotiation-client [164-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [164-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-164] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4728,19 +4988,19 @@ client = 165-version-negotiation-client [165-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [165-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-165] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4755,20 +5015,19 @@ client = 166-version-negotiation-client [166-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [166-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-166] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4783,20 +5042,18 @@ client = 167-version-negotiation-client [167-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [167-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-167] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4811,19 +5068,19 @@ client = 168-version-negotiation-client [168-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [168-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-168] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4838,20 +5095,19 @@ client = 169-version-negotiation-client [169-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [169-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-169] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4866,19 +5122,19 @@ client = 170-version-negotiation-client [170-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [170-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-170] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4893,17 +5149,19 @@ client = 171-version-negotiation-client [171-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [171-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-171] -ExpectedResult = ServerFail +ExpectedResult = InternalError # =========================================================== @@ -4918,18 +5176,18 @@ client = 172-version-negotiation-client [172-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [172-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-172] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4945,17 +5203,18 @@ client = 173-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [173-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-173] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4971,17 +5230,18 @@ client = 174-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [174-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-174] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -4996,17 +5256,19 @@ client = 175-version-negotiation-client [175-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [175-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-175] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -5021,18 +5283,18 @@ client = 176-version-negotiation-client [176-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [176-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-176] -ExpectedResult = ServerFail +ExpectedResult = InternalError # =========================================================== @@ -5047,19 +5309,19 @@ client = 177-version-negotiation-client [177-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [177-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-177] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -5074,19 +5336,19 @@ client = 178-version-negotiation-client [178-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [178-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-178] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -5101,19 +5363,18 @@ client = 179-version-negotiation-client [179-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [179-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-179] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -5128,18 +5389,19 @@ client = 180-version-negotiation-client [180-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [180-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-180] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -5154,19 +5416,18 @@ client = 181-version-negotiation-client [181-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [181-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = SSLv3 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-181] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = InternalError # =========================================================== @@ -5181,19 +5442,18 @@ client = 182-version-negotiation-client [182-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [182-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-182] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5208,18 +5468,18 @@ client = 183-version-negotiation-client [183-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [183-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-183] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5235,17 +5495,18 @@ client = 184-version-negotiation-client [184-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [184-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-184] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5261,18 +5522,18 @@ client = 185-version-negotiation-client [185-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [185-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-185] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5288,18 +5549,18 @@ client = 186-version-negotiation-client [186-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [186-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-186] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5315,17 +5576,17 @@ client = 187-version-negotiation-client [187-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [187-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-187] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5341,19 +5602,19 @@ client = 188-version-negotiation-client [188-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [188-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-188] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5368,17 +5629,19 @@ client = 189-version-negotiation-client [189-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [189-version-negotiation-client] CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-189] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -5394,18 +5657,20 @@ client = 190-version-negotiation-client [190-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [190-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-190] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -5420,13 +5685,14 @@ client = 191-version-negotiation-client [191-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [191-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5447,13 +5713,14 @@ client = 192-version-negotiation-client [192-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [192-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5474,13 +5741,13 @@ client = 193-version-negotiation-client [193-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [193-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5501,12 +5768,14 @@ client = 194-version-negotiation-client [194-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [194-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5527,19 +5796,20 @@ client = 195-version-negotiation-client [195-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [195-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-195] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -5554,14 +5824,14 @@ client = 196-version-negotiation-client [196-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [196-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5582,14 +5852,14 @@ client = 197-version-negotiation-client [197-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [197-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5610,14 +5880,13 @@ client = 198-version-negotiation-client [198-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [198-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5638,19 +5907,19 @@ client = 199-version-negotiation-client [199-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [199-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-199] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5665,20 +5934,19 @@ client = 200-version-negotiation-client [200-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [200-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-200] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5693,20 +5961,19 @@ client = 201-version-negotiation-client [201-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [201-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-201] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5721,20 +5988,18 @@ client = 202-version-negotiation-client [202-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [202-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-202] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5749,19 +6014,19 @@ client = 203-version-negotiation-client [203-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [203-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-203] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -5776,14 +6041,14 @@ client = 204-version-negotiation-client [204-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [204-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5803,14 +6068,13 @@ client = 205-version-negotiation-client [205-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [205-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5830,13 +6094,14 @@ client = 206-version-negotiation-client [206-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [206-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5856,14 +6121,13 @@ client = 207-version-negotiation-client [207-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [207-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5883,13 +6147,13 @@ client = 208-version-negotiation-client [208-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [208-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5909,18 +6173,19 @@ client = 209-version-negotiation-client [209-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [209-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-209] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -5935,18 +6200,18 @@ client = 210-version-negotiation-client [210-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [210-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-210] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -5962,13 +6227,13 @@ client = 211-version-negotiation-client [211-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [211-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -5989,13 +6254,13 @@ client = 212-version-negotiation-client [212-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [212-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6021,7 +6286,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [213-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6049,7 +6314,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [214-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6076,7 +6341,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [215-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6104,7 +6369,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [216-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6132,7 +6397,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [217-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6153,13 +6418,14 @@ client = 218-version-negotiation-client [218-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [218-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6180,19 +6446,18 @@ client = 219-version-negotiation-client [219-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [219-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-219] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -6208,19 +6473,19 @@ client = 220-version-negotiation-client [220-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [220-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-220] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -6236,14 +6501,14 @@ client = 221-version-negotiation-client [221-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [221-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6264,13 +6529,14 @@ client = 222-version-negotiation-client [222-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [222-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6291,14 +6557,14 @@ client = 223-version-negotiation-client [223-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [223-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6319,14 +6585,13 @@ client = 224-version-negotiation-client [224-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [224-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6347,13 +6612,14 @@ client = 225-version-negotiation-client [225-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [225-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6375,18 +6641,19 @@ client = 226-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [226-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-226] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -6401,18 +6668,20 @@ client = 227-version-negotiation-client [227-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [227-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-227] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -6427,18 +6696,19 @@ client = 228-version-negotiation-client [228-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [228-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-228] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -6453,19 +6723,19 @@ client = 229-version-negotiation-client [229-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [229-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-229] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6480,19 +6750,19 @@ client = 230-version-negotiation-client [230-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [230-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-230] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6507,19 +6777,18 @@ client = 231-version-negotiation-client [231-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [231-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-231] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6534,18 +6803,19 @@ client = 232-version-negotiation-client [232-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [232-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-232] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6560,14 +6830,13 @@ client = 233-version-negotiation-client [233-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [233-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6587,20 +6856,18 @@ client = 234-version-negotiation-client [234-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [234-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-234] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6615,19 +6882,18 @@ client = 235-version-negotiation-client [235-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [235-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-235] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -6643,19 +6909,18 @@ client = 236-version-negotiation-client [236-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [236-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-236] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -6671,13 +6936,13 @@ client = 237-version-negotiation-client [237-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [237-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6698,19 +6963,18 @@ client = 238-version-negotiation-client [238-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [238-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-238] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6726,19 +6990,17 @@ client = 239-version-negotiation-client [239-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [239-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-239] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6754,20 +7016,19 @@ client = 240-version-negotiation-client [240-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [240-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-240] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6782,18 +7043,19 @@ client = 241-version-negotiation-client [241-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [241-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-241] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -6810,13 +7072,13 @@ client = 242-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [242-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6838,13 +7100,13 @@ client = 243-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [243-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6865,13 +7127,14 @@ client = 244-version-negotiation-client [244-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [244-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6892,14 +7155,13 @@ client = 245-version-negotiation-client [245-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [245-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6920,18 +7182,19 @@ client = 246-version-negotiation-client [246-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [246-version-negotiation-client] CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-246] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -6947,17 +7210,20 @@ client = 247-version-negotiation-client [247-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [247-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-247] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -6972,17 +7238,19 @@ client = 248-version-negotiation-client [248-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [248-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-248] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6998,17 +7266,19 @@ client = 249-version-negotiation-client [249-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [249-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-249] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7024,12 +7294,13 @@ client = 250-version-negotiation-client [250-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [250-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7050,16 +7321,19 @@ client = 251-version-negotiation-client [251-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [251-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-251] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -7075,18 +7349,20 @@ client = 252-version-negotiation-client [252-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [252-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-252] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -7101,18 +7377,19 @@ client = 253-version-negotiation-client [253-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [253-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-253] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7128,18 +7405,18 @@ client = 254-version-negotiation-client [254-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [254-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-254] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7156,12 +7433,13 @@ client = 255-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [255-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7182,12 +7460,14 @@ client = 256-version-negotiation-client [256-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [256-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7208,18 +7488,18 @@ client = 257-version-negotiation-client [257-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [257-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-257] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7235,19 +7515,19 @@ client = 258-version-negotiation-client [258-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [258-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-258] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -7262,19 +7542,18 @@ client = 259-version-negotiation-client [259-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [259-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-259] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -7289,18 +7568,18 @@ client = 260-version-negotiation-client [260-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [260-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-260] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -7315,18 +7594,18 @@ client = 261-version-negotiation-client [261-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [261-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-261] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -7342,18 +7621,18 @@ client = 262-version-negotiation-client [262-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [262-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-262] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -7369,12 +7648,13 @@ client = 263-version-negotiation-client [263-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [263-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7395,18 +7675,18 @@ client = 264-version-negotiation-client [264-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [264-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-264] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7422,17 +7702,17 @@ client = 265-version-negotiation-client [265-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [265-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-265] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7449,12 +7729,13 @@ client = 266-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [266-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7475,17 +7756,19 @@ client = 267-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [267-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-267] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -7501,12 +7784,13 @@ client = 268-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [268-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7528,17 +7812,18 @@ client = 269-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [269-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-269] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7554,17 +7839,19 @@ client = 270-version-negotiation-client [270-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [270-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-270] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7580,19 +7867,19 @@ client = 271-version-negotiation-client [271-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [271-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-271] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -7608,18 +7895,19 @@ client = 272-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [272-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-272] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -7635,13 +7923,13 @@ client = 273-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [273-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7663,18 +7951,18 @@ client = 274-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [274-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-274] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7690,18 +7978,19 @@ client = 275-version-negotiation-client [275-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [275-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-275] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7717,19 +8006,19 @@ client = 276-version-negotiation-client [276-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [276-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-276] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -7745,13 +8034,13 @@ client = 277-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [277-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7773,18 +8062,18 @@ client = 278-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [278-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-278] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7800,18 +8089,19 @@ client = 279-version-negotiation-client [279-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [279-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-279] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7827,19 +8117,18 @@ client = 280-version-negotiation-client [280-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [280-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-280] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7856,18 +8145,18 @@ client = 281-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [281-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-281] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7883,18 +8172,19 @@ client = 282-version-negotiation-client [282-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [282-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-282] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7910,19 +8200,19 @@ client = 283-version-negotiation-client [283-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [283-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-283] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -7937,18 +8227,20 @@ client = 284-version-negotiation-client [284-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [284-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-284] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -7963,18 +8255,19 @@ client = 285-version-negotiation-client [285-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [285-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-285] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -7989,18 +8282,17 @@ client = 286-version-negotiation-client [286-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [286-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-286] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -8015,18 +8307,17 @@ client = 287-version-negotiation-client [287-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [287-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-287] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8042,18 +8333,17 @@ client = 288-version-negotiation-client [288-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [288-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-288] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -8069,12 +8359,12 @@ client = 289-version-negotiation-client [289-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [289-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8095,19 +8385,18 @@ client = 290-version-negotiation-client [290-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [290-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-290] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -8122,19 +8411,17 @@ client = 291-version-negotiation-client [291-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [291-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-291] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -8149,20 +8436,18 @@ client = 292-version-negotiation-client [292-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = SSLv3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [292-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-292] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8177,19 +8462,18 @@ client = 293-version-negotiation-client [293-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [293-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-293] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8205,18 +8489,18 @@ client = 294-version-negotiation-client [294-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [294-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-294] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -8232,19 +8516,19 @@ client = 295-version-negotiation-client [295-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [295-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-295] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -8259,19 +8543,18 @@ client = 296-version-negotiation-client [296-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [296-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-296] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8287,19 +8570,17 @@ client = 297-version-negotiation-client [297-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [297-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-297] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8315,18 +8596,18 @@ client = 298-version-negotiation-client [298-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [298-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-298] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8343,13 +8624,12 @@ client = 299-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [299-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8371,13 +8651,12 @@ client = 300-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [300-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8398,18 +8677,18 @@ client = 301-version-negotiation-client [301-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [301-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-301] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8425,19 +8704,17 @@ client = 302-version-negotiation-client [302-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [302-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-302] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8453,18 +8730,18 @@ client = 303-version-negotiation-client [303-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [303-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-303] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -8480,17 +8757,19 @@ client = 304-version-negotiation-client [304-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [304-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-304] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -8505,17 +8784,19 @@ client = 305-version-negotiation-client [305-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [305-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-305] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -8530,17 +8811,17 @@ client = 306-version-negotiation-client [306-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [306-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-306] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8557,11 +8838,12 @@ client = 307-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [307-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8582,16 +8864,18 @@ client = 308-version-negotiation-client [308-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [308-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-308] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8607,18 +8891,18 @@ client = 309-version-negotiation-client [309-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [309-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-309] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -8633,18 +8917,19 @@ client = 310-version-negotiation-client [310-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [310-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-310] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -8659,18 +8944,17 @@ client = 311-version-negotiation-client [311-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [311-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MinProtocol = SSLv3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-311] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8686,19 +8970,18 @@ client = 312-version-negotiation-client [312-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [312-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-312] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8713,17 +8996,18 @@ client = 313-version-negotiation-client [313-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [313-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-313] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8739,18 +9023,19 @@ client = 314-version-negotiation-client [314-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [314-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-314] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -8765,18 +9050,18 @@ client = 315-version-negotiation-client [315-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [315-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-315] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8792,18 +9077,18 @@ client = 316-version-negotiation-client [316-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [316-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-316] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8819,17 +9104,17 @@ client = 317-version-negotiation-client [317-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [317-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-317] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8845,19 +9130,19 @@ client = 318-version-negotiation-client [318-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [318-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-318] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8872,18 +9157,19 @@ client = 319-version-negotiation-client [319-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [319-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-319] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8899,17 +9185,19 @@ client = 320-version-negotiation-client [320-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [320-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-320] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8926,17 +9214,18 @@ client = 321-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [321-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-321] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8952,17 +9241,19 @@ client = 322-version-negotiation-client [322-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [322-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-322] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -8978,18 +9269,19 @@ client = 323-version-negotiation-client [323-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [323-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-323] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -9005,17 +9297,19 @@ client = 324-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [324-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-324] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -9031,17 +9325,19 @@ client = 325-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [325-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-325] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -9057,17 +9353,18 @@ client = 326-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [326-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-326] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -9083,17 +9380,19 @@ client = 327-version-negotiation-client [327-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [327-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-327] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -9109,19 +9408,19 @@ client = 328-version-negotiation-client [328-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [328-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-328] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -9136,19 +9435,19 @@ client = 329-version-negotiation-client [329-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [329-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-329] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9163,19 +9462,19 @@ client = 330-version-negotiation-client [330-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [330-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-330] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9190,20 +9489,19 @@ client = 331-version-negotiation-client [331-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [331-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-331] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9218,19 +9516,18 @@ client = 332-version-negotiation-client [332-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [332-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-332] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9245,19 +9542,19 @@ client = 333-version-negotiation-client [333-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [333-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-333] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9272,19 +9569,19 @@ client = 334-version-negotiation-client [334-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [334-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-334] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9299,20 +9596,18 @@ client = 335-version-negotiation-client [335-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [335-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-335] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9327,19 +9622,19 @@ client = 336-version-negotiation-client [336-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [336-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-336] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9354,19 +9649,18 @@ client = 337-version-negotiation-client [337-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [337-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-337] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9381,20 +9675,18 @@ client = 338-version-negotiation-client [338-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [338-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-338] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9409,18 +9701,18 @@ client = 339-version-negotiation-client [339-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [339-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-339] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -9436,19 +9728,18 @@ client = 340-version-negotiation-client [340-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [340-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-340] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9464,18 +9755,18 @@ client = 341-version-negotiation-client [341-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [341-version-negotiation-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-341] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9491,17 +9782,19 @@ client = 342-version-negotiation-client [342-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [342-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-342] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9516,17 +9809,18 @@ client = 343-version-negotiation-client [343-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [343-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-343] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9541,17 +9835,19 @@ client = 344-version-negotiation-client [344-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = SSLv3 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [344-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-344] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -9566,17 +9862,19 @@ client = 345-version-negotiation-client [345-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [345-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-345] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -9592,16 +9890,19 @@ client = 346-version-negotiation-client [346-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [346-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-346] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9617,18 +9918,20 @@ client = 347-version-negotiation-client [347-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.2 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [347-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-347] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9643,18 +9946,20 @@ client = 348-version-negotiation-client [348-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [348-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-348] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9669,18 +9974,19 @@ client = 349-version-negotiation-client [349-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [349-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-349] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9695,18 +10001,19 @@ client = 350-version-negotiation-client [350-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [350-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-350] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -9722,17 +10029,19 @@ client = 351-version-negotiation-client [351-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [351-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-351] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9748,18 +10057,20 @@ client = 352-version-negotiation-client [352-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [352-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-352] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9774,18 +10085,20 @@ client = 353-version-negotiation-client [353-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [353-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-353] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9800,18 +10113,18 @@ client = 354-version-negotiation-client [354-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [354-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-354] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9827,17 +10140,19 @@ client = 355-version-negotiation-client [355-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [355-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-355] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9853,18 +10168,20 @@ client = 356-version-negotiation-client [356-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [356-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-356] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -9879,18 +10196,19 @@ client = 357-version-negotiation-client [357-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [357-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-357] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9911,12 +10229,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [358-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-358] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -9938,13 +10257,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [359-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-359] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9959,17 +10278,8493 @@ client = 360-version-negotiation-client [360-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [360-version-negotiation-client] CipherString = DEFAULT -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-360] -ExpectedProtocol = TLSv1.2 +ExpectedResult = ServerFail + + +# =========================================================== + +[361-version-negotiation] +ssl_conf = 361-version-negotiation-ssl + +[361-version-negotiation-ssl] +server = 361-version-negotiation-server +client = 361-version-negotiation-client + +[361-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[361-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-361] +ExpectedResult = ServerFail + + +# =========================================================== + +[362-version-negotiation] +ssl_conf = 362-version-negotiation-ssl + +[362-version-negotiation-ssl] +server = 362-version-negotiation-server +client = 362-version-negotiation-client + +[362-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[362-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-362] +ExpectedResult = ServerFail + + +# =========================================================== + +[363-version-negotiation] +ssl_conf = 363-version-negotiation-ssl + +[363-version-negotiation-ssl] +server = 363-version-negotiation-server +client = 363-version-negotiation-client + +[363-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[363-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-363] +ExpectedResult = ServerFail + + +# =========================================================== + +[364-version-negotiation] +ssl_conf = 364-version-negotiation-ssl + +[364-version-negotiation-ssl] +server = 364-version-negotiation-server +client = 364-version-negotiation-client + +[364-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[364-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-364] +ExpectedResult = ServerFail + + +# =========================================================== + +[365-version-negotiation] +ssl_conf = 365-version-negotiation-ssl + +[365-version-negotiation-ssl] +server = 365-version-negotiation-server +client = 365-version-negotiation-client + +[365-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[365-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-365] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[366-version-negotiation] +ssl_conf = 366-version-negotiation-ssl + +[366-version-negotiation-ssl] +server = 366-version-negotiation-server +client = 366-version-negotiation-client + +[366-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[366-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-366] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[367-version-negotiation] +ssl_conf = 367-version-negotiation-ssl + +[367-version-negotiation-ssl] +server = 367-version-negotiation-server +client = 367-version-negotiation-client + +[367-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[367-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-367] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[368-version-negotiation] +ssl_conf = 368-version-negotiation-ssl + +[368-version-negotiation-ssl] +server = 368-version-negotiation-server +client = 368-version-negotiation-client + +[368-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[368-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-368] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[369-version-negotiation] +ssl_conf = 369-version-negotiation-ssl + +[369-version-negotiation-ssl] +server = 369-version-negotiation-server +client = 369-version-negotiation-client + +[369-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[369-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-369] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[370-version-negotiation] +ssl_conf = 370-version-negotiation-ssl + +[370-version-negotiation-ssl] +server = 370-version-negotiation-server +client = 370-version-negotiation-client + +[370-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[370-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-370] +ExpectedResult = ServerFail + + +# =========================================================== + +[371-version-negotiation] +ssl_conf = 371-version-negotiation-ssl + +[371-version-negotiation-ssl] +server = 371-version-negotiation-server +client = 371-version-negotiation-client + +[371-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[371-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-371] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[372-version-negotiation] +ssl_conf = 372-version-negotiation-ssl + +[372-version-negotiation-ssl] +server = 372-version-negotiation-server +client = 372-version-negotiation-client + +[372-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[372-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-372] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[373-version-negotiation] +ssl_conf = 373-version-negotiation-ssl + +[373-version-negotiation-ssl] +server = 373-version-negotiation-server +client = 373-version-negotiation-client + +[373-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[373-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-373] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[374-version-negotiation] +ssl_conf = 374-version-negotiation-ssl + +[374-version-negotiation-ssl] +server = 374-version-negotiation-server +client = 374-version-negotiation-client + +[374-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[374-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-374] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[375-version-negotiation] +ssl_conf = 375-version-negotiation-ssl + +[375-version-negotiation-ssl] +server = 375-version-negotiation-server +client = 375-version-negotiation-client + +[375-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[375-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-375] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[376-version-negotiation] +ssl_conf = 376-version-negotiation-ssl + +[376-version-negotiation-ssl] +server = 376-version-negotiation-server +client = 376-version-negotiation-client + +[376-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[376-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-376] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[377-version-negotiation] +ssl_conf = 377-version-negotiation-ssl + +[377-version-negotiation-ssl] +server = 377-version-negotiation-server +client = 377-version-negotiation-client + +[377-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[377-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-377] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[378-version-negotiation] +ssl_conf = 378-version-negotiation-ssl + +[378-version-negotiation-ssl] +server = 378-version-negotiation-server +client = 378-version-negotiation-client + +[378-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[378-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-378] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[379-version-negotiation] +ssl_conf = 379-version-negotiation-ssl + +[379-version-negotiation-ssl] +server = 379-version-negotiation-server +client = 379-version-negotiation-client + +[379-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[379-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-379] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[380-version-negotiation] +ssl_conf = 380-version-negotiation-ssl + +[380-version-negotiation-ssl] +server = 380-version-negotiation-server +client = 380-version-negotiation-client + +[380-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[380-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-380] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[381-version-negotiation] +ssl_conf = 381-version-negotiation-ssl + +[381-version-negotiation-ssl] +server = 381-version-negotiation-server +client = 381-version-negotiation-client + +[381-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[381-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-381] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[382-version-negotiation] +ssl_conf = 382-version-negotiation-ssl + +[382-version-negotiation-ssl] +server = 382-version-negotiation-server +client = 382-version-negotiation-client + +[382-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[382-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-382] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[383-version-negotiation] +ssl_conf = 383-version-negotiation-ssl + +[383-version-negotiation-ssl] +server = 383-version-negotiation-server +client = 383-version-negotiation-client + +[383-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[383-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-383] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[384-version-negotiation] +ssl_conf = 384-version-negotiation-ssl + +[384-version-negotiation-ssl] +server = 384-version-negotiation-server +client = 384-version-negotiation-client + +[384-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[384-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-384] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[385-version-negotiation] +ssl_conf = 385-version-negotiation-ssl + +[385-version-negotiation-ssl] +server = 385-version-negotiation-server +client = 385-version-negotiation-client + +[385-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[385-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-385] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[386-version-negotiation] +ssl_conf = 386-version-negotiation-ssl + +[386-version-negotiation-ssl] +server = 386-version-negotiation-server +client = 386-version-negotiation-client + +[386-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[386-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-386] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[387-version-negotiation] +ssl_conf = 387-version-negotiation-ssl + +[387-version-negotiation-ssl] +server = 387-version-negotiation-server +client = 387-version-negotiation-client + +[387-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[387-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-387] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[388-version-negotiation] +ssl_conf = 388-version-negotiation-ssl + +[388-version-negotiation-ssl] +server = 388-version-negotiation-server +client = 388-version-negotiation-client + +[388-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[388-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-388] +ExpectedResult = ServerFail + + +# =========================================================== + +[389-version-negotiation] +ssl_conf = 389-version-negotiation-ssl + +[389-version-negotiation-ssl] +server = 389-version-negotiation-server +client = 389-version-negotiation-client + +[389-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[389-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-389] +ExpectedResult = ServerFail + + +# =========================================================== + +[390-version-negotiation] +ssl_conf = 390-version-negotiation-ssl + +[390-version-negotiation-ssl] +server = 390-version-negotiation-server +client = 390-version-negotiation-client + +[390-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[390-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-390] +ExpectedResult = ServerFail + + +# =========================================================== + +[391-version-negotiation] +ssl_conf = 391-version-negotiation-ssl + +[391-version-negotiation-ssl] +server = 391-version-negotiation-server +client = 391-version-negotiation-client + +[391-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[391-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-391] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[392-version-negotiation] +ssl_conf = 392-version-negotiation-ssl + +[392-version-negotiation-ssl] +server = 392-version-negotiation-server +client = 392-version-negotiation-client + +[392-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[392-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-392] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[393-version-negotiation] +ssl_conf = 393-version-negotiation-ssl + +[393-version-negotiation-ssl] +server = 393-version-negotiation-server +client = 393-version-negotiation-client + +[393-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[393-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-393] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[394-version-negotiation] +ssl_conf = 394-version-negotiation-ssl + +[394-version-negotiation-ssl] +server = 394-version-negotiation-server +client = 394-version-negotiation-client + +[394-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[394-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-394] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[395-version-negotiation] +ssl_conf = 395-version-negotiation-ssl + +[395-version-negotiation-ssl] +server = 395-version-negotiation-server +client = 395-version-negotiation-client + +[395-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[395-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-395] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[396-version-negotiation] +ssl_conf = 396-version-negotiation-ssl + +[396-version-negotiation-ssl] +server = 396-version-negotiation-server +client = 396-version-negotiation-client + +[396-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[396-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-396] +ExpectedResult = ServerFail + + +# =========================================================== + +[397-version-negotiation] +ssl_conf = 397-version-negotiation-ssl + +[397-version-negotiation-ssl] +server = 397-version-negotiation-server +client = 397-version-negotiation-client + +[397-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[397-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-397] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[398-version-negotiation] +ssl_conf = 398-version-negotiation-ssl + +[398-version-negotiation-ssl] +server = 398-version-negotiation-server +client = 398-version-negotiation-client + +[398-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[398-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-398] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[399-version-negotiation] +ssl_conf = 399-version-negotiation-ssl + +[399-version-negotiation-ssl] +server = 399-version-negotiation-server +client = 399-version-negotiation-client + +[399-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[399-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-399] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[400-version-negotiation] +ssl_conf = 400-version-negotiation-ssl + +[400-version-negotiation-ssl] +server = 400-version-negotiation-server +client = 400-version-negotiation-client + +[400-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[400-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-400] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[401-version-negotiation] +ssl_conf = 401-version-negotiation-ssl + +[401-version-negotiation-ssl] +server = 401-version-negotiation-server +client = 401-version-negotiation-client + +[401-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[401-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-401] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[402-version-negotiation] +ssl_conf = 402-version-negotiation-ssl + +[402-version-negotiation-ssl] +server = 402-version-negotiation-server +client = 402-version-negotiation-client + +[402-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[402-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-402] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[403-version-negotiation] +ssl_conf = 403-version-negotiation-ssl + +[403-version-negotiation-ssl] +server = 403-version-negotiation-server +client = 403-version-negotiation-client + +[403-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[403-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-403] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[404-version-negotiation] +ssl_conf = 404-version-negotiation-ssl + +[404-version-negotiation-ssl] +server = 404-version-negotiation-server +client = 404-version-negotiation-client + +[404-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[404-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-404] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[405-version-negotiation] +ssl_conf = 405-version-negotiation-ssl + +[405-version-negotiation-ssl] +server = 405-version-negotiation-server +client = 405-version-negotiation-client + +[405-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[405-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-405] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[406-version-negotiation] +ssl_conf = 406-version-negotiation-ssl + +[406-version-negotiation-ssl] +server = 406-version-negotiation-server +client = 406-version-negotiation-client + +[406-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[406-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-406] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[407-version-negotiation] +ssl_conf = 407-version-negotiation-ssl + +[407-version-negotiation-ssl] +server = 407-version-negotiation-server +client = 407-version-negotiation-client + +[407-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[407-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-407] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[408-version-negotiation] +ssl_conf = 408-version-negotiation-ssl + +[408-version-negotiation-ssl] +server = 408-version-negotiation-server +client = 408-version-negotiation-client + +[408-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[408-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-408] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[409-version-negotiation] +ssl_conf = 409-version-negotiation-ssl + +[409-version-negotiation-ssl] +server = 409-version-negotiation-server +client = 409-version-negotiation-client + +[409-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[409-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-409] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[410-version-negotiation] +ssl_conf = 410-version-negotiation-ssl + +[410-version-negotiation-ssl] +server = 410-version-negotiation-server +client = 410-version-negotiation-client + +[410-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[410-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-410] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[411-version-negotiation] +ssl_conf = 411-version-negotiation-ssl + +[411-version-negotiation-ssl] +server = 411-version-negotiation-server +client = 411-version-negotiation-client + +[411-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[411-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-411] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[412-version-negotiation] +ssl_conf = 412-version-negotiation-ssl + +[412-version-negotiation-ssl] +server = 412-version-negotiation-server +client = 412-version-negotiation-client + +[412-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[412-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-412] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[413-version-negotiation] +ssl_conf = 413-version-negotiation-ssl + +[413-version-negotiation-ssl] +server = 413-version-negotiation-server +client = 413-version-negotiation-client + +[413-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[413-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-413] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[414-version-negotiation] +ssl_conf = 414-version-negotiation-ssl + +[414-version-negotiation-ssl] +server = 414-version-negotiation-server +client = 414-version-negotiation-client + +[414-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[414-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-414] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[415-version-negotiation] +ssl_conf = 415-version-negotiation-ssl + +[415-version-negotiation-ssl] +server = 415-version-negotiation-server +client = 415-version-negotiation-client + +[415-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[415-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-415] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[416-version-negotiation] +ssl_conf = 416-version-negotiation-ssl + +[416-version-negotiation-ssl] +server = 416-version-negotiation-server +client = 416-version-negotiation-client + +[416-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[416-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-416] +ExpectedResult = ServerFail + + +# =========================================================== + +[417-version-negotiation] +ssl_conf = 417-version-negotiation-ssl + +[417-version-negotiation-ssl] +server = 417-version-negotiation-server +client = 417-version-negotiation-client + +[417-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[417-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-417] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[418-version-negotiation] +ssl_conf = 418-version-negotiation-ssl + +[418-version-negotiation-ssl] +server = 418-version-negotiation-server +client = 418-version-negotiation-client + +[418-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[418-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-418] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[419-version-negotiation] +ssl_conf = 419-version-negotiation-ssl + +[419-version-negotiation-ssl] +server = 419-version-negotiation-server +client = 419-version-negotiation-client + +[419-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[419-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-419] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[420-version-negotiation] +ssl_conf = 420-version-negotiation-ssl + +[420-version-negotiation-ssl] +server = 420-version-negotiation-server +client = 420-version-negotiation-client + +[420-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[420-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-420] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[421-version-negotiation] +ssl_conf = 421-version-negotiation-ssl + +[421-version-negotiation-ssl] +server = 421-version-negotiation-server +client = 421-version-negotiation-client + +[421-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[421-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-421] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[422-version-negotiation] +ssl_conf = 422-version-negotiation-ssl + +[422-version-negotiation-ssl] +server = 422-version-negotiation-server +client = 422-version-negotiation-client + +[422-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[422-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-422] +ExpectedResult = ServerFail + + +# =========================================================== + +[423-version-negotiation] +ssl_conf = 423-version-negotiation-ssl + +[423-version-negotiation-ssl] +server = 423-version-negotiation-server +client = 423-version-negotiation-client + +[423-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[423-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-423] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[424-version-negotiation] +ssl_conf = 424-version-negotiation-ssl + +[424-version-negotiation-ssl] +server = 424-version-negotiation-server +client = 424-version-negotiation-client + +[424-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[424-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-424] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[425-version-negotiation] +ssl_conf = 425-version-negotiation-ssl + +[425-version-negotiation-ssl] +server = 425-version-negotiation-server +client = 425-version-negotiation-client + +[425-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[425-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-425] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[426-version-negotiation] +ssl_conf = 426-version-negotiation-ssl + +[426-version-negotiation-ssl] +server = 426-version-negotiation-server +client = 426-version-negotiation-client + +[426-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[426-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-426] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[427-version-negotiation] +ssl_conf = 427-version-negotiation-ssl + +[427-version-negotiation-ssl] +server = 427-version-negotiation-server +client = 427-version-negotiation-client + +[427-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[427-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-427] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[428-version-negotiation] +ssl_conf = 428-version-negotiation-ssl + +[428-version-negotiation-ssl] +server = 428-version-negotiation-server +client = 428-version-negotiation-client + +[428-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[428-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-428] +ExpectedProtocol = TLSv1 +ExpectedResult = Success + + +# =========================================================== + +[429-version-negotiation] +ssl_conf = 429-version-negotiation-ssl + +[429-version-negotiation-ssl] +server = 429-version-negotiation-server +client = 429-version-negotiation-client + +[429-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[429-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-429] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[430-version-negotiation] +ssl_conf = 430-version-negotiation-ssl + +[430-version-negotiation-ssl] +server = 430-version-negotiation-server +client = 430-version-negotiation-client + +[430-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[430-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-430] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[431-version-negotiation] +ssl_conf = 431-version-negotiation-ssl + +[431-version-negotiation-ssl] +server = 431-version-negotiation-server +client = 431-version-negotiation-client + +[431-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[431-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-431] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[432-version-negotiation] +ssl_conf = 432-version-negotiation-ssl + +[432-version-negotiation-ssl] +server = 432-version-negotiation-server +client = 432-version-negotiation-client + +[432-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[432-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-432] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[433-version-negotiation] +ssl_conf = 433-version-negotiation-ssl + +[433-version-negotiation-ssl] +server = 433-version-negotiation-server +client = 433-version-negotiation-client + +[433-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[433-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-433] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[434-version-negotiation] +ssl_conf = 434-version-negotiation-ssl + +[434-version-negotiation-ssl] +server = 434-version-negotiation-server +client = 434-version-negotiation-client + +[434-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[434-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-434] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[435-version-negotiation] +ssl_conf = 435-version-negotiation-ssl + +[435-version-negotiation-ssl] +server = 435-version-negotiation-server +client = 435-version-negotiation-client + +[435-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[435-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-435] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[436-version-negotiation] +ssl_conf = 436-version-negotiation-ssl + +[436-version-negotiation-ssl] +server = 436-version-negotiation-server +client = 436-version-negotiation-client + +[436-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[436-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-436] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[437-version-negotiation] +ssl_conf = 437-version-negotiation-ssl + +[437-version-negotiation-ssl] +server = 437-version-negotiation-server +client = 437-version-negotiation-client + +[437-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[437-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-437] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[438-version-negotiation] +ssl_conf = 438-version-negotiation-ssl + +[438-version-negotiation-ssl] +server = 438-version-negotiation-server +client = 438-version-negotiation-client + +[438-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[438-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-438] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[439-version-negotiation] +ssl_conf = 439-version-negotiation-ssl + +[439-version-negotiation-ssl] +server = 439-version-negotiation-server +client = 439-version-negotiation-client + +[439-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[439-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-439] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[440-version-negotiation] +ssl_conf = 440-version-negotiation-ssl + +[440-version-negotiation-ssl] +server = 440-version-negotiation-server +client = 440-version-negotiation-client + +[440-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[440-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-440] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[441-version-negotiation] +ssl_conf = 441-version-negotiation-ssl + +[441-version-negotiation-ssl] +server = 441-version-negotiation-server +client = 441-version-negotiation-client + +[441-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[441-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-441] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[442-version-negotiation] +ssl_conf = 442-version-negotiation-ssl + +[442-version-negotiation-ssl] +server = 442-version-negotiation-server +client = 442-version-negotiation-client + +[442-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[442-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-442] +ExpectedResult = ServerFail + + +# =========================================================== + +[443-version-negotiation] +ssl_conf = 443-version-negotiation-ssl + +[443-version-negotiation-ssl] +server = 443-version-negotiation-server +client = 443-version-negotiation-client + +[443-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[443-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-443] +ExpectedResult = ClientFail + + +# =========================================================== + +[444-version-negotiation] +ssl_conf = 444-version-negotiation-ssl + +[444-version-negotiation-ssl] +server = 444-version-negotiation-server +client = 444-version-negotiation-client + +[444-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[444-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-444] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[445-version-negotiation] +ssl_conf = 445-version-negotiation-ssl + +[445-version-negotiation-ssl] +server = 445-version-negotiation-server +client = 445-version-negotiation-client + +[445-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[445-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-445] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[446-version-negotiation] +ssl_conf = 446-version-negotiation-ssl + +[446-version-negotiation-ssl] +server = 446-version-negotiation-server +client = 446-version-negotiation-client + +[446-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[446-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-446] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[447-version-negotiation] +ssl_conf = 447-version-negotiation-ssl + +[447-version-negotiation-ssl] +server = 447-version-negotiation-server +client = 447-version-negotiation-client + +[447-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[447-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-447] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[448-version-negotiation] +ssl_conf = 448-version-negotiation-ssl + +[448-version-negotiation-ssl] +server = 448-version-negotiation-server +client = 448-version-negotiation-client + +[448-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[448-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-448] +ExpectedResult = ServerFail + + +# =========================================================== + +[449-version-negotiation] +ssl_conf = 449-version-negotiation-ssl + +[449-version-negotiation-ssl] +server = 449-version-negotiation-server +client = 449-version-negotiation-client + +[449-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[449-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-449] +ExpectedResult = ClientFail + + +# =========================================================== + +[450-version-negotiation] +ssl_conf = 450-version-negotiation-ssl + +[450-version-negotiation-ssl] +server = 450-version-negotiation-server +client = 450-version-negotiation-client + +[450-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[450-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-450] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[451-version-negotiation] +ssl_conf = 451-version-negotiation-ssl + +[451-version-negotiation-ssl] +server = 451-version-negotiation-server +client = 451-version-negotiation-client + +[451-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[451-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-451] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[452-version-negotiation] +ssl_conf = 452-version-negotiation-ssl + +[452-version-negotiation-ssl] +server = 452-version-negotiation-server +client = 452-version-negotiation-client + +[452-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[452-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-452] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[453-version-negotiation] +ssl_conf = 453-version-negotiation-ssl + +[453-version-negotiation-ssl] +server = 453-version-negotiation-server +client = 453-version-negotiation-client + +[453-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[453-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-453] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[454-version-negotiation] +ssl_conf = 454-version-negotiation-ssl + +[454-version-negotiation-ssl] +server = 454-version-negotiation-server +client = 454-version-negotiation-client + +[454-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[454-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-454] +ExpectedResult = ClientFail + + +# =========================================================== + +[455-version-negotiation] +ssl_conf = 455-version-negotiation-ssl + +[455-version-negotiation-ssl] +server = 455-version-negotiation-server +client = 455-version-negotiation-client + +[455-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[455-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-455] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[456-version-negotiation] +ssl_conf = 456-version-negotiation-ssl + +[456-version-negotiation-ssl] +server = 456-version-negotiation-server +client = 456-version-negotiation-client + +[456-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[456-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-456] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[457-version-negotiation] +ssl_conf = 457-version-negotiation-ssl + +[457-version-negotiation-ssl] +server = 457-version-negotiation-server +client = 457-version-negotiation-client + +[457-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[457-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-457] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[458-version-negotiation] +ssl_conf = 458-version-negotiation-ssl + +[458-version-negotiation-ssl] +server = 458-version-negotiation-server +client = 458-version-negotiation-client + +[458-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[458-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-458] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[459-version-negotiation] +ssl_conf = 459-version-negotiation-ssl + +[459-version-negotiation-ssl] +server = 459-version-negotiation-server +client = 459-version-negotiation-client + +[459-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[459-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-459] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[460-version-negotiation] +ssl_conf = 460-version-negotiation-ssl + +[460-version-negotiation-ssl] +server = 460-version-negotiation-server +client = 460-version-negotiation-client + +[460-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[460-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-460] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[461-version-negotiation] +ssl_conf = 461-version-negotiation-ssl + +[461-version-negotiation-ssl] +server = 461-version-negotiation-server +client = 461-version-negotiation-client + +[461-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[461-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-461] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[462-version-negotiation] +ssl_conf = 462-version-negotiation-ssl + +[462-version-negotiation-ssl] +server = 462-version-negotiation-server +client = 462-version-negotiation-client + +[462-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[462-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-462] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[463-version-negotiation] +ssl_conf = 463-version-negotiation-ssl + +[463-version-negotiation-ssl] +server = 463-version-negotiation-server +client = 463-version-negotiation-client + +[463-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[463-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-463] +ExpectedResult = ServerFail + + +# =========================================================== + +[464-version-negotiation] +ssl_conf = 464-version-negotiation-ssl + +[464-version-negotiation-ssl] +server = 464-version-negotiation-server +client = 464-version-negotiation-client + +[464-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[464-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-464] +ExpectedResult = ServerFail + + +# =========================================================== + +[465-version-negotiation] +ssl_conf = 465-version-negotiation-ssl + +[465-version-negotiation-ssl] +server = 465-version-negotiation-server +client = 465-version-negotiation-client + +[465-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[465-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-465] +ExpectedResult = ServerFail + + +# =========================================================== + +[466-version-negotiation] +ssl_conf = 466-version-negotiation-ssl + +[466-version-negotiation-ssl] +server = 466-version-negotiation-server +client = 466-version-negotiation-client + +[466-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[466-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-466] +ExpectedResult = ServerFail + + +# =========================================================== + +[467-version-negotiation] +ssl_conf = 467-version-negotiation-ssl + +[467-version-negotiation-ssl] +server = 467-version-negotiation-server +client = 467-version-negotiation-client + +[467-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[467-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-467] +ExpectedResult = ServerFail + + +# =========================================================== + +[468-version-negotiation] +ssl_conf = 468-version-negotiation-ssl + +[468-version-negotiation-ssl] +server = 468-version-negotiation-server +client = 468-version-negotiation-client + +[468-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[468-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-468] +ExpectedResult = ServerFail + + +# =========================================================== + +[469-version-negotiation] +ssl_conf = 469-version-negotiation-ssl + +[469-version-negotiation-ssl] +server = 469-version-negotiation-server +client = 469-version-negotiation-client + +[469-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[469-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-469] +ExpectedResult = ClientFail + + +# =========================================================== + +[470-version-negotiation] +ssl_conf = 470-version-negotiation-ssl + +[470-version-negotiation-ssl] +server = 470-version-negotiation-server +client = 470-version-negotiation-client + +[470-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[470-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-470] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[471-version-negotiation] +ssl_conf = 471-version-negotiation-ssl + +[471-version-negotiation-ssl] +server = 471-version-negotiation-server +client = 471-version-negotiation-client + +[471-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[471-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-471] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[472-version-negotiation] +ssl_conf = 472-version-negotiation-ssl + +[472-version-negotiation-ssl] +server = 472-version-negotiation-server +client = 472-version-negotiation-client + +[472-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[472-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-472] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[473-version-negotiation] +ssl_conf = 473-version-negotiation-ssl + +[473-version-negotiation-ssl] +server = 473-version-negotiation-server +client = 473-version-negotiation-client + +[473-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[473-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-473] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[474-version-negotiation] +ssl_conf = 474-version-negotiation-ssl + +[474-version-negotiation-ssl] +server = 474-version-negotiation-server +client = 474-version-negotiation-client + +[474-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[474-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-474] +ExpectedResult = ServerFail + + +# =========================================================== + +[475-version-negotiation] +ssl_conf = 475-version-negotiation-ssl + +[475-version-negotiation-ssl] +server = 475-version-negotiation-server +client = 475-version-negotiation-client + +[475-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[475-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-475] +ExpectedResult = ClientFail + + +# =========================================================== + +[476-version-negotiation] +ssl_conf = 476-version-negotiation-ssl + +[476-version-negotiation-ssl] +server = 476-version-negotiation-server +client = 476-version-negotiation-client + +[476-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[476-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-476] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[477-version-negotiation] +ssl_conf = 477-version-negotiation-ssl + +[477-version-negotiation-ssl] +server = 477-version-negotiation-server +client = 477-version-negotiation-client + +[477-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[477-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-477] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[478-version-negotiation] +ssl_conf = 478-version-negotiation-ssl + +[478-version-negotiation-ssl] +server = 478-version-negotiation-server +client = 478-version-negotiation-client + +[478-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[478-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-478] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[479-version-negotiation] +ssl_conf = 479-version-negotiation-ssl + +[479-version-negotiation-ssl] +server = 479-version-negotiation-server +client = 479-version-negotiation-client + +[479-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[479-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-479] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[480-version-negotiation] +ssl_conf = 480-version-negotiation-ssl + +[480-version-negotiation-ssl] +server = 480-version-negotiation-server +client = 480-version-negotiation-client + +[480-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[480-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-480] +ExpectedResult = ClientFail + + +# =========================================================== + +[481-version-negotiation] +ssl_conf = 481-version-negotiation-ssl + +[481-version-negotiation-ssl] +server = 481-version-negotiation-server +client = 481-version-negotiation-client + +[481-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[481-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-481] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[482-version-negotiation] +ssl_conf = 482-version-negotiation-ssl + +[482-version-negotiation-ssl] +server = 482-version-negotiation-server +client = 482-version-negotiation-client + +[482-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[482-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-482] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[483-version-negotiation] +ssl_conf = 483-version-negotiation-ssl + +[483-version-negotiation-ssl] +server = 483-version-negotiation-server +client = 483-version-negotiation-client + +[483-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[483-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-483] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[484-version-negotiation] +ssl_conf = 484-version-negotiation-ssl + +[484-version-negotiation-ssl] +server = 484-version-negotiation-server +client = 484-version-negotiation-client + +[484-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[484-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-484] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[485-version-negotiation] +ssl_conf = 485-version-negotiation-ssl + +[485-version-negotiation-ssl] +server = 485-version-negotiation-server +client = 485-version-negotiation-client + +[485-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[485-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-485] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[486-version-negotiation] +ssl_conf = 486-version-negotiation-ssl + +[486-version-negotiation-ssl] +server = 486-version-negotiation-server +client = 486-version-negotiation-client + +[486-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[486-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-486] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[487-version-negotiation] +ssl_conf = 487-version-negotiation-ssl + +[487-version-negotiation-ssl] +server = 487-version-negotiation-server +client = 487-version-negotiation-client + +[487-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[487-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-487] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[488-version-negotiation] +ssl_conf = 488-version-negotiation-ssl + +[488-version-negotiation-ssl] +server = 488-version-negotiation-server +client = 488-version-negotiation-client + +[488-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[488-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-488] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[489-version-negotiation] +ssl_conf = 489-version-negotiation-ssl + +[489-version-negotiation-ssl] +server = 489-version-negotiation-server +client = 489-version-negotiation-client + +[489-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[489-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-489] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[490-version-negotiation] +ssl_conf = 490-version-negotiation-ssl + +[490-version-negotiation-ssl] +server = 490-version-negotiation-server +client = 490-version-negotiation-client + +[490-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[490-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-490] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[491-version-negotiation] +ssl_conf = 491-version-negotiation-ssl + +[491-version-negotiation-ssl] +server = 491-version-negotiation-server +client = 491-version-negotiation-client + +[491-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[491-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-491] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[492-version-negotiation] +ssl_conf = 492-version-negotiation-ssl + +[492-version-negotiation-ssl] +server = 492-version-negotiation-server +client = 492-version-negotiation-client + +[492-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[492-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-492] +ExpectedResult = ServerFail + + +# =========================================================== + +[493-version-negotiation] +ssl_conf = 493-version-negotiation-ssl + +[493-version-negotiation-ssl] +server = 493-version-negotiation-server +client = 493-version-negotiation-client + +[493-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[493-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-493] +ExpectedResult = ServerFail + + +# =========================================================== + +[494-version-negotiation] +ssl_conf = 494-version-negotiation-ssl + +[494-version-negotiation-ssl] +server = 494-version-negotiation-server +client = 494-version-negotiation-client + +[494-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[494-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-494] +ExpectedResult = ServerFail + + +# =========================================================== + +[495-version-negotiation] +ssl_conf = 495-version-negotiation-ssl + +[495-version-negotiation-ssl] +server = 495-version-negotiation-server +client = 495-version-negotiation-client + +[495-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[495-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-495] +ExpectedResult = ClientFail + + +# =========================================================== + +[496-version-negotiation] +ssl_conf = 496-version-negotiation-ssl + +[496-version-negotiation-ssl] +server = 496-version-negotiation-server +client = 496-version-negotiation-client + +[496-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[496-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-496] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[497-version-negotiation] +ssl_conf = 497-version-negotiation-ssl + +[497-version-negotiation-ssl] +server = 497-version-negotiation-server +client = 497-version-negotiation-client + +[497-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[497-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-497] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[498-version-negotiation] +ssl_conf = 498-version-negotiation-ssl + +[498-version-negotiation-ssl] +server = 498-version-negotiation-server +client = 498-version-negotiation-client + +[498-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[498-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-498] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[499-version-negotiation] +ssl_conf = 499-version-negotiation-ssl + +[499-version-negotiation-ssl] +server = 499-version-negotiation-server +client = 499-version-negotiation-client + +[499-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[499-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-499] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[500-version-negotiation] +ssl_conf = 500-version-negotiation-ssl + +[500-version-negotiation-ssl] +server = 500-version-negotiation-server +client = 500-version-negotiation-client + +[500-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[500-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-500] +ExpectedResult = ServerFail + + +# =========================================================== + +[501-version-negotiation] +ssl_conf = 501-version-negotiation-ssl + +[501-version-negotiation-ssl] +server = 501-version-negotiation-server +client = 501-version-negotiation-client + +[501-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[501-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-501] +ExpectedResult = ClientFail + + +# =========================================================== + +[502-version-negotiation] +ssl_conf = 502-version-negotiation-ssl + +[502-version-negotiation-ssl] +server = 502-version-negotiation-server +client = 502-version-negotiation-client + +[502-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[502-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-502] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[503-version-negotiation] +ssl_conf = 503-version-negotiation-ssl + +[503-version-negotiation-ssl] +server = 503-version-negotiation-server +client = 503-version-negotiation-client + +[503-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[503-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-503] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[504-version-negotiation] +ssl_conf = 504-version-negotiation-ssl + +[504-version-negotiation-ssl] +server = 504-version-negotiation-server +client = 504-version-negotiation-client + +[504-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[504-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-504] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[505-version-negotiation] +ssl_conf = 505-version-negotiation-ssl + +[505-version-negotiation-ssl] +server = 505-version-negotiation-server +client = 505-version-negotiation-client + +[505-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[505-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-505] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[506-version-negotiation] +ssl_conf = 506-version-negotiation-ssl + +[506-version-negotiation-ssl] +server = 506-version-negotiation-server +client = 506-version-negotiation-client + +[506-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[506-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-506] +ExpectedResult = ClientFail + + +# =========================================================== + +[507-version-negotiation] +ssl_conf = 507-version-negotiation-ssl + +[507-version-negotiation-ssl] +server = 507-version-negotiation-server +client = 507-version-negotiation-client + +[507-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[507-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-507] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[508-version-negotiation] +ssl_conf = 508-version-negotiation-ssl + +[508-version-negotiation-ssl] +server = 508-version-negotiation-server +client = 508-version-negotiation-client + +[508-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[508-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-508] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[509-version-negotiation] +ssl_conf = 509-version-negotiation-ssl + +[509-version-negotiation-ssl] +server = 509-version-negotiation-server +client = 509-version-negotiation-client + +[509-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[509-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-509] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[510-version-negotiation] +ssl_conf = 510-version-negotiation-ssl + +[510-version-negotiation-ssl] +server = 510-version-negotiation-server +client = 510-version-negotiation-client + +[510-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[510-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-510] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[511-version-negotiation] +ssl_conf = 511-version-negotiation-ssl + +[511-version-negotiation-ssl] +server = 511-version-negotiation-server +client = 511-version-negotiation-client + +[511-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[511-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-511] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[512-version-negotiation] +ssl_conf = 512-version-negotiation-ssl + +[512-version-negotiation-ssl] +server = 512-version-negotiation-server +client = 512-version-negotiation-client + +[512-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[512-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-512] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[513-version-negotiation] +ssl_conf = 513-version-negotiation-ssl + +[513-version-negotiation-ssl] +server = 513-version-negotiation-server +client = 513-version-negotiation-client + +[513-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[513-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-513] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[514-version-negotiation] +ssl_conf = 514-version-negotiation-ssl + +[514-version-negotiation-ssl] +server = 514-version-negotiation-server +client = 514-version-negotiation-client + +[514-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[514-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-514] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[515-version-negotiation] +ssl_conf = 515-version-negotiation-ssl + +[515-version-negotiation-ssl] +server = 515-version-negotiation-server +client = 515-version-negotiation-client + +[515-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[515-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-515] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[516-version-negotiation] +ssl_conf = 516-version-negotiation-ssl + +[516-version-negotiation-ssl] +server = 516-version-negotiation-server +client = 516-version-negotiation-client + +[516-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[516-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-516] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[517-version-negotiation] +ssl_conf = 517-version-negotiation-ssl + +[517-version-negotiation-ssl] +server = 517-version-negotiation-server +client = 517-version-negotiation-client + +[517-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[517-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-517] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[518-version-negotiation] +ssl_conf = 518-version-negotiation-ssl + +[518-version-negotiation-ssl] +server = 518-version-negotiation-server +client = 518-version-negotiation-client + +[518-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[518-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-518] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[519-version-negotiation] +ssl_conf = 519-version-negotiation-ssl + +[519-version-negotiation-ssl] +server = 519-version-negotiation-server +client = 519-version-negotiation-client + +[519-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[519-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-519] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[520-version-negotiation] +ssl_conf = 520-version-negotiation-ssl + +[520-version-negotiation-ssl] +server = 520-version-negotiation-server +client = 520-version-negotiation-client + +[520-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[520-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-520] +ExpectedResult = ServerFail + + +# =========================================================== + +[521-version-negotiation] +ssl_conf = 521-version-negotiation-ssl + +[521-version-negotiation-ssl] +server = 521-version-negotiation-server +client = 521-version-negotiation-client + +[521-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[521-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-521] +ExpectedResult = ClientFail + + +# =========================================================== + +[522-version-negotiation] +ssl_conf = 522-version-negotiation-ssl + +[522-version-negotiation-ssl] +server = 522-version-negotiation-server +client = 522-version-negotiation-client + +[522-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[522-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-522] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[523-version-negotiation] +ssl_conf = 523-version-negotiation-ssl + +[523-version-negotiation-ssl] +server = 523-version-negotiation-server +client = 523-version-negotiation-client + +[523-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[523-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-523] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[524-version-negotiation] +ssl_conf = 524-version-negotiation-ssl + +[524-version-negotiation-ssl] +server = 524-version-negotiation-server +client = 524-version-negotiation-client + +[524-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[524-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-524] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[525-version-negotiation] +ssl_conf = 525-version-negotiation-ssl + +[525-version-negotiation-ssl] +server = 525-version-negotiation-server +client = 525-version-negotiation-client + +[525-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[525-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-525] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[526-version-negotiation] +ssl_conf = 526-version-negotiation-ssl + +[526-version-negotiation-ssl] +server = 526-version-negotiation-server +client = 526-version-negotiation-client + +[526-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[526-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-526] +ExpectedResult = ServerFail + + +# =========================================================== + +[527-version-negotiation] +ssl_conf = 527-version-negotiation-ssl + +[527-version-negotiation-ssl] +server = 527-version-negotiation-server +client = 527-version-negotiation-client + +[527-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[527-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-527] +ExpectedResult = ClientFail + + +# =========================================================== + +[528-version-negotiation] +ssl_conf = 528-version-negotiation-ssl + +[528-version-negotiation-ssl] +server = 528-version-negotiation-server +client = 528-version-negotiation-client + +[528-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[528-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-528] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[529-version-negotiation] +ssl_conf = 529-version-negotiation-ssl + +[529-version-negotiation-ssl] +server = 529-version-negotiation-server +client = 529-version-negotiation-client + +[529-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[529-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-529] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[530-version-negotiation] +ssl_conf = 530-version-negotiation-ssl + +[530-version-negotiation-ssl] +server = 530-version-negotiation-server +client = 530-version-negotiation-client + +[530-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[530-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-530] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[531-version-negotiation] +ssl_conf = 531-version-negotiation-ssl + +[531-version-negotiation-ssl] +server = 531-version-negotiation-server +client = 531-version-negotiation-client + +[531-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[531-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-531] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[532-version-negotiation] +ssl_conf = 532-version-negotiation-ssl + +[532-version-negotiation-ssl] +server = 532-version-negotiation-server +client = 532-version-negotiation-client + +[532-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[532-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-532] +ExpectedResult = ClientFail + + +# =========================================================== + +[533-version-negotiation] +ssl_conf = 533-version-negotiation-ssl + +[533-version-negotiation-ssl] +server = 533-version-negotiation-server +client = 533-version-negotiation-client + +[533-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[533-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-533] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[534-version-negotiation] +ssl_conf = 534-version-negotiation-ssl + +[534-version-negotiation-ssl] +server = 534-version-negotiation-server +client = 534-version-negotiation-client + +[534-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[534-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-534] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[535-version-negotiation] +ssl_conf = 535-version-negotiation-ssl + +[535-version-negotiation-ssl] +server = 535-version-negotiation-server +client = 535-version-negotiation-client + +[535-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[535-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-535] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[536-version-negotiation] +ssl_conf = 536-version-negotiation-ssl + +[536-version-negotiation-ssl] +server = 536-version-negotiation-server +client = 536-version-negotiation-client + +[536-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[536-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-536] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[537-version-negotiation] +ssl_conf = 537-version-negotiation-ssl + +[537-version-negotiation-ssl] +server = 537-version-negotiation-server +client = 537-version-negotiation-client + +[537-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[537-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-537] +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success + + +# =========================================================== + +[538-version-negotiation] +ssl_conf = 538-version-negotiation-ssl + +[538-version-negotiation-ssl] +server = 538-version-negotiation-server +client = 538-version-negotiation-client + +[538-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[538-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-538] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[539-version-negotiation] +ssl_conf = 539-version-negotiation-ssl + +[539-version-negotiation-ssl] +server = 539-version-negotiation-server +client = 539-version-negotiation-client + +[539-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[539-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-539] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[540-version-negotiation] +ssl_conf = 540-version-negotiation-ssl + +[540-version-negotiation-ssl] +server = 540-version-negotiation-server +client = 540-version-negotiation-client + +[540-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[540-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-540] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[541-version-negotiation] +ssl_conf = 541-version-negotiation-ssl + +[541-version-negotiation-ssl] +server = 541-version-negotiation-server +client = 541-version-negotiation-client + +[541-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[541-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-541] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[542-version-negotiation] +ssl_conf = 542-version-negotiation-ssl + +[542-version-negotiation-ssl] +server = 542-version-negotiation-server +client = 542-version-negotiation-client + +[542-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[542-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-542] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[543-version-negotiation] +ssl_conf = 543-version-negotiation-ssl + +[543-version-negotiation-ssl] +server = 543-version-negotiation-server +client = 543-version-negotiation-client + +[543-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[543-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-543] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[544-version-negotiation] +ssl_conf = 544-version-negotiation-ssl + +[544-version-negotiation-ssl] +server = 544-version-negotiation-server +client = 544-version-negotiation-client + +[544-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[544-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-544] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[545-version-negotiation] +ssl_conf = 545-version-negotiation-ssl + +[545-version-negotiation-ssl] +server = 545-version-negotiation-server +client = 545-version-negotiation-client + +[545-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[545-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-545] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[546-version-negotiation] +ssl_conf = 546-version-negotiation-ssl + +[546-version-negotiation-ssl] +server = 546-version-negotiation-server +client = 546-version-negotiation-client + +[546-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[546-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-546] +ExpectedResult = ServerFail + + +# =========================================================== + +[547-version-negotiation] +ssl_conf = 547-version-negotiation-ssl + +[547-version-negotiation-ssl] +server = 547-version-negotiation-server +client = 547-version-negotiation-client + +[547-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[547-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-547] +ExpectedResult = ClientFail + + +# =========================================================== + +[548-version-negotiation] +ssl_conf = 548-version-negotiation-ssl + +[548-version-negotiation-ssl] +server = 548-version-negotiation-server +client = 548-version-negotiation-client + +[548-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[548-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-548] +ExpectedResult = ClientFail + + +# =========================================================== + +[549-version-negotiation] +ssl_conf = 549-version-negotiation-ssl + +[549-version-negotiation-ssl] +server = 549-version-negotiation-server +client = 549-version-negotiation-client + +[549-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[549-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-549] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[550-version-negotiation] +ssl_conf = 550-version-negotiation-ssl + +[550-version-negotiation-ssl] +server = 550-version-negotiation-server +client = 550-version-negotiation-client + +[550-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[550-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-550] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[551-version-negotiation] +ssl_conf = 551-version-negotiation-ssl + +[551-version-negotiation-ssl] +server = 551-version-negotiation-server +client = 551-version-negotiation-client + +[551-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[551-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-551] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[552-version-negotiation] +ssl_conf = 552-version-negotiation-ssl + +[552-version-negotiation-ssl] +server = 552-version-negotiation-server +client = 552-version-negotiation-client + +[552-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[552-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-552] +ExpectedResult = ServerFail + + +# =========================================================== + +[553-version-negotiation] +ssl_conf = 553-version-negotiation-ssl + +[553-version-negotiation-ssl] +server = 553-version-negotiation-server +client = 553-version-negotiation-client + +[553-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[553-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-553] +ExpectedResult = ClientFail + + +# =========================================================== + +[554-version-negotiation] +ssl_conf = 554-version-negotiation-ssl + +[554-version-negotiation-ssl] +server = 554-version-negotiation-server +client = 554-version-negotiation-client + +[554-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[554-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-554] +ExpectedResult = ClientFail + + +# =========================================================== + +[555-version-negotiation] +ssl_conf = 555-version-negotiation-ssl + +[555-version-negotiation-ssl] +server = 555-version-negotiation-server +client = 555-version-negotiation-client + +[555-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[555-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-555] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[556-version-negotiation] +ssl_conf = 556-version-negotiation-ssl + +[556-version-negotiation-ssl] +server = 556-version-negotiation-server +client = 556-version-negotiation-client + +[556-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[556-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-556] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[557-version-negotiation] +ssl_conf = 557-version-negotiation-ssl + +[557-version-negotiation-ssl] +server = 557-version-negotiation-server +client = 557-version-negotiation-client + +[557-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[557-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-557] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[558-version-negotiation] +ssl_conf = 558-version-negotiation-ssl + +[558-version-negotiation-ssl] +server = 558-version-negotiation-server +client = 558-version-negotiation-client + +[558-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[558-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-558] +ExpectedResult = ClientFail + + +# =========================================================== + +[559-version-negotiation] +ssl_conf = 559-version-negotiation-ssl + +[559-version-negotiation-ssl] +server = 559-version-negotiation-server +client = 559-version-negotiation-client + +[559-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[559-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-559] +ExpectedResult = ClientFail + + +# =========================================================== + +[560-version-negotiation] +ssl_conf = 560-version-negotiation-ssl + +[560-version-negotiation-ssl] +server = 560-version-negotiation-server +client = 560-version-negotiation-client + +[560-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[560-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-560] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[561-version-negotiation] +ssl_conf = 561-version-negotiation-ssl + +[561-version-negotiation-ssl] +server = 561-version-negotiation-server +client = 561-version-negotiation-client + +[561-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[561-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-561] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[562-version-negotiation] +ssl_conf = 562-version-negotiation-ssl + +[562-version-negotiation-ssl] +server = 562-version-negotiation-server +client = 562-version-negotiation-client + +[562-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[562-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-562] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[563-version-negotiation] +ssl_conf = 563-version-negotiation-ssl + +[563-version-negotiation-ssl] +server = 563-version-negotiation-server +client = 563-version-negotiation-client + +[563-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[563-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-563] +ExpectedResult = ClientFail + + +# =========================================================== + +[564-version-negotiation] +ssl_conf = 564-version-negotiation-ssl + +[564-version-negotiation-ssl] +server = 564-version-negotiation-server +client = 564-version-negotiation-client + +[564-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[564-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-564] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[565-version-negotiation] +ssl_conf = 565-version-negotiation-ssl + +[565-version-negotiation-ssl] +server = 565-version-negotiation-server +client = 565-version-negotiation-client + +[565-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[565-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-565] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[566-version-negotiation] +ssl_conf = 566-version-negotiation-ssl + +[566-version-negotiation-ssl] +server = 566-version-negotiation-server +client = 566-version-negotiation-client + +[566-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[566-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-566] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[567-version-negotiation] +ssl_conf = 567-version-negotiation-ssl + +[567-version-negotiation-ssl] +server = 567-version-negotiation-server +client = 567-version-negotiation-client + +[567-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[567-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-567] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[568-version-negotiation] +ssl_conf = 568-version-negotiation-ssl + +[568-version-negotiation-ssl] +server = 568-version-negotiation-server +client = 568-version-negotiation-client + +[568-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[568-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-568] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[569-version-negotiation] +ssl_conf = 569-version-negotiation-ssl + +[569-version-negotiation-ssl] +server = 569-version-negotiation-server +client = 569-version-negotiation-client + +[569-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[569-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-569] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[570-version-negotiation] +ssl_conf = 570-version-negotiation-ssl + +[570-version-negotiation-ssl] +server = 570-version-negotiation-server +client = 570-version-negotiation-client + +[570-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[570-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-570] +ExpectedResult = ServerFail + + +# =========================================================== + +[571-version-negotiation] +ssl_conf = 571-version-negotiation-ssl + +[571-version-negotiation-ssl] +server = 571-version-negotiation-server +client = 571-version-negotiation-client + +[571-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[571-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-571] +ExpectedResult = ServerFail + + +# =========================================================== + +[572-version-negotiation] +ssl_conf = 572-version-negotiation-ssl + +[572-version-negotiation-ssl] +server = 572-version-negotiation-server +client = 572-version-negotiation-client + +[572-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[572-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-572] +ExpectedResult = ServerFail + + +# =========================================================== + +[573-version-negotiation] +ssl_conf = 573-version-negotiation-ssl + +[573-version-negotiation-ssl] +server = 573-version-negotiation-server +client = 573-version-negotiation-client + +[573-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[573-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-573] +ExpectedResult = ClientFail + + +# =========================================================== + +[574-version-negotiation] +ssl_conf = 574-version-negotiation-ssl + +[574-version-negotiation-ssl] +server = 574-version-negotiation-server +client = 574-version-negotiation-client + +[574-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[574-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-574] +ExpectedResult = ClientFail + + +# =========================================================== + +[575-version-negotiation] +ssl_conf = 575-version-negotiation-ssl + +[575-version-negotiation-ssl] +server = 575-version-negotiation-server +client = 575-version-negotiation-client + +[575-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[575-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-575] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[576-version-negotiation] +ssl_conf = 576-version-negotiation-ssl + +[576-version-negotiation-ssl] +server = 576-version-negotiation-server +client = 576-version-negotiation-client + +[576-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[576-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-576] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[577-version-negotiation] +ssl_conf = 577-version-negotiation-ssl + +[577-version-negotiation-ssl] +server = 577-version-negotiation-server +client = 577-version-negotiation-client + +[577-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[577-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-577] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[578-version-negotiation] +ssl_conf = 578-version-negotiation-ssl + +[578-version-negotiation-ssl] +server = 578-version-negotiation-server +client = 578-version-negotiation-client + +[578-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[578-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-578] +ExpectedResult = ServerFail + + +# =========================================================== + +[579-version-negotiation] +ssl_conf = 579-version-negotiation-ssl + +[579-version-negotiation-ssl] +server = 579-version-negotiation-server +client = 579-version-negotiation-client + +[579-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[579-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-579] +ExpectedResult = ClientFail + + +# =========================================================== + +[580-version-negotiation] +ssl_conf = 580-version-negotiation-ssl + +[580-version-negotiation-ssl] +server = 580-version-negotiation-server +client = 580-version-negotiation-client + +[580-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[580-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-580] +ExpectedResult = ClientFail + + +# =========================================================== + +[581-version-negotiation] +ssl_conf = 581-version-negotiation-ssl + +[581-version-negotiation-ssl] +server = 581-version-negotiation-server +client = 581-version-negotiation-client + +[581-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[581-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-581] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[582-version-negotiation] +ssl_conf = 582-version-negotiation-ssl + +[582-version-negotiation-ssl] +server = 582-version-negotiation-server +client = 582-version-negotiation-client + +[582-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[582-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-582] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[583-version-negotiation] +ssl_conf = 583-version-negotiation-ssl + +[583-version-negotiation-ssl] +server = 583-version-negotiation-server +client = 583-version-negotiation-client + +[583-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[583-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-583] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[584-version-negotiation] +ssl_conf = 584-version-negotiation-ssl + +[584-version-negotiation-ssl] +server = 584-version-negotiation-server +client = 584-version-negotiation-client + +[584-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[584-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-584] +ExpectedResult = ClientFail + + +# =========================================================== + +[585-version-negotiation] +ssl_conf = 585-version-negotiation-ssl + +[585-version-negotiation-ssl] +server = 585-version-negotiation-server +client = 585-version-negotiation-client + +[585-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[585-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-585] +ExpectedResult = ClientFail + + +# =========================================================== + +[586-version-negotiation] +ssl_conf = 586-version-negotiation-ssl + +[586-version-negotiation-ssl] +server = 586-version-negotiation-server +client = 586-version-negotiation-client + +[586-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[586-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-586] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[587-version-negotiation] +ssl_conf = 587-version-negotiation-ssl + +[587-version-negotiation-ssl] +server = 587-version-negotiation-server +client = 587-version-negotiation-client + +[587-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[587-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-587] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[588-version-negotiation] +ssl_conf = 588-version-negotiation-ssl + +[588-version-negotiation-ssl] +server = 588-version-negotiation-server +client = 588-version-negotiation-client + +[588-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[588-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-588] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[589-version-negotiation] +ssl_conf = 589-version-negotiation-ssl + +[589-version-negotiation-ssl] +server = 589-version-negotiation-server +client = 589-version-negotiation-client + +[589-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[589-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-589] +ExpectedResult = ClientFail + + +# =========================================================== + +[590-version-negotiation] +ssl_conf = 590-version-negotiation-ssl + +[590-version-negotiation-ssl] +server = 590-version-negotiation-server +client = 590-version-negotiation-client + +[590-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[590-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-590] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[591-version-negotiation] +ssl_conf = 591-version-negotiation-ssl + +[591-version-negotiation-ssl] +server = 591-version-negotiation-server +client = 591-version-negotiation-client + +[591-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[591-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-591] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[592-version-negotiation] +ssl_conf = 592-version-negotiation-ssl + +[592-version-negotiation-ssl] +server = 592-version-negotiation-server +client = 592-version-negotiation-client + +[592-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[592-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-592] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[593-version-negotiation] +ssl_conf = 593-version-negotiation-ssl + +[593-version-negotiation-ssl] +server = 593-version-negotiation-server +client = 593-version-negotiation-client + +[593-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[593-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-593] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[594-version-negotiation] +ssl_conf = 594-version-negotiation-ssl + +[594-version-negotiation-ssl] +server = 594-version-negotiation-server +client = 594-version-negotiation-client + +[594-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[594-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-594] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[595-version-negotiation] +ssl_conf = 595-version-negotiation-ssl + +[595-version-negotiation-ssl] +server = 595-version-negotiation-server +client = 595-version-negotiation-client + +[595-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[595-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-595] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[596-version-negotiation] +ssl_conf = 596-version-negotiation-ssl + +[596-version-negotiation-ssl] +server = 596-version-negotiation-server +client = 596-version-negotiation-client + +[596-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[596-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-596] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[597-version-negotiation] +ssl_conf = 597-version-negotiation-ssl + +[597-version-negotiation-ssl] +server = 597-version-negotiation-server +client = 597-version-negotiation-client + +[597-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[597-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-597] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[598-version-negotiation] +ssl_conf = 598-version-negotiation-ssl + +[598-version-negotiation-ssl] +server = 598-version-negotiation-server +client = 598-version-negotiation-client + +[598-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[598-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-598] +ExpectedResult = ServerFail + + +# =========================================================== + +[599-version-negotiation] +ssl_conf = 599-version-negotiation-ssl + +[599-version-negotiation-ssl] +server = 599-version-negotiation-server +client = 599-version-negotiation-client + +[599-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[599-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-599] +ExpectedResult = ClientFail + + +# =========================================================== + +[600-version-negotiation] +ssl_conf = 600-version-negotiation-ssl + +[600-version-negotiation-ssl] +server = 600-version-negotiation-server +client = 600-version-negotiation-client + +[600-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[600-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-600] +ExpectedResult = ClientFail + + +# =========================================================== + +[601-version-negotiation] +ssl_conf = 601-version-negotiation-ssl + +[601-version-negotiation-ssl] +server = 601-version-negotiation-server +client = 601-version-negotiation-client + +[601-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[601-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-601] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[602-version-negotiation] +ssl_conf = 602-version-negotiation-ssl + +[602-version-negotiation-ssl] +server = 602-version-negotiation-server +client = 602-version-negotiation-client + +[602-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[602-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-602] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[603-version-negotiation] +ssl_conf = 603-version-negotiation-ssl + +[603-version-negotiation-ssl] +server = 603-version-negotiation-server +client = 603-version-negotiation-client + +[603-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[603-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-603] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[604-version-negotiation] +ssl_conf = 604-version-negotiation-ssl + +[604-version-negotiation-ssl] +server = 604-version-negotiation-server +client = 604-version-negotiation-client + +[604-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[604-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-604] +ExpectedResult = ServerFail + + +# =========================================================== + +[605-version-negotiation] +ssl_conf = 605-version-negotiation-ssl + +[605-version-negotiation-ssl] +server = 605-version-negotiation-server +client = 605-version-negotiation-client + +[605-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[605-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-605] +ExpectedResult = ClientFail + + +# =========================================================== + +[606-version-negotiation] +ssl_conf = 606-version-negotiation-ssl + +[606-version-negotiation-ssl] +server = 606-version-negotiation-server +client = 606-version-negotiation-client + +[606-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[606-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-606] +ExpectedResult = ClientFail + + +# =========================================================== + +[607-version-negotiation] +ssl_conf = 607-version-negotiation-ssl + +[607-version-negotiation-ssl] +server = 607-version-negotiation-server +client = 607-version-negotiation-client + +[607-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[607-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-607] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[608-version-negotiation] +ssl_conf = 608-version-negotiation-ssl + +[608-version-negotiation-ssl] +server = 608-version-negotiation-server +client = 608-version-negotiation-client + +[608-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[608-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-608] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[609-version-negotiation] +ssl_conf = 609-version-negotiation-ssl + +[609-version-negotiation-ssl] +server = 609-version-negotiation-server +client = 609-version-negotiation-client + +[609-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[609-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-609] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[610-version-negotiation] +ssl_conf = 610-version-negotiation-ssl + +[610-version-negotiation-ssl] +server = 610-version-negotiation-server +client = 610-version-negotiation-client + +[610-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[610-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-610] +ExpectedResult = ClientFail + + +# =========================================================== + +[611-version-negotiation] +ssl_conf = 611-version-negotiation-ssl + +[611-version-negotiation-ssl] +server = 611-version-negotiation-server +client = 611-version-negotiation-client + +[611-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[611-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-611] +ExpectedResult = ClientFail + + +# =========================================================== + +[612-version-negotiation] +ssl_conf = 612-version-negotiation-ssl + +[612-version-negotiation-ssl] +server = 612-version-negotiation-server +client = 612-version-negotiation-client + +[612-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[612-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-612] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[613-version-negotiation] +ssl_conf = 613-version-negotiation-ssl + +[613-version-negotiation-ssl] +server = 613-version-negotiation-server +client = 613-version-negotiation-client + +[613-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[613-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-613] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[614-version-negotiation] +ssl_conf = 614-version-negotiation-ssl + +[614-version-negotiation-ssl] +server = 614-version-negotiation-server +client = 614-version-negotiation-client + +[614-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[614-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-614] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[615-version-negotiation] +ssl_conf = 615-version-negotiation-ssl + +[615-version-negotiation-ssl] +server = 615-version-negotiation-server +client = 615-version-negotiation-client + +[615-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[615-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-615] +ExpectedResult = ClientFail + + +# =========================================================== + +[616-version-negotiation] +ssl_conf = 616-version-negotiation-ssl + +[616-version-negotiation-ssl] +server = 616-version-negotiation-server +client = 616-version-negotiation-client + +[616-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[616-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-616] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[617-version-negotiation] +ssl_conf = 617-version-negotiation-ssl + +[617-version-negotiation-ssl] +server = 617-version-negotiation-server +client = 617-version-negotiation-client + +[617-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[617-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-617] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[618-version-negotiation] +ssl_conf = 618-version-negotiation-ssl + +[618-version-negotiation-ssl] +server = 618-version-negotiation-server +client = 618-version-negotiation-client + +[618-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[618-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-618] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[619-version-negotiation] +ssl_conf = 619-version-negotiation-ssl + +[619-version-negotiation-ssl] +server = 619-version-negotiation-server +client = 619-version-negotiation-client + +[619-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[619-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-619] +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success + + +# =========================================================== + +[620-version-negotiation] +ssl_conf = 620-version-negotiation-ssl + +[620-version-negotiation-ssl] +server = 620-version-negotiation-server +client = 620-version-negotiation-client + +[620-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[620-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-620] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[621-version-negotiation] +ssl_conf = 621-version-negotiation-ssl + +[621-version-negotiation-ssl] +server = 621-version-negotiation-server +client = 621-version-negotiation-client + +[621-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[621-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-621] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[622-version-negotiation] +ssl_conf = 622-version-negotiation-ssl + +[622-version-negotiation-ssl] +server = 622-version-negotiation-server +client = 622-version-negotiation-client + +[622-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[622-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-622] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[623-version-negotiation] +ssl_conf = 623-version-negotiation-ssl + +[623-version-negotiation-ssl] +server = 623-version-negotiation-server +client = 623-version-negotiation-client + +[623-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[623-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-623] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[624-version-negotiation] +ssl_conf = 624-version-negotiation-ssl + +[624-version-negotiation-ssl] +server = 624-version-negotiation-server +client = 624-version-negotiation-client + +[624-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[624-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-624] +ExpectedResult = ServerFail + + +# =========================================================== + +[625-version-negotiation] +ssl_conf = 625-version-negotiation-ssl + +[625-version-negotiation-ssl] +server = 625-version-negotiation-server +client = 625-version-negotiation-client + +[625-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[625-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-625] +ExpectedResult = ServerFail + + +# =========================================================== + +[626-version-negotiation] +ssl_conf = 626-version-negotiation-ssl + +[626-version-negotiation-ssl] +server = 626-version-negotiation-server +client = 626-version-negotiation-client + +[626-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[626-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-626] +ExpectedResult = ServerFail + + +# =========================================================== + +[627-version-negotiation] +ssl_conf = 627-version-negotiation-ssl + +[627-version-negotiation-ssl] +server = 627-version-negotiation-server +client = 627-version-negotiation-client + +[627-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[627-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-627] +ExpectedResult = ServerFail + + +# =========================================================== + +[628-version-negotiation] +ssl_conf = 628-version-negotiation-ssl + +[628-version-negotiation-ssl] +server = 628-version-negotiation-server +client = 628-version-negotiation-client + +[628-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[628-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-628] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[629-version-negotiation] +ssl_conf = 629-version-negotiation-ssl + +[629-version-negotiation-ssl] +server = 629-version-negotiation-server +client = 629-version-negotiation-client + +[629-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[629-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-629] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[630-version-negotiation] +ssl_conf = 630-version-negotiation-ssl + +[630-version-negotiation-ssl] +server = 630-version-negotiation-server +client = 630-version-negotiation-client + +[630-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[630-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-630] +ExpectedResult = ServerFail + + +# =========================================================== + +[631-version-negotiation] +ssl_conf = 631-version-negotiation-ssl + +[631-version-negotiation-ssl] +server = 631-version-negotiation-server +client = 631-version-negotiation-client + +[631-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[631-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-631] +ExpectedResult = ServerFail + + +# =========================================================== + +[632-version-negotiation] +ssl_conf = 632-version-negotiation-ssl + +[632-version-negotiation-ssl] +server = 632-version-negotiation-server +client = 632-version-negotiation-client + +[632-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[632-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-632] +ExpectedResult = ServerFail + + +# =========================================================== + +[633-version-negotiation] +ssl_conf = 633-version-negotiation-ssl + +[633-version-negotiation-ssl] +server = 633-version-negotiation-server +client = 633-version-negotiation-client + +[633-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[633-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-633] +ExpectedResult = ServerFail + + +# =========================================================== + +[634-version-negotiation] +ssl_conf = 634-version-negotiation-ssl + +[634-version-negotiation-ssl] +server = 634-version-negotiation-server +client = 634-version-negotiation-client + +[634-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[634-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-634] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[635-version-negotiation] +ssl_conf = 635-version-negotiation-ssl + +[635-version-negotiation-ssl] +server = 635-version-negotiation-server +client = 635-version-negotiation-client + +[635-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[635-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-635] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[636-version-negotiation] +ssl_conf = 636-version-negotiation-ssl + +[636-version-negotiation-ssl] +server = 636-version-negotiation-server +client = 636-version-negotiation-client + +[636-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[636-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-636] +ExpectedResult = ServerFail + + +# =========================================================== + +[637-version-negotiation] +ssl_conf = 637-version-negotiation-ssl + +[637-version-negotiation-ssl] +server = 637-version-negotiation-server +client = 637-version-negotiation-client + +[637-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[637-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-637] +ExpectedResult = ServerFail + + +# =========================================================== + +[638-version-negotiation] +ssl_conf = 638-version-negotiation-ssl + +[638-version-negotiation-ssl] +server = 638-version-negotiation-server +client = 638-version-negotiation-client + +[638-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[638-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-638] +ExpectedResult = ServerFail + + +# =========================================================== + +[639-version-negotiation] +ssl_conf = 639-version-negotiation-ssl + +[639-version-negotiation-ssl] +server = 639-version-negotiation-server +client = 639-version-negotiation-client + +[639-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[639-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-639] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[640-version-negotiation] +ssl_conf = 640-version-negotiation-ssl + +[640-version-negotiation-ssl] +server = 640-version-negotiation-server +client = 640-version-negotiation-client + +[640-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[640-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-640] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[641-version-negotiation] +ssl_conf = 641-version-negotiation-ssl + +[641-version-negotiation-ssl] +server = 641-version-negotiation-server +client = 641-version-negotiation-client + +[641-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[641-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-641] +ExpectedResult = ServerFail + + +# =========================================================== + +[642-version-negotiation] +ssl_conf = 642-version-negotiation-ssl + +[642-version-negotiation-ssl] +server = 642-version-negotiation-server +client = 642-version-negotiation-client + +[642-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[642-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-642] +ExpectedResult = ServerFail + + +# =========================================================== + +[643-version-negotiation] +ssl_conf = 643-version-negotiation-ssl + +[643-version-negotiation-ssl] +server = 643-version-negotiation-server +client = 643-version-negotiation-client + +[643-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[643-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-643] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[644-version-negotiation] +ssl_conf = 644-version-negotiation-ssl + +[644-version-negotiation-ssl] +server = 644-version-negotiation-server +client = 644-version-negotiation-client + +[644-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[644-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-644] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[645-version-negotiation] +ssl_conf = 645-version-negotiation-ssl + +[645-version-negotiation-ssl] +server = 645-version-negotiation-server +client = 645-version-negotiation-client + +[645-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[645-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-645] +ExpectedResult = ServerFail + + +# =========================================================== + +[646-version-negotiation] +ssl_conf = 646-version-negotiation-ssl + +[646-version-negotiation-ssl] +server = 646-version-negotiation-server +client = 646-version-negotiation-client + +[646-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[646-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-646] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[647-version-negotiation] +ssl_conf = 647-version-negotiation-ssl + +[647-version-negotiation-ssl] +server = 647-version-negotiation-server +client = 647-version-negotiation-client + +[647-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[647-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-647] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[648-version-negotiation] +ssl_conf = 648-version-negotiation-ssl + +[648-version-negotiation-ssl] +server = 648-version-negotiation-server +client = 648-version-negotiation-client + +[648-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[648-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-648] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[649-version-negotiation] +ssl_conf = 649-version-negotiation-ssl + +[649-version-negotiation-ssl] +server = 649-version-negotiation-server +client = 649-version-negotiation-client + +[649-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[649-version-negotiation-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-649] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[650-version-negotiation] +ssl_conf = 650-version-negotiation-ssl + +[650-version-negotiation-ssl] +server = 650-version-negotiation-server +client = 650-version-negotiation-client + +[650-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[650-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-650] +ExpectedResult = ServerFail + + +# =========================================================== + +[651-version-negotiation] +ssl_conf = 651-version-negotiation-ssl + +[651-version-negotiation-ssl] +server = 651-version-negotiation-server +client = 651-version-negotiation-client + +[651-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[651-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-651] +ExpectedResult = ServerFail + + +# =========================================================== + +[652-version-negotiation] +ssl_conf = 652-version-negotiation-ssl + +[652-version-negotiation-ssl] +server = 652-version-negotiation-server +client = 652-version-negotiation-client + +[652-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[652-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-652] +ExpectedResult = ServerFail + + +# =========================================================== + +[653-version-negotiation] +ssl_conf = 653-version-negotiation-ssl + +[653-version-negotiation-ssl] +server = 653-version-negotiation-server +client = 653-version-negotiation-client + +[653-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[653-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-653] +ExpectedResult = ServerFail + + +# =========================================================== + +[654-version-negotiation] +ssl_conf = 654-version-negotiation-ssl + +[654-version-negotiation-ssl] +server = 654-version-negotiation-server +client = 654-version-negotiation-client + +[654-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[654-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-654] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[655-version-negotiation] +ssl_conf = 655-version-negotiation-ssl + +[655-version-negotiation-ssl] +server = 655-version-negotiation-server +client = 655-version-negotiation-client + +[655-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[655-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-655] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[656-version-negotiation] +ssl_conf = 656-version-negotiation-ssl + +[656-version-negotiation-ssl] +server = 656-version-negotiation-server +client = 656-version-negotiation-client + +[656-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = SSLv3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[656-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-656] +ExpectedResult = ServerFail + + +# =========================================================== + +[657-version-negotiation] +ssl_conf = 657-version-negotiation-ssl + +[657-version-negotiation-ssl] +server = 657-version-negotiation-server +client = 657-version-negotiation-client + +[657-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[657-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-657] +ExpectedResult = ServerFail + + +# =========================================================== + +[658-version-negotiation] +ssl_conf = 658-version-negotiation-ssl + +[658-version-negotiation-ssl] +server = 658-version-negotiation-server +client = 658-version-negotiation-client + +[658-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[658-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-658] +ExpectedResult = ServerFail + + +# =========================================================== + +[659-version-negotiation] +ssl_conf = 659-version-negotiation-ssl + +[659-version-negotiation-ssl] +server = 659-version-negotiation-server +client = 659-version-negotiation-client + +[659-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[659-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-659] +ExpectedResult = ServerFail + + +# =========================================================== + +[660-version-negotiation] +ssl_conf = 660-version-negotiation-ssl + +[660-version-negotiation-ssl] +server = 660-version-negotiation-server +client = 660-version-negotiation-client + +[660-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[660-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-660] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[661-version-negotiation] +ssl_conf = 661-version-negotiation-ssl + +[661-version-negotiation-ssl] +server = 661-version-negotiation-server +client = 661-version-negotiation-client + +[661-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = SSLv3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[661-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-661] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[662-version-negotiation] +ssl_conf = 662-version-negotiation-ssl + +[662-version-negotiation-ssl] +server = 662-version-negotiation-server +client = 662-version-negotiation-client + +[662-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[662-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-662] +ExpectedResult = ServerFail + + +# =========================================================== + +[663-version-negotiation] +ssl_conf = 663-version-negotiation-ssl + +[663-version-negotiation-ssl] +server = 663-version-negotiation-server +client = 663-version-negotiation-client + +[663-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[663-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-663] +ExpectedResult = ServerFail + + +# =========================================================== + +[664-version-negotiation] +ssl_conf = 664-version-negotiation-ssl + +[664-version-negotiation-ssl] +server = 664-version-negotiation-server +client = 664-version-negotiation-client + +[664-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[664-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-664] +ExpectedResult = ServerFail + + +# =========================================================== + +[665-version-negotiation] +ssl_conf = 665-version-negotiation-ssl + +[665-version-negotiation-ssl] +server = 665-version-negotiation-server +client = 665-version-negotiation-client + +[665-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[665-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-665] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[666-version-negotiation] +ssl_conf = 666-version-negotiation-ssl + +[666-version-negotiation-ssl] +server = 666-version-negotiation-server +client = 666-version-negotiation-client + +[666-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[666-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-666] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[667-version-negotiation] +ssl_conf = 667-version-negotiation-ssl + +[667-version-negotiation-ssl] +server = 667-version-negotiation-server +client = 667-version-negotiation-client + +[667-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[667-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-667] +ExpectedResult = ServerFail + + +# =========================================================== + +[668-version-negotiation] +ssl_conf = 668-version-negotiation-ssl + +[668-version-negotiation-ssl] +server = 668-version-negotiation-server +client = 668-version-negotiation-client + +[668-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[668-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-668] +ExpectedResult = ServerFail + + +# =========================================================== + +[669-version-negotiation] +ssl_conf = 669-version-negotiation-ssl + +[669-version-negotiation-ssl] +server = 669-version-negotiation-server +client = 669-version-negotiation-client + +[669-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[669-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-669] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[670-version-negotiation] +ssl_conf = 670-version-negotiation-ssl + +[670-version-negotiation-ssl] +server = 670-version-negotiation-server +client = 670-version-negotiation-client + +[670-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[670-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-670] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[671-version-negotiation] +ssl_conf = 671-version-negotiation-ssl + +[671-version-negotiation-ssl] +server = 671-version-negotiation-server +client = 671-version-negotiation-client + +[671-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[671-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-671] +ExpectedResult = ServerFail + + +# =========================================================== + +[672-version-negotiation] +ssl_conf = 672-version-negotiation-ssl + +[672-version-negotiation-ssl] +server = 672-version-negotiation-server +client = 672-version-negotiation-client + +[672-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[672-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-672] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[673-version-negotiation] +ssl_conf = 673-version-negotiation-ssl + +[673-version-negotiation-ssl] +server = 673-version-negotiation-server +client = 673-version-negotiation-client + +[673-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[673-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-673] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[674-version-negotiation] +ssl_conf = 674-version-negotiation-ssl + +[674-version-negotiation-ssl] +server = 674-version-negotiation-server +client = 674-version-negotiation-client + +[674-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[674-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-674] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success + + +# =========================================================== + +[675-version-negotiation] +ssl_conf = 675-version-negotiation-ssl + +[675-version-negotiation-ssl] +server = 675-version-negotiation-server +client = 675-version-negotiation-client + +[675-version-negotiation-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +MinProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[675-version-negotiation-client] +CipherString = DEFAULT +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-675] +ExpectedProtocol = TLSv1.3 ExpectedResult = Success diff --git a/test/ssl-tests/10-resumption.conf b/test/ssl-tests/10-resumption.conf index b2deee4209..0a58f48f62 100644 --- a/test/ssl-tests/10-resumption.conf +++ b/test/ssl-tests/10-resumption.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 36 +num_tests = 64 test-0 = 0-resumption test-1 = 1-resumption @@ -38,6 +38,34 @@ test-32 = 32-resumption test-33 = 33-resumption test-34 = 34-resumption test-35 = 35-resumption +test-36 = 36-resumption +test-37 = 37-resumption +test-38 = 38-resumption +test-39 = 39-resumption +test-40 = 40-resumption +test-41 = 41-resumption +test-42 = 42-resumption +test-43 = 43-resumption +test-44 = 44-resumption +test-45 = 45-resumption +test-46 = 46-resumption +test-47 = 47-resumption +test-48 = 48-resumption +test-49 = 49-resumption +test-50 = 50-resumption +test-51 = 51-resumption +test-52 = 52-resumption +test-53 = 53-resumption +test-54 = 54-resumption +test-55 = 55-resumption +test-56 = 56-resumption +test-57 = 57-resumption +test-58 = 58-resumption +test-59 = 59-resumption +test-60 = 60-resumption +test-61 = 61-resumption +test-62 = 62-resumption +test-63 = 63-resumption # =========================================================== [0-resumption] @@ -268,15 +296,15 @@ resume-client = 6-resumption-client [6-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-resumption-client] @@ -285,7 +313,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-6] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -304,15 +332,15 @@ resume-client = 7-resumption-client [7-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-resumption-client] @@ -321,7 +349,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-7] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -348,7 +376,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-resumption-client] @@ -357,9 +385,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-8] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -384,7 +412,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-resumption-client] @@ -393,9 +421,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-9] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -420,7 +448,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-resumption-client] @@ -429,9 +457,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-10] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -456,7 +484,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-resumption-client] @@ -465,9 +493,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-11] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -484,15 +512,15 @@ resume-client = 12-resumption-client [12-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-resumption-client] @@ -501,7 +529,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-12] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume ResumptionExpected = No @@ -520,15 +548,15 @@ resume-client = 13-resumption-client [13-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-resumption-client] @@ -537,7 +565,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-13] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume ResumptionExpected = No @@ -556,15 +584,15 @@ resume-client = 14-resumption-client [14-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-resumption-client] @@ -573,7 +601,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-14] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -592,15 +620,15 @@ resume-client = 15-resumption-client [15-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-resumption-client] @@ -609,7 +637,7 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-15] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -636,7 +664,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-resumption-client] @@ -645,9 +673,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-16] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -672,7 +700,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-resumption-resume-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-resumption-client] @@ -681,9 +709,9 @@ VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-17] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -694,32 +722,32 @@ ssl_conf = 18-resumption-ssl [18-resumption-ssl] server = 18-resumption-server client = 18-resumption-client -resume-server = 18-resumption-server -resume-client = 18-resumption-resume-client +resume-server = 18-resumption-resume-server +resume-client = 18-resumption-client [18-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[18-resumption-client] +[18-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[18-resumption-resume-client] +[18-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-18] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -730,32 +758,32 @@ ssl_conf = 19-resumption-ssl [19-resumption-ssl] server = 19-resumption-server client = 19-resumption-client -resume-server = 19-resumption-server -resume-client = 19-resumption-resume-client +resume-server = 19-resumption-resume-server +resume-client = 19-resumption-client [19-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[19-resumption-client] +[19-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[19-resumption-resume-client] +[19-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-19] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -766,32 +794,32 @@ ssl_conf = 20-resumption-ssl [20-resumption-ssl] server = 20-resumption-server client = 20-resumption-client -resume-server = 20-resumption-server -resume-client = 20-resumption-resume-client +resume-server = 20-resumption-resume-server +resume-client = 20-resumption-client [20-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[20-resumption-client] +[20-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[20-resumption-resume-client] +[20-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-20] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -802,32 +830,32 @@ ssl_conf = 21-resumption-ssl [21-resumption-ssl] server = 21-resumption-server client = 21-resumption-client -resume-server = 21-resumption-server -resume-client = 21-resumption-resume-client +resume-server = 21-resumption-resume-server +resume-client = 21-resumption-client [21-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[21-resumption-client] +[21-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[21-resumption-resume-client] +[21-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-21] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -838,30 +866,30 @@ ssl_conf = 22-resumption-ssl [22-resumption-ssl] server = 22-resumption-server client = 22-resumption-client -resume-server = 22-resumption-server -resume-client = 22-resumption-resume-client +resume-server = 22-resumption-resume-server +resume-client = 22-resumption-client [22-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[22-resumption-client] +[22-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[22-resumption-resume-client] +[22-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-22] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -874,30 +902,30 @@ ssl_conf = 23-resumption-ssl [23-resumption-ssl] server = 23-resumption-server client = 23-resumption-client -resume-server = 23-resumption-server -resume-client = 23-resumption-resume-client +resume-server = 23-resumption-resume-server +resume-client = 23-resumption-client [23-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[23-resumption-client] +[23-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[23-resumption-resume-client] +[23-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-23] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume ResumptionExpected = No @@ -910,25 +938,25 @@ ssl_conf = 24-resumption-ssl [24-resumption-ssl] server = 24-resumption-server client = 24-resumption-client -resume-server = 24-resumption-server -resume-client = 24-resumption-resume-client +resume-server = 24-resumption-resume-server +resume-client = 24-resumption-client [24-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[24-resumption-client] +[24-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[24-resumption-resume-client] +[24-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -946,25 +974,25 @@ ssl_conf = 25-resumption-ssl [25-resumption-ssl] server = 25-resumption-server client = 25-resumption-client -resume-server = 25-resumption-server -resume-client = 25-resumption-resume-client +resume-server = 25-resumption-resume-server +resume-client = 25-resumption-client [25-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[25-resumption-client] +[25-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[25-resumption-resume-client] +[25-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -982,32 +1010,32 @@ ssl_conf = 26-resumption-ssl [26-resumption-ssl] server = 26-resumption-server client = 26-resumption-client -resume-server = 26-resumption-server -resume-client = 26-resumption-resume-client +resume-server = 26-resumption-resume-server +resume-client = 26-resumption-client [26-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[26-resumption-client] +[26-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[26-resumption-resume-client] +[26-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-26] ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -1018,32 +1046,32 @@ ssl_conf = 27-resumption-ssl [27-resumption-ssl] server = 27-resumption-server client = 27-resumption-client -resume-server = 27-resumption-server -resume-client = 27-resumption-resume-client +resume-server = 27-resumption-resume-server +resume-client = 27-resumption-client [27-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[27-resumption-client] +[27-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[27-resumption-resume-client] +[27-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-27] ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -1054,25 +1082,25 @@ ssl_conf = 28-resumption-ssl [28-resumption-ssl] server = 28-resumption-server client = 28-resumption-client -resume-server = 28-resumption-server -resume-client = 28-resumption-resume-client +resume-server = 28-resumption-resume-server +resume-client = 28-resumption-client [28-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[28-resumption-client] +[28-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[28-resumption-resume-client] +[28-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1090,25 +1118,25 @@ ssl_conf = 29-resumption-ssl [29-resumption-ssl] server = 29-resumption-server client = 29-resumption-client -resume-server = 29-resumption-server -resume-client = 29-resumption-resume-client +resume-server = 29-resumption-resume-server +resume-client = 29-resumption-client [29-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[29-resumption-client] +[29-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.2 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[29-resumption-resume-client] +[29-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1126,32 +1154,32 @@ ssl_conf = 30-resumption-ssl [30-resumption-ssl] server = 30-resumption-server client = 30-resumption-client -resume-server = 30-resumption-server -resume-client = 30-resumption-resume-client +resume-server = 30-resumption-resume-server +resume-client = 30-resumption-client [30-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[30-resumption-client] +[30-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[30-resumption-resume-client] +[30-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-30] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -1162,32 +1190,32 @@ ssl_conf = 31-resumption-ssl [31-resumption-ssl] server = 31-resumption-server client = 31-resumption-client -resume-server = 31-resumption-server -resume-client = 31-resumption-resume-client +resume-server = 31-resumption-resume-server +resume-client = 31-resumption-client [31-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 Options = -SessionTicket PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[31-resumption-client] +[31-resumption-resume-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[31-resumption-resume-client] +[31-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-31] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -1209,21 +1237,21 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [32-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [32-resumption-resume-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-32] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -1245,21 +1273,21 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [33-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [33-resumption-resume-client] CipherString = DEFAULT -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-33] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 HandshakeMode = Resume -ResumptionExpected = No +ResumptionExpected = Yes # =========================================================== @@ -1281,21 +1309,21 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [34-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [34-resumption-resume-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-34] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 HandshakeMode = Resume -ResumptionExpected = Yes +ResumptionExpected = No # =========================================================== @@ -1317,20 +1345,1028 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [35-resumption-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [35-resumption-resume-client] CipherString = DEFAULT -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-35] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[36-resumption] +ssl_conf = 36-resumption-ssl + +[36-resumption-ssl] +server = 36-resumption-server +client = 36-resumption-client +resume-server = 36-resumption-server +resume-client = 36-resumption-resume-client + +[36-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[36-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[37-resumption] +ssl_conf = 37-resumption-ssl + +[37-resumption-ssl] +server = 37-resumption-server +client = 37-resumption-client +resume-server = 37-resumption-server +resume-client = 37-resumption-resume-client + +[37-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[37-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[38-resumption] +ssl_conf = 38-resumption-ssl + +[38-resumption-ssl] +server = 38-resumption-server +client = 38-resumption-client +resume-server = 38-resumption-server +resume-client = 38-resumption-resume-client + +[38-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[38-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[39-resumption] +ssl_conf = 39-resumption-ssl + +[39-resumption-ssl] +server = 39-resumption-server +client = 39-resumption-client +resume-server = 39-resumption-server +resume-client = 39-resumption-resume-client + +[39-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[39-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[40-resumption] +ssl_conf = 40-resumption-ssl + +[40-resumption-ssl] +server = 40-resumption-server +client = 40-resumption-client +resume-server = 40-resumption-server +resume-client = 40-resumption-resume-client + +[40-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[40-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[41-resumption] +ssl_conf = 41-resumption-ssl + +[41-resumption-ssl] +server = 41-resumption-server +client = 41-resumption-client +resume-server = 41-resumption-server +resume-client = 41-resumption-resume-client + +[41-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[41-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[42-resumption] +ssl_conf = 42-resumption-ssl + +[42-resumption-ssl] +server = 42-resumption-server +client = 42-resumption-client +resume-server = 42-resumption-server +resume-client = 42-resumption-resume-client + +[42-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[42-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[43-resumption] +ssl_conf = 43-resumption-ssl + +[43-resumption-ssl] +server = 43-resumption-server +client = 43-resumption-client +resume-server = 43-resumption-server +resume-client = 43-resumption-resume-client + +[43-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[43-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[44-resumption] +ssl_conf = 44-resumption-ssl + +[44-resumption-ssl] +server = 44-resumption-server +client = 44-resumption-client +resume-server = 44-resumption-server +resume-client = 44-resumption-resume-client + +[44-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[44-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] ExpectedProtocol = TLSv1.2 HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[45-resumption] +ssl_conf = 45-resumption-ssl + +[45-resumption-ssl] +server = 45-resumption-server +client = 45-resumption-client +resume-server = 45-resumption-server +resume-client = 45-resumption-resume-client + +[45-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[45-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[46-resumption] +ssl_conf = 46-resumption-ssl + +[46-resumption-ssl] +server = 46-resumption-server +client = 46-resumption-client +resume-server = 46-resumption-server +resume-client = 46-resumption-resume-client + +[46-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[46-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[47-resumption] +ssl_conf = 47-resumption-ssl + +[47-resumption-ssl] +server = 47-resumption-server +client = 47-resumption-client +resume-server = 47-resumption-server +resume-client = 47-resumption-resume-client + +[47-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[47-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[47-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[48-resumption] +ssl_conf = 48-resumption-ssl + +[48-resumption-ssl] +server = 48-resumption-server +client = 48-resumption-client +resume-server = 48-resumption-server +resume-client = 48-resumption-resume-client + +[48-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[48-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[49-resumption] +ssl_conf = 49-resumption-ssl + +[49-resumption-ssl] +server = 49-resumption-server +client = 49-resumption-client +resume-server = 49-resumption-server +resume-client = 49-resumption-resume-client + +[49-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[49-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[49-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[50-resumption] +ssl_conf = 50-resumption-ssl + +[50-resumption-ssl] +server = 50-resumption-server +client = 50-resumption-client +resume-server = 50-resumption-server +resume-client = 50-resumption-resume-client + +[50-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[50-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[50-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[51-resumption] +ssl_conf = 51-resumption-ssl + +[51-resumption-ssl] +server = 51-resumption-server +client = 51-resumption-client +resume-server = 51-resumption-server +resume-client = 51-resumption-resume-client + +[51-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[51-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[51-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[52-resumption] +ssl_conf = 52-resumption-ssl + +[52-resumption-ssl] +server = 52-resumption-server +client = 52-resumption-client +resume-server = 52-resumption-server +resume-client = 52-resumption-resume-client + +[52-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[52-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[52-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[53-resumption] +ssl_conf = 53-resumption-ssl + +[53-resumption-ssl] +server = 53-resumption-server +client = 53-resumption-client +resume-server = 53-resumption-server +resume-client = 53-resumption-resume-client + +[53-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[53-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[54-resumption] +ssl_conf = 54-resumption-ssl + +[54-resumption-ssl] +server = 54-resumption-server +client = 54-resumption-client +resume-server = 54-resumption-server +resume-client = 54-resumption-resume-client + +[54-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[54-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[54-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[55-resumption] +ssl_conf = 55-resumption-ssl + +[55-resumption-ssl] +server = 55-resumption-server +client = 55-resumption-client +resume-server = 55-resumption-server +resume-client = 55-resumption-resume-client + +[55-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[55-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[55-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-55] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[56-resumption] +ssl_conf = 56-resumption-ssl + +[56-resumption-ssl] +server = 56-resumption-server +client = 56-resumption-client +resume-server = 56-resumption-server +resume-client = 56-resumption-resume-client + +[56-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[56-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[56-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-56] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[57-resumption] +ssl_conf = 57-resumption-ssl + +[57-resumption-ssl] +server = 57-resumption-server +client = 57-resumption-client +resume-server = 57-resumption-server +resume-client = 57-resumption-resume-client + +[57-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[57-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[57-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-57] +ExpectedProtocol = TLSv1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[58-resumption] +ssl_conf = 58-resumption-ssl + +[58-resumption-ssl] +server = 58-resumption-server +client = 58-resumption-client +resume-server = 58-resumption-server +resume-client = 58-resumption-resume-client + +[58-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[58-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[58-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-58] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[59-resumption] +ssl_conf = 59-resumption-ssl + +[59-resumption-ssl] +server = 59-resumption-server +client = 59-resumption-client +resume-server = 59-resumption-server +resume-client = 59-resumption-resume-client + +[59-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[59-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[59-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.1 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-59] +ExpectedProtocol = TLSv1.1 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[60-resumption] +ssl_conf = 60-resumption-ssl + +[60-resumption-ssl] +server = 60-resumption-server +client = 60-resumption-client +resume-server = 60-resumption-server +resume-client = 60-resumption-resume-client + +[60-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[60-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[60-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-60] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[61-resumption] +ssl_conf = 61-resumption-ssl + +[61-resumption-ssl] +server = 61-resumption-server +client = 61-resumption-client +resume-server = 61-resumption-server +resume-client = 61-resumption-resume-client + +[61-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[61-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[61-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-61] +ExpectedProtocol = TLSv1.2 +HandshakeMode = Resume +ResumptionExpected = No + + +# =========================================================== + +[62-resumption] +ssl_conf = 62-resumption-ssl + +[62-resumption-ssl] +server = 62-resumption-server +client = 62-resumption-client +resume-server = 62-resumption-server +resume-client = 62-resumption-resume-client + +[62-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[62-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[62-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-62] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume +ResumptionExpected = Yes + + +# =========================================================== + +[63-resumption] +ssl_conf = 63-resumption-ssl + +[63-resumption-ssl] +server = 63-resumption-server +client = 63-resumption-client +resume-server = 63-resumption-server +resume-client = 63-resumption-resume-client + +[63-resumption-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +Options = -SessionTicket +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[63-resumption-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[63-resumption-resume-client] +CipherString = DEFAULT +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-63] +ExpectedProtocol = TLSv1.3 +HandshakeMode = Resume ResumptionExpected = Yes diff --git a/test/ssl-tests/13-fragmentation.conf b/test/ssl-tests/13-fragmentation.conf index 4c1e9e2b33..14aec20f70 100644 --- a/test/ssl-tests/13-fragmentation.conf +++ b/test/ssl-tests/13-fragmentation.conf @@ -267,6 +267,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-large-app-data-aes-sha1-multibuffer-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -291,6 +292,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-large-app-data-aes-sha2-multibuffer-client] CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -315,6 +317,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-large-app-data-aes-sha1-multibuffer-odd-fragment-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -339,6 +342,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-large-app-data-aes-sha2-multibuffer-odd-fragment-client] CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -363,6 +367,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-small-app-data-aes-sha1-multibuffer-client] CipherString = AES128-SHA +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -387,6 +392,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-small-app-data-aes-sha2-multibuffer-client] CipherString = AES128-SHA256 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/13-fragmentation.conf.in b/test/ssl-tests/13-fragmentation.conf.in index 645163ca89..ae6446ed34 100644 --- a/test/ssl-tests/13-fragmentation.conf.in +++ b/test/ssl-tests/13-fragmentation.conf.in @@ -114,6 +114,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 1024 * 1024, @@ -125,6 +126,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA256", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 1024 * 1024, @@ -136,6 +138,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 1024 * 1024 + 3, @@ -147,6 +150,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA256", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 1024 * 1024 - 3, @@ -161,6 +165,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 4 * 1024, @@ -172,6 +177,7 @@ our @tests = ( server => { }, client => { CipherString => "AES128-SHA256", + MaxProtocol => "TLSv1.2" }, test => { ApplicationData => 4 * 1024, diff --git a/test/ssl-tests/14-curves.conf b/test/ssl-tests/14-curves.conf index d4c19c7a70..17d00b58a7 100644 --- a/test/ssl-tests/14-curves.conf +++ b/test/ssl-tests/14-curves.conf @@ -44,6 +44,7 @@ client = 0-curve-sect163k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-curve-sect163k1-client] @@ -69,6 +70,7 @@ client = 1-curve-sect163r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-curve-sect163r1-client] @@ -94,6 +96,7 @@ client = 2-curve-sect163r2-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163r2 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-curve-sect163r2-client] @@ -119,6 +122,7 @@ client = 3-curve-sect193r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect193r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-curve-sect193r1-client] @@ -144,6 +148,7 @@ client = 4-curve-sect193r2-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect193r2 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-curve-sect193r2-client] @@ -169,6 +174,7 @@ client = 5-curve-sect233k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect233k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-curve-sect233k1-client] @@ -194,6 +200,7 @@ client = 6-curve-sect233r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect233r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-curve-sect233r1-client] @@ -219,6 +226,7 @@ client = 7-curve-sect239k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect239k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-curve-sect239k1-client] @@ -244,6 +252,7 @@ client = 8-curve-sect283k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect283k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-curve-sect283k1-client] @@ -269,6 +278,7 @@ client = 9-curve-sect283r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect283r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-curve-sect283r1-client] @@ -294,6 +304,7 @@ client = 10-curve-sect409k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect409k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-curve-sect409k1-client] @@ -319,6 +330,7 @@ client = 11-curve-sect409r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect409r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-curve-sect409r1-client] @@ -344,6 +356,7 @@ client = 12-curve-sect571k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect571k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-curve-sect571k1-client] @@ -369,6 +382,7 @@ client = 13-curve-sect571r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect571r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-curve-sect571r1-client] @@ -394,6 +408,7 @@ client = 14-curve-secp160k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-curve-secp160k1-client] @@ -419,6 +434,7 @@ client = 15-curve-secp160r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-curve-secp160r1-client] @@ -444,6 +460,7 @@ client = 16-curve-secp160r2-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160r2 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-curve-secp160r2-client] @@ -469,6 +486,7 @@ client = 17-curve-secp192k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp192k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-curve-secp192k1-client] @@ -494,6 +512,7 @@ client = 18-curve-prime192v1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = prime192v1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [18-curve-prime192v1-client] @@ -519,6 +538,7 @@ client = 19-curve-secp224k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp224k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [19-curve-secp224k1-client] @@ -544,6 +564,7 @@ client = 20-curve-secp224r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp224r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [20-curve-secp224r1-client] @@ -569,6 +590,7 @@ client = 21-curve-secp256k1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp256k1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [21-curve-secp256k1-client] @@ -594,6 +616,7 @@ client = 22-curve-prime256v1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = prime256v1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [22-curve-prime256v1-client] @@ -619,6 +642,7 @@ client = 23-curve-secp384r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp384r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [23-curve-secp384r1-client] @@ -644,6 +668,7 @@ client = 24-curve-secp521r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp521r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [24-curve-secp521r1-client] @@ -669,6 +694,7 @@ client = 25-curve-brainpoolP256r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP256r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [25-curve-brainpoolP256r1-client] @@ -694,6 +720,7 @@ client = 26-curve-brainpoolP384r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP384r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [26-curve-brainpoolP384r1-client] @@ -719,6 +746,7 @@ client = 27-curve-brainpoolP512r1-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP512r1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [27-curve-brainpoolP512r1-client] @@ -744,6 +772,7 @@ client = 28-curve-X25519-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = X25519 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [28-curve-X25519-client] diff --git a/test/ssl-tests/14-curves.conf.in b/test/ssl-tests/14-curves.conf.in index f39ff7d22a..dec2be210c 100644 --- a/test/ssl-tests/14-curves.conf.in +++ b/test/ssl-tests/14-curves.conf.in @@ -27,7 +27,9 @@ sub generate_tests() { push @tests, { name => "curve-${curve}", server => { - "Curves" => $curve + "Curves" => $curve, + # TODO(TLS1.3): Can we get this to work for TLSv1.3? + "MaxProtocol" => "TLSv1.2" }, client => { "CipherString" => "ECDHE", diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm index c711362949..7146b8a54e 100644 --- a/test/ssl-tests/protocol_version.pm +++ b/test/ssl-tests/protocol_version.pm @@ -20,12 +20,12 @@ use OpenSSL::Test; use OpenSSL::Test::Utils qw/anydisabled alldisabled/; setup("no_test_here"); -my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); +my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"); # undef stands for "no limit". -my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"); -my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", undef); +my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"); +my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", undef); -my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2"); +my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3"); my $min_tls_enabled; my $max_tls_enabled; @@ -74,7 +74,7 @@ foreach my $i (0..$#dtls_protocols) { sub no_tests { my ($dtls) = @_; return $dtls ? alldisabled("dtls1", "dtls1_2") : - alldisabled("ssl3", "tls1", "tls1_1", "tls1_2"); + alldisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3"); } sub generate_version_tests { @@ -234,9 +234,15 @@ sub expected_result { # Server doesn't support the client range. return ("ServerFail", undef); } elsif ($c_min > $s_max) { - # Server will try with a version that is lower than the lowest - # supported client version. - return ("ClientFail", undef); + my @prots = @$protocols; + if ($prots[$c_min] eq "TLSv1.3") { + # Client won't have sent any ciphersuite the server recognises + return ("ServerFail", undef); + } else { + # Server will try with a version that is lower than the lowest + # supported client version. + return ("ClientFail", undef); + } } else { # Server and client ranges overlap. my $max_common = $s_max < $c_max ? $s_max : $c_max; diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index 0a528d805b..e8f29433da 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -152,6 +152,7 @@ const char *ssl_alert_name(int alert) /********************/ static const test_enum ssl_protocols[] = { + {"TLSv1.3", TLS1_3_VERSION}, {"TLSv1.2", TLS1_2_VERSION}, {"TLSv1.1", TLS1_1_VERSION}, {"TLSv1", TLS1_VERSION}, diff --git a/test/ssltest_old.c b/test/ssltest_old.c index 6a5cd7038d..356359d4e3 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -886,6 +886,7 @@ static int protocol_from_string(const char *value) {"tls1", TLS1_VERSION}, {"tls1.1", TLS1_1_VERSION}, {"tls1.2", TLS1_2_VERSION}, + {"tls1.3", TLS1_3_VERSION}, {"dtls1", DTLS1_VERSION}, {"dtls1.2", DTLS1_2_VERSION}}; size_t i; @@ -958,7 +959,7 @@ int main(int argc, char *argv[]) int badop = 0; enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM; int force = 0; - int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, ssl3 = 0, ret = 1; + int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0, ret = 1; int client_auth = 0; int server_auth = 0, i; struct app_verify_arg app_verify_arg = @@ -1123,7 +1124,9 @@ int main(int argc, char *argv[]) min_version = TLS1_VERSION; } #endif - else if (strcmp(*argv, "-tls1") == 0) { + else if (strcmp(*argv, "-tls1_2") == 0) { + tls1_2 = 1; + } else if (strcmp(*argv, "-tls1") == 0) { tls1 = 1; } else if (strcmp(*argv, "-ssl3") == 0) { ssl3 = 1; @@ -1329,8 +1332,8 @@ int main(int argc, char *argv[]) goto end; } - if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) { - fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should " + if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) { + fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should " "be requested.\n"); EXIT(1); } @@ -1345,6 +1348,11 @@ int main(int argc, char *argv[]) no_protocol = 1; else #endif +#ifdef OPENSSL_NO_TLS1_2 + if (tls1_2) + no_protocol = 1; + else +#endif #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1) if (dtls1) no_protocol = 1; @@ -1369,10 +1377,11 @@ int main(int argc, char *argv[]) goto end; } - if (!ssl3 && !tls1 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) { + if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1 + && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " - "or add one of -ssl3, -tls1, -dtls, -dtls1, -dtls12, -reuse\n" + "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" "to avoid protocol mismatch.\n"); EXIT(1); } @@ -1435,6 +1444,9 @@ int main(int argc, char *argv[]) } else if (tls1) { min_version = TLS1_VERSION; max_version = TLS1_VERSION; + } else if (tls1_2) { + min_version = TLS1_2_VERSION; + max_version = TLS1_2_VERSION; } #endif #ifndef OPENSSL_NO_DTLS diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm index eeb83ed74f..c15019dace 100644 --- a/util/TLSProxy/Proxy.pm +++ b/util/TLSProxy/Proxy.pm @@ -147,8 +147,10 @@ sub start or die "Failed to redirect stdout: $!"; open(STDERR, ">&STDOUT"); } + # TODO(TLS1.3): Temporarily disabled for TLS1.3...no shared cipher + # because the TLS1.3 ciphersuites are not compatible with ossltest my $execcmd = $self->execute - ." s_server -no_comp -rev -engine ossltest -accept " + ." s_server -no_tls1_3 -no_comp -rev -engine ossltest -accept " .($self->server_port) ." -cert ".$self->cert." -naccept ".$self->serverconnects; if ($self->ciphers ne "") { -- 2.25.1