Use .cnf for config files, not .conf

author Rich Salz <rsalz@akamai.com>

Tue, 25 Feb 2020 18:25:13 +0000 (13:25 -0500)

committer Tomas Mraz <tmraz@fedoraproject.org>

Fri, 6 Mar 2020 17:25:13 +0000 (18:25 +0100)
author Rich Salz <rsalz@akamai.com>
Tue, 25 Feb 2020 18:25:13 +0000 (13:25 -0500)
committer Tomas Mraz <tmraz@fedoraproject.org>
Fri, 6 Mar 2020 17:25:13 +0000 (18:25 +0100)
diff --git a/.gitignore b/.gitignore

index 3b1a45520955315b5d3351c0da36bd27cd94274f..f51ccce56dee548fa202327617dbfa7ac674b492 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -96,9 +96,9 @@ doc/man1/openssl-x509.pod
  /test/confdump
  /test/bio_prefix_text
  # Other generated files in test/
-/test/provider_internal_test.conf
-/test/fipsinstall.conf
-/providers/fipsinstall.conf
+/test/provider_internal_test.cnf
+/test/fipsinstall.cnf
+/providers/fipsinstall.cnf
  
  # Certain files that get created by tests on the fly
  /test-runs
diff --git a/doc/man1/openssl-fipsinstall.pod b/doc/man1/openssl-fipsinstall.pod

index 7cad6091e1f3c16c93c44da902108727214d05ae..9c7c856b0d8dac041c308660163337a456a3d0d3 100644 (file)
--- a/doc/man1/openssl-fipsinstall.pod
+++ b/doc/man1/openssl-fipsinstall.pod
@@ -128,21 +128,21 @@ values that can be used.
  =head1 EXAMPLES
  
  Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test
-for the module, and save the F<fips.conf> configuration file:
+for the module, and save the F<fips.cnf> configuration file:
  
- openssl fipsinstall -module ./fips.so -out fips.conf -provider_name fips \
+ openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \
           -section_name fipsinstall -mac_name HMAC -macopt digest:SHA256 \
           -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213
  
-Verify that the configuration file F<fips.conf> contains the correct info:
+Verify that the configuration file F<fips.cnf> contains the correct info:
  
- openssl fipsinstall -module ./fips.so -in fips.conf  -provider_name fips \
+ openssl fipsinstall -module ./fips.so -in fips.cnf  -provider_name fips \
            -section_name fips_install -mac_name HMAC -macopt digest:SHA256 \
            -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 -verify
  
  Corrupt any self tests which have the description 'SHA1':
  
- openssl fipsinstall -module ./fips.so -out fips.conf -provider_name fips \
+ openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \
           -section_name fipsinstall -mac_name HMAC -macopt digest:SHA256 \
           -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \
           -corrupt_desc', 'SHA1'
diff --git a/test/CAss.cnf b/test/CAss.cnf

index 8ca62b5cf7e6ab9f61d5363ffac1cc7cbae33a2b..d63f85628ba92e339a8db51a2a7495be32f3dd1d 100644 (file)
--- a/test/CAss.cnf
+++ b/test/CAss.cnf
@@ -1,7 +1,3 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
  
  ####################################################################
  [ req ]
diff --git a/test/P1ss.cnf b/test/P1ss.cnf

index 03f3cdb1ad3f14e4a0cc39b72cc9a5ac62ec8cee..69baaaf8490279f0dd56e9b888b84079547b2554 100644 (file)
--- a/test/P1ss.cnf
+++ b/test/P1ss.cnf
@@ -1,7 +1,3 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
  
  ####################################################################
  [ req ]
diff --git a/test/P2ss.cnf b/test/P2ss.cnf

index 5adaecc7d50cd197bbbbbab676c08cdf173e2640..8d4f3c8a68c3e02775413dc0d93e820dad7e1a0d 100644 (file)
--- a/test/P2ss.cnf
+++ b/test/P2ss.cnf
@@ -1,7 +1,3 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
  
  ####################################################################
  [ req ]
diff --git a/test/README.ssltest.md b/test/README.ssltest.md

index 30360f7652a8c7170e7344d5404fd9a954576bff..6fc7301500c717ce72f937980faafc5a1aff8ff8 100644 (file)
--- a/test/README.ssltest.md
+++ b/test/README.ssltest.md
@@ -2,7 +2,7 @@
  
  SSL testcases are configured in the `ssl-tests` directory.
  
-Each `ssl_*.conf.in` file contains a number of test configurations. These files
+Each `ssl_*.cnf.in` file contains a number of test configurations. These files
  are used to generate testcases in the OpenSSL CONF format.
  
  The precise test output can be dependent on the library configuration. The test
@@ -10,9 +10,9 @@ harness generates the output files on the fly.
  
  However, for verification, we also include checked-in configuration outputs
  corresponding to the default configuration. These testcases live in
-`test/ssl-tests/*.conf` files.
+`test/ssl-tests/*.cnf` files.
  
-For more details, see `ssl-tests/01-simple.conf.in` for an example.
+For more details, see `ssl-tests/01-simple.cnf.in` for an example.
  
  ## Configuring the test
  
@@ -219,24 +219,24 @@ client => {
  ## Adding a test to the test harness
  
  1. Add a new test configuration to `test/ssl-tests`, following the examples of
-   existing `*.conf.in` files (for example, `01-simple.conf.in`).
+   existing `*.cnf.in` files (for example, `01-simple.cnf.in`).
  
-2. Generate the generated `*.conf` test input file. You can do so by running
+2. Generate the generated `*.cnf` test input file. You can do so by running
     `generate_ssl_tests.pl`:
  
  ```
  $ ./config
  $ cd test
-$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/my.conf.in \
-  > ssl-tests/my.conf
+$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/my.cnf.in \
+  > ssl-tests/my.cnf
  ```
  
-where `my.conf.in` is your test input file.
+where `my.cnf.in` is your test input file.
  
-For example, to generate the test cases in `ssl-tests/01-simple.conf.in`, do
+For example, to generate the test cases in `ssl-tests/01-simple.cnf.in`, do
  
  ```
-$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/01-simple.conf.in > ssl-tests/01-simple.conf
+$ TOP=.. perl -I ../util/perl/ generate_ssl_tests.pl ssl-tests/01-simple.cnf.in > ssl-tests/01-simple.cnf
  ```
  
  Alternatively (hackish but simple), you can comment out
@@ -273,15 +273,15 @@ environment variable to point to the location of the certs. E.g., from the root
  OpenSSL directory, do
  
  ```
-$ CTLOG_FILE=test/ct/log_list.conf TEST_CERTS_DIR=test/certs test/ssl_test \
-  test/ssl-tests/01-simple.conf
+$ CTLOG_FILE=test/ct/log_list.cnf TEST_CERTS_DIR=test/certs test/ssl_test \
+  test/ssl-tests/01-simple.cnf
  ```
  
  or for shared builds
  
  ```
-$ CTLOG_FILE=test/ct/log_list.conf  TEST_CERTS_DIR=test/certs \
-  util/wrap.pl test/ssl_test test/ssl-tests/01-simple.conf
+$ CTLOG_FILE=test/ct/log_list.cnf  TEST_CERTS_DIR=test/certs \
+  util/wrap.pl test/ssl_test test/ssl-tests/01-simple.cnf
  ```
  
  Note that the test expectations sometimes depend on the Configure settings. For
@@ -293,7 +293,7 @@ The Perl test harness automatically generates expected outputs, so users who
  just run `make test` do not need any extra steps.
  
  However, when running a test manually, keep in mind that the repository version
-of the generated `test/ssl-tests/*.conf` correspond to expected outputs in with
+of the generated `test/ssl-tests/*.cnf` correspond to expected outputs in with
  the default Configure options. To run `ssl_test` manually from the command line
  in a build with a different configuration, you may need to generate the right
-`*.conf` file from the `*.conf.in` input first.
+`*.cnf` file from the `*.cnf.in` input first.
diff --git a/test/Uss.cnf b/test/Uss.cnf

index 27517bd1060220af6dceef49441c8758c8e842a5..95ffb67deb6208811946eb645f5678961a9dae2b 100644 (file)
--- a/test/Uss.cnf
+++ b/test/Uss.cnf
@@ -1,7 +1,3 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
  
  CN2 = Brother 2
  
diff --git a/test/build.info b/test/build.info

index ea350e5d6a8c4b5f90ac280ce01c920b656da84a..1573087c2891d5245ecabc7ed1cb73e65409c7b5 100644 (file)
--- a/test/build.info
+++ b/test/build.info
@@ -716,8 +716,8 @@ IF[{- !$disabled{tests} -}]
      DEFINE[provider_test]=NO_PROVIDER_MODULE
      DEFINE[provider_internal_test]=NO_PROVIDER_MODULE
    ENDIF
-  DEPEND[]=provider_internal_test.conf
-  GENERATE[provider_internal_test.conf]=provider_internal_test.conf.in
+  DEPEND[]=provider_internal_test.cnf
+  GENERATE[provider_internal_test.cnf]=provider_internal_test.cnf.in
  
    PROGRAMS{noinst}=params_test
    SOURCE[params_test]=params_test.c
diff --git a/test/ct/log_list.cnf b/test/ct/log_list.cnf

new file mode 100644 (file)

index 0000000..4b68e53
--- /dev/null
+++ b/test/ct/log_list.cnf
@@ -0,0 +1,38 @@
+enabled_logs=test,pilot,aviator,rocketeer,digicert,certly,izempe,symantec,venafi
+
+[test]
+description = https://github.com/google/certificate-transparency/tree/99218b6445906a81f219d84e9c6d2683e13e4e58/test/testdata
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmXg8sUUzwBYaWrRb+V0IopzQ6o3UyEJ04r5ZrRXGdpYM8K+hB0pXrGRLI0eeWz+3skXrS0IO83AhA3GpRL6s6w==
+
+[pilot]
+description = Google Pilot Log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==
+
+[aviator]
+description = Google Aviator log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q==
+
+[rocketeer]
+description = Google Rocketeer log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg==
+
+[digicert]
+description = DigiCert Log Server
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A==
+
+[certly]
+description = Certly.IO log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECyPLhWKYYUgEc+tUXfPQB4wtGS2MNvXrjwFCCnyYJifBtd2Sk7Cu+Js9DNhMTh35FftHaHu6ZrclnNBKwmbbSA==
+
+[izempe]
+description = Izempe log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ2Q5DC3cUBj4IQCiDu0s6j51up+TZAkAEcQRF6tczw90rLWXkJMAW7jr9yc92bIKgV8vDXU4lDeZHvYHduDuvg==
+
+[symantec]
+description = Symantec log
+key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroPS2bMBTP01CEDPwWJePa75y9CrsHEKqAy8afig1dpkIPSEUhg==
+
+[venafi]
+description = Venafi log
+key = MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolpIHxdSlTXLo1s6H1OCdpSj/4DyHDc8wLG9wVmLqy1lk9fz4ATVmm+/1iN2Nk8jmctUKK2MFUtlWXZBSpym97M7frGlSaQXUWyA3CqQUEuIJOmlEjKTBEiQAvpfDjCHjlV2Be4qTM6jamkJbiWtgnYPhJL6ONaGTiSPm7Byy57iaz/hbckldSOIoRhYBiMzeNoA0DiRZ9KmfSeXZ1rB8y8X5urSW+iBzf2SaOfzBvDpcoTuAaWx2DPazoOl28fP1hZ+kHUYvxbcMjttjauCFx+JII0dmuZNIwjfeG/GBb9frpSX219k1O4Wi6OEbHEr8at/XQ0y7gTikOxBn/s5wQIDAQAB
+
diff --git a/test/ct/log_list.conf b/test/ct/log_list.conf

deleted file mode 100644 (file)

index 4b68e53..0000000
--- a/test/ct/log_list.conf
+++ /dev/null
@@ -1,38 +0,0 @@
-enabled_logs=test,pilot,aviator,rocketeer,digicert,certly,izempe,symantec,venafi
-
-[test]
-description = https://github.com/google/certificate-transparency/tree/99218b6445906a81f219d84e9c6d2683e13e4e58/test/testdata
-key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmXg8sUUzwBYaWrRb+V0IopzQ6o3UyEJ04r5ZrRXGdpYM8K+hB0pXrGRLI0eeWz+3skXrS0IO83AhA3GpRL6s6w==
-
-[pilot]
-description = Google Pilot Log
-key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfahLEimAoz2t01p3uMziiLOl/fHTDM0YDOhBRuiBARsV4UvxG2LdNgoIGLrtCzWE0J5APC2em4JlvR8EEEFMoA==
-
-[aviator]
-description = Google Aviator log
-key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1/TMabLkDpCjiupacAlP7xNi0I1JYP8bQFAHDG1xhtolSY1l4QgNRzRrvSe8liE+NPWHdjGxfx3JhTsN9x8/6Q==
-
-[rocketeer]
-description = Google Rocketeer log
-key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIFsYyDzBi7MxCAC/oJBXK7dHjG+1aLCOkHjpoHPqTyghLpzA9BYbqvnV16mAw04vUjyYASVGJCUoI3ctBcJAeg==
-
-[digicert]
-description = DigiCert Log Server
-key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAkbFvhu7gkAW6MHSrBlpE1n4+HCFRkC5OLAjgqhkTH+/uzSfSl8ois8ZxAD2NgaTZe1M9akhYlrYkes4JECs6A==
-
-[certly]
-description = Certly.IO log
-key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECyPLhWKYYUgEc+tUXfPQB4wtGS2MNvXrjwFCCnyYJifBtd2Sk7Cu+Js9DNhMTh35FftHaHu6ZrclnNBKwmbbSA==
-
-[izempe]
-description = Izempe log
-key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJ2Q5DC3cUBj4IQCiDu0s6j51up+TZAkAEcQRF6tczw90rLWXkJMAW7jr9yc92bIKgV8vDXU4lDeZHvYHduDuvg==
-
-[symantec]
-description = Symantec log
-key = MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEluqsHEYMG1XcDfy1lCdGV0JwOmkY4r87xNuroPS2bMBTP01CEDPwWJePa75y9CrsHEKqAy8afig1dpkIPSEUhg==
-
-[venafi]
-description = Venafi log
-key = MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolpIHxdSlTXLo1s6H1OCdpSj/4DyHDc8wLG9wVmLqy1lk9fz4ATVmm+/1iN2Nk8jmctUKK2MFUtlWXZBSpym97M7frGlSaQXUWyA3CqQUEuIJOmlEjKTBEiQAvpfDjCHjlV2Be4qTM6jamkJbiWtgnYPhJL6ONaGTiSPm7Byy57iaz/hbckldSOIoRhYBiMzeNoA0DiRZ9KmfSeXZ1rB8y8X5urSW+iBzf2SaOfzBvDpcoTuAaWx2DPazoOl28fP1hZ+kHUYvxbcMjttjauCFx+JII0dmuZNIwjfeG/GBb9frpSX219k1O4Wi6OEbHEr8at/XQ0y7gTikOxBn/s5wQIDAQAB
-
diff --git a/test/default-and-fips.cnf b/test/default-and-fips.cnf

index 6db1a940ee29b970f6a0a8481a7ba1134d30580d..03f5a83183c305bced1b200f369d3f8e544dcbe8 100644 (file)
--- a/test/default-and-fips.cnf
+++ b/test/default-and-fips.cnf
@@ -1,6 +1,6 @@
  openssl_conf = openssl_init
  
-.include fipsinstall.conf
+.include fipsinstall.cnf
  
  [openssl_init]
  providers = provider_sect
diff --git a/test/fips.cnf b/test/fips.cnf

index d77d35b99f5a7c14eb2142d631eff19226e7b7ed..32c18be671771d603decb1fe07f3a8e68472efba 100644 (file)
--- a/test/fips.cnf
+++ b/test/fips.cnf
@@ -1,6 +1,6 @@
  openssl_conf = openssl_init
  
-.include fipsinstall.conf
+.include fipsinstall.cnf
  
  [openssl_init]
  providers = provider_sect
diff --git a/test/provider_internal_test.cnf.in b/test/provider_internal_test.cnf.in

new file mode 100644 (file)

index 0000000..12c2924
--- /dev/null
+++ b/test/provider_internal_test.cnf.in
@@ -0,0 +1,13 @@
+{- use platform -}
+openssl_conf = openssl_init
+
+[openssl_init]
+providers = providers
+
+[providers]
+p_test_configured = p_test_configured
+
+[p_test_configured]
+module = {- platform->dso('p_test') -}
+activate = 1
+greeting = Hello OpenSSL, greetings from Test Provider
diff --git a/test/provider_internal_test.conf.in b/test/provider_internal_test.conf.in

deleted file mode 100644 (file)

index 12c2924..0000000
--- a/test/provider_internal_test.conf.in
+++ /dev/null
@@ -1,13 +0,0 @@
-{- use platform -}
-openssl_conf = openssl_init
-
-[openssl_init]
-providers = providers
-
-[providers]
-p_test_configured = p_test_configured
-
-[p_test_configured]
-module = {- platform->dso('p_test') -}
-activate = 1
-greeting = Hello OpenSSL, greetings from Test Provider
diff --git a/test/recipes/02-test_internal_provider.t b/test/recipes/02-test_internal_provider.t

index 615d17a8d905cdc2e4d3d53f57d419baabd81cbd..2b77d4b5f387f39d5432a32251bc00612cb9bee0 100644 (file)
--- a/test/recipes/02-test_internal_provider.t
+++ b/test/recipes/02-test_internal_provider.t
@@ -14,6 +14,6 @@ use OpenSSL::Test::Utils;
  setup("test_internal_provider");
  
  $ENV{OPENSSL_MODULES} = bldtop_dir("test");
-$ENV{OPENSSL_CONF} = bldtop_file("test", "provider_internal_test.conf");
+$ENV{OPENSSL_CONF} = bldtop_file("test", "provider_internal_test.cnf");
  
  simple_test("test_internal_provider", "provider_internal_test");
diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t

index 71e8db10e428884eb0fdbc03e4d2282eadbbb0d1..3be6346ab90edc9f8db467992cdffa50878be76f 100644 (file)
--- a/test/recipes/03-test_fipsinstall.t
+++ b/test/recipes/03-test_fipsinstall.t
@@ -30,7 +30,7 @@ my $infile = bldtop_file('providers', platform->dso('fips'));
  $ENV{OPENSSL_MODULES} = bldtop_dir("providers");
  
  # fail if no module name
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module',
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module',
               '-provider_name', 'fips',
               '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
               '-section_name', 'fips_install'])),
@@ -44,57 +44,57 @@ ok(!run(app(['openssl', 'fipsinstall', '-in', 'dummy.tmp', '-module', $infile,
     "fipsinstall verify fail");
  
  
-# output a fips.conf file containing mac data
-ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+# output a fips.cnf file containing mac data
+ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
              '-provider_name', 'fips', '-mac_name', 'HMAC',
              '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
              '-section_name', 'fips_install'])),
     "fipsinstall");
  
-# verify the fips.conf file
-ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
+# verify the fips.cnf file
+ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile,
              '-provider_name', 'fips', '-mac_name', 'HMAC',
              '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
              '-section_name', 'fips_install', '-verify'])),
     "fipsinstall verify");
  
-# fail to verify the fips.conf file if a different key is used
-ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
+# fail to verify the fips.cnf file if a different key is used
+ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile,
               '-provider_name', 'fips', '-mac_name', 'HMAC',
               '-macopt', 'digest:SHA256', '-macopt', 'hexkey:01',
               '-section_name', 'fips_install', '-verify'])),
     "fipsinstall verify fail bad key");
  
-# fail to verify the fips.conf file if a different mac digest is used
-ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
+# fail to verify the fips.cnf file if a different mac digest is used
+ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.cnf', '-module', $infile,
               '-provider_name', 'fips', '-mac_name', 'HMAC',
               '-macopt', 'digest:SHA512', '-macopt', 'hexkey:00',
               '-section_name', 'fips_install', '-verify'])),
     "fipsinstall verify fail incorrect digest");
  
  # corrupt the module hmac
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
              '-provider_name', 'fips', '-mac_name', 'HMAC',
              '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
              '-section_name', 'fips_install', '-corrupt_desc', 'HMAC'])),
     "fipsinstall fails when the module integrity is corrupted");
  
  # corrupt the first digest
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
              '-provider_name', 'fips', '-mac_name', 'HMAC',
              '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
              '-section_name', 'fips_install', '-corrupt_desc', 'SHA1'])),
     "fipsinstall fails when the digest result is corrupted");
  
  # corrupt another digest
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
              '-provider_name', 'fips', '-mac_name', 'HMAC',
              '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
              '-section_name', 'fips_install', '-corrupt_desc', 'SHA3'])),
     "fipsinstall fails when the digest result is corrupted");
  
  # corrupt DRBG
-ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile,
              '-provider_name', 'fips', '-mac_name', 'HMAC',
              '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
              '-section_name', 'fips_install', '-corrupt_desc', 'CTR'])),
diff --git a/test/recipes/04-test_conf.t b/test/recipes/04-test_conf.t

index 9103cbc8eb22d670cecd91d7b72e0d86a4972f4a..92a570c5463b962b73938fb7f3d40b7ef0bd4755 100644 (file)
--- a/test/recipes/04-test_conf.t
+++ b/test/recipes/04-test_conf.t
@@ -16,8 +16,8 @@ use File::Compare qw(compare_text);
  setup('test_conf');
  
  my %input_result = (
-    'dollarid_on.conf'  => 'dollarid_on.txt',
-    'dollarid_off.conf' => 'dollarid_off.txt',
+    'dollarid_on.cnf'  => 'dollarid_on.txt',
+    'dollarid_off.cnf' => 'dollarid_off.txt',
  );
  
  plan skip_all => 'This is unsupported for cross compiled configurations'
diff --git a/test/recipes/04-test_conf_data/dollarid_off.cnf b/test/recipes/04-test_conf_data/dollarid_off.cnf

new file mode 100644 (file)

index 0000000..96482ff
--- /dev/null
+++ b/test/recipes/04-test_conf_data/dollarid_off.cnf
@@ -0,0 +1,5 @@
+.pragma dollarid:off
+
+bar = 0
+foo = $bar
+cookie = ${foo}
diff --git a/test/recipes/04-test_conf_data/dollarid_off.conf b/test/recipes/04-test_conf_data/dollarid_off.conf

deleted file mode 100644 (file)

index 96482ff..0000000
--- a/test/recipes/04-test_conf_data/dollarid_off.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-.pragma dollarid:off
-
-bar = 0
-foo = $bar
-cookie = ${foo}
diff --git a/test/recipes/04-test_conf_data/dollarid_on.cnf b/test/recipes/04-test_conf_data/dollarid_on.cnf

new file mode 100644 (file)

index 0000000..1b12e2f
--- /dev/null
+++ b/test/recipes/04-test_conf_data/dollarid_on.cnf
@@ -0,0 +1,5 @@
+.pragma dollarid:on
+
+bar = 0
+foo$bar = 1
+cookie = ${foo$bar}
diff --git a/test/recipes/04-test_conf_data/dollarid_on.conf b/test/recipes/04-test_conf_data/dollarid_on.conf

deleted file mode 100644 (file)

index 1b12e2f..0000000
--- a/test/recipes/04-test_conf_data/dollarid_on.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-.pragma dollarid:on
-
-bar = 0
-foo$bar = 1
-cookie = ${foo$bar}
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t

index 575a471d2f280bcd979d8b67f2724c029366659c..9b940aa5ecaef2d22fe27e548a6c1525f7d89415 100644 (file)
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -84,7 +84,7 @@ unless ($no_fips) {
      $ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
  
      ok(run(app(['openssl', 'fipsinstall',
-                '-out', bldtop_file('providers', 'fipsinstall.conf'),
+                '-out', bldtop_file('providers', 'fipsinstall.cnf'),
                  '-module', $infile,
                  '-provider_name', 'fips', '-mac_name', 'HMAC',
                  '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
diff --git a/test/recipes/30-test_evp_fetch_prov.t b/test/recipes/30-test_evp_fetch_prov.t

index ce7c834039322e91cf6e9822ad8b85e9df5b2759..8ffd2a50d8567989b8959f4436bbc843cd82d14d 100644 (file)
--- a/test/recipes/30-test_evp_fetch_prov.t
+++ b/test/recipes/30-test_evp_fetch_prov.t
@@ -48,7 +48,7 @@ my @testdata = (
  unless ($no_fips) {
      push @setups, {
          cmd     => app(['openssl', 'fipsinstall',
-                        '-out', bldtop_file('providers', 'fipsinstall.conf'),
+                        '-out', bldtop_file('providers', 'fipsinstall.cnf'),
                          '-module', bldtop_file('providers', platform->dso('fips')),
                          '-provider_name', 'fips', '-mac_name', 'HMAC',
                          '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
diff --git a/test/recipes/70-test_comp.t b/test/recipes/70-test_comp.t

index 9c5e16ed2d72580bac59708639c110b7210d3ee6..9dc0cbb94c88bb0664d760347bfc96b1ad8d103f 100644 (file)
--- a/test/recipes/70-test_comp.t
+++ b/test/recipes/70-test_comp.t
@@ -28,7 +28,7 @@ plan skip_all => "$test_name needs TLSv1.3 or TLSv1.2 enabled"
      if disabled("tls1_3") && disabled("tls1_2");
  
  $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
  
  use constant {
      MULTIPLE_COMPRESSIONS => 0,
diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t

index 9f8c3226e6279fa5ff004e47c2c520e4eb06a66b..95c4cbe5537fea66e342751517d916246746274b 100644 (file)
--- a/test/recipes/70-test_sslmessages.t
+++ b/test/recipes/70-test_sslmessages.t
@@ -30,7 +30,7 @@ plan skip_all => "$test_name needs TLS enabled"
         || (!disabled("tls1_3") && disabled("tls1_2"));
  
  $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
  
  my $proxy = TLSProxy::Proxy->new(
      undef,
diff --git a/test/recipes/70-test_sslversions.t b/test/recipes/70-test_sslversions.t

index 45ecf5c5811f6cb5d4f02483e1ec6e7d82d0018d..636d2e79fb59957e0b90bf53366deff048c32873 100644 (file)
--- a/test/recipes/70-test_sslversions.t
+++ b/test/recipes/70-test_sslversions.t
@@ -49,7 +49,7 @@ my $proxy = TLSProxy::Proxy->new(
  );
  
  #We're just testing various negative and unusual scenarios here. ssltest with
-#02-protocol-version.conf should check all the various combinations of normal
+#02-protocol-version.cnf should check all the various combinations of normal
  #version neg
  
  #Test 1: An empty supported_versions extension should not succeed
diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t

index ad10eddeb7f6183611fc7d6721c068a97ae98835..27cec7adf1d3be138d32c2c90175c0d122c756ce 100644 (file)
--- a/test/recipes/70-test_tls13kexmodes.t
+++ b/test/recipes/70-test_tls13kexmodes.t
@@ -32,7 +32,7 @@ plan skip_all => "$test_name needs EC enabled"
      if disabled("ec");
  
  $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
  
  
  @handmessages = (
diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t

index 02afbdc4ffacf16eb77ee00dfe94fec38db66e54..d9ea21184426aaaae4f619ce6dd1fc5dcb712e28 100644 (file)
--- a/test/recipes/70-test_tls13messages.t
+++ b/test/recipes/70-test_tls13messages.t
@@ -32,7 +32,7 @@ plan skip_all => "$test_name needs EC enabled"
      if disabled("ec");
  
  $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
  
  
  @handmessages = (
diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t

index 11031f3f44ede486e53aa9d2038283281c29c4ae..ea48599d13ab755dacc434956a2ef5a0b3588a32 100644 (file)
--- a/test/recipes/70-test_tls13psk.t
+++ b/test/recipes/70-test_tls13psk.t
@@ -28,7 +28,7 @@ plan skip_all => "$test_name needs TLSv1.3 enabled"
      if disabled("tls1_3");
  
  $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
  
  my $proxy = TLSProxy::Proxy->new(
      undef,
diff --git a/test/recipes/80-test_ct.t b/test/recipes/80-test_ct.t

index 87705cf664363781b851f295cbb6a9518a4eb682..0017cfdc39c700ab74d0cb0a5eb61c0badcc4ea1 100644 (file)
--- a/test/recipes/80-test_ct.t
+++ b/test/recipes/80-test_ct.t
@@ -11,7 +11,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir/;
  use OpenSSL::Test::Simple;
  
  setup("test_ct");
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
  $ENV{CT_DIR} = srctop_dir("test", "ct");
  $ENV{CERTS_DIR} = srctop_dir("test", "certs");
  simple_test("test_ct", "ct_test", "ct", "ec");
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t

index 01a49173d670d5e35d5576103050254a85c2124b..3b1857cc79d64d5973863bde9129cef4c19cfad9 100644 (file)
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -19,9 +19,9 @@ use OpenSSL::Test::Utils qw/disabled alldisabled available_protocols/;
  setup("test_ssl_new");
  
  $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
  
-my @conf_srcs =  glob(srctop_file("test", "ssl-tests", "*.conf.in"));
+my @conf_srcs =  glob(srctop_file("test", "ssl-tests", "*.cnf.in"));
  map { s/;.*// } @conf_srcs if $^O eq "VMS";
  my @conf_files = map { basename($_, ".in") } @conf_srcs;
  map { s/\^// } @conf_files if $^O eq "VMS";
@@ -54,56 +54,56 @@ my $no_ocsp = disabled("ocsp");
  # Add your test here if the test conf.in generates test cases and/or
  # expectations dynamically based on the OpenSSL compile-time config.
  my %conf_dependent_tests = (
-  "02-protocol-version.conf" => !$is_default_tls,
-  "04-client_auth.conf" => !$is_default_tls || !$is_default_dtls
+  "02-protocol-version.cnf" => !$is_default_tls,
+  "04-client_auth.cnf" => !$is_default_tls || !$is_default_dtls
                             || !disabled("sctp"),
-  "05-sni.conf" => disabled("tls1_1"),
-  "07-dtls-protocol-version.conf" => !$is_default_dtls || !disabled("sctp"),
-  "10-resumption.conf" => !$is_default_tls || $no_ec,
-  "11-dtls_resumption.conf" => !$is_default_dtls || !disabled("sctp"),
-  "16-dtls-certstatus.conf" => !$is_default_dtls || !disabled("sctp"),
-  "17-renegotiate.conf" => disabled("tls1_2"),
-  "18-dtls-renegotiate.conf" => disabled("dtls1_2") || !disabled("sctp"),
-  "19-mac-then-encrypt.conf" => !$is_default_tls,
-  "20-cert-select.conf" => !$is_default_tls || $no_dh || $no_dsa,
-  "22-compression.conf" => !$is_default_tls,
-  "25-cipher.conf" => disabled("poly1305") || disabled("chacha"),
-  "27-ticket-appdata.conf" => !$is_default_tls,
-  "28-seclevel.conf" => disabled("tls1_2") || $no_ec,
-  "30-extended-master-secret.conf" => disabled("tls1_2"),
+  "05-sni.cnf" => disabled("tls1_1"),
+  "07-dtls-protocol-version.cnf" => !$is_default_dtls || !disabled("sctp"),
+  "10-resumption.cnf" => !$is_default_tls || $no_ec,
+  "11-dtls_resumption.cnf" => !$is_default_dtls || !disabled("sctp"),
+  "16-dtls-certstatus.cnf" => !$is_default_dtls || !disabled("sctp"),
+  "17-renegotiate.cnf" => disabled("tls1_2"),
+  "18-dtls-renegotiate.cnf" => disabled("dtls1_2") || !disabled("sctp"),
+  "19-mac-then-encrypt.cnf" => !$is_default_tls,
+  "20-cert-select.cnf" => !$is_default_tls || $no_dh || $no_dsa,
+  "22-compression.cnf" => !$is_default_tls,
+  "25-cipher.cnf" => disabled("poly1305") || disabled("chacha"),
+  "27-ticket-appdata.cnf" => !$is_default_tls,
+  "28-seclevel.cnf" => disabled("tls1_2") || $no_ec,
+  "30-extended-master-secret.cnf" => disabled("tls1_2"),
  );
  
  # Add your test here if it should be skipped for some compile-time
  # configurations. Default is $no_tls but some tests have different skip
  # conditions.
  my %skip = (
-  "06-sni-ticket.conf" => $no_tls_below1_3,
-  "07-dtls-protocol-version.conf" => $no_dtls,
-  "08-npn.conf" => (disabled("tls1") && disabled("tls1_1")
+  "06-sni-ticket.cnf" => $no_tls_below1_3,
+  "07-dtls-protocol-version.cnf" => $no_dtls,
+  "08-npn.cnf" => (disabled("tls1") && disabled("tls1_1")
                      && disabled("tls1_2")) || $no_npn,
-  "10-resumption.conf" => disabled("tls1_1") || disabled("tls1_2"),
-  "11-dtls_resumption.conf" => disabled("dtls1") || disabled("dtls1_2"),
-  "12-ct.conf" => $no_tls || $no_ct || $no_ec,
+  "10-resumption.cnf" => disabled("tls1_1") || disabled("tls1_2"),
+  "11-dtls_resumption.cnf" => disabled("dtls1") || disabled("dtls1_2"),
+  "12-ct.cnf" => $no_tls || $no_ct || $no_ec,
    # We could run some of these tests without TLS 1.2 if we had a per-test
    # disable instruction but that's a bizarre configuration not worth
    # special-casing for.
    # TODO(TLS 1.3): We should review this once we have TLS 1.3.
-  "13-fragmentation.conf" => disabled("tls1_2"),
-  "14-curves.conf" => disabled("tls1_2") || $no_ec || $no_ec2m,
-  "15-certstatus.conf" => $no_tls || $no_ocsp,
-  "16-dtls-certstatus.conf" => $no_dtls || $no_ocsp,
-  "17-renegotiate.conf" => $no_tls_below1_3,
-  "18-dtls-renegotiate.conf" => $no_dtls,
-  "19-mac-then-encrypt.conf" => $no_pre_tls1_3,
-  "20-cert-select.conf" => disabled("tls1_2") || $no_ec,
-  "21-key-update.conf" => disabled("tls1_3"),
-  "22-compression.conf" => disabled("zlib") || $no_tls,
-  "23-srp.conf" => (disabled("tls1") && disabled ("tls1_1")
+  "13-fragmentation.cnf" => disabled("tls1_2"),
+  "14-curves.cnf" => disabled("tls1_2") || $no_ec || $no_ec2m,
+  "15-certstatus.cnf" => $no_tls || $no_ocsp,
+  "16-dtls-certstatus.cnf" => $no_dtls || $no_ocsp,
+  "17-renegotiate.cnf" => $no_tls_below1_3,
+  "18-dtls-renegotiate.cnf" => $no_dtls,
+  "19-mac-then-encrypt.cnf" => $no_pre_tls1_3,
+  "20-cert-select.cnf" => disabled("tls1_2") || $no_ec,
+  "21-key-update.cnf" => disabled("tls1_3"),
+  "22-compression.cnf" => disabled("zlib") || $no_tls,
+  "23-srp.cnf" => (disabled("tls1") && disabled ("tls1_1")
                      && disabled("tls1_2")) || disabled("srp"),
-  "24-padding.conf" => disabled("tls1_3"),
-  "25-cipher.conf" => disabled("ec") || disabled("tls1_2"),
-  "26-tls13_client_auth.conf" => disabled("tls1_3"),
-  "29-dtls-sctp-label-bug.conf" => disabled("sctp") || disabled("sock"),
+  "24-padding.cnf" => disabled("tls1_3"),
+  "25-cipher.cnf" => disabled("ec") || disabled("tls1_2"),
+  "26-tls13_client_auth.cnf" => disabled("tls1_3"),
+  "29-dtls-sctp-label-bug.cnf" => disabled("sctp") || disabled("sock"),
  );
  
  foreach my $conf (@conf_files) {
@@ -133,7 +133,7 @@ sub test_conf {
             "Getting output from generate_ssl_tests.pl.");
  
      SKIP: {
-        # Test 2. Compare against existing output in test/ssl_tests.conf.
+        # Test 2. Compare against existing output in test/ssl_tests.cnf.
          skip "Skipping generated source test for $conf", 1
            if !$check_source;
  
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t

index 76e0758adb852fb45d2baeccca0326cbdcf9ad00..a4bdb6ddbb49cf53db9713ea6749a3c4b9984ad5 100644 (file)
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -18,7 +18,7 @@ use OpenSSL::Test::Utils;
  
  setup("test_ssl");
  
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
+$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
  
  my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk,
      $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3,
diff --git a/test/recipes/80-test_ssl_test_ctx.t b/test/recipes/80-test_ssl_test_ctx.t

index 5548f46d4908de91a5a2ba24363ffb2c643f5494..7775bd93516984a306e115389d48212976ea29c3 100644 (file)
--- a/test/recipes/80-test_ssl_test_ctx.t
+++ b/test/recipes/80-test_ssl_test_ctx.t
@@ -15,5 +15,5 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
  setup("test_ssl_test_ctx");
  
  plan tests => 1;
-ok(run(test(["ssl_test_ctx_test", srctop_file("test", "ssl_test_ctx_test.conf")])),
-   "running ssl_test_ctx_test ssl_test_ctx_test.conf");
+ok(run(test(["ssl_test_ctx_test", srctop_file("test", "ssl_test_ctx_test.cnf")])),
+   "running ssl_test_ctx_test ssl_test_ctx_test.cnf");
diff --git a/test/recipes/90-test_gost.t b/test/recipes/90-test_gost.t

index b01243fa620ff644783b7bf3fbaa0c48e044250f..f2010967a2c6fbde2b859f238fc5b40ba6a43afd 100644 (file)
--- a/test/recipes/90-test_gost.t
+++ b/test/recipes/90-test_gost.t
@@ -31,7 +31,7 @@ plan skip_all => "No test GOST engine found"
  plan tests => 1;
  
  $ENV{OPENSSL_CONF} = srctop_file("test", "recipes", "90-test_gost_data",
-                                 "gost.conf");
+                                 "gost.cnf");
  
  ok(run(test(["gosttest",
               srctop_file("test", "recipes", "90-test_gost_data",
diff --git a/test/recipes/90-test_gost_data/gost.cnf b/test/recipes/90-test_gost_data/gost.cnf

new file mode 100644 (file)

index 0000000..1f42b9d
--- /dev/null
+++ b/test/recipes/90-test_gost_data/gost.cnf
@@ -0,0 +1,13 @@
+openssl_conf = openssl_def
+[openssl_def]
+engines = engine_section
+
+[engine_section]
+gost = gost_section
+
+[gost_section]
+engine_id = gost
+dynamic_path = $ENV::OPENSSL_GOST_ENGINE_SO
+default_algorithms = ALL
+CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
+
diff --git a/test/recipes/90-test_gost_data/gost.conf b/test/recipes/90-test_gost_data/gost.conf

deleted file mode 100644 (file)

index 1f42b9d..0000000
--- a/test/recipes/90-test_gost_data/gost.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-openssl_conf = openssl_def
-[openssl_def]
-engines = engine_section
-
-[engine_section]
-gost = gost_section
-
-[gost_section]
-engine_id = gost
-dynamic_path = $ENV::OPENSSL_GOST_ENGINE_SO
-default_algorithms = ALL
-CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
-
diff --git a/test/recipes/90-test_includes_data/vms-includes.cnf b/test/recipes/90-test_includes_data/vms-includes.cnf

index ed4367bcf00e092d6296f78c4ad766eb7dd4c092..30fc4ef8e144cc696e62a981b74f0d4146ed47ee 100644 (file)
--- a/test/recipes/90-test_includes_data/vms-includes.cnf
+++ b/test/recipes/90-test_includes_data/vms-includes.cnf
@@ -2,4 +2,4 @@
  # Example configuration file using includes.
  #
  
-.include [.conf-includes]
+.include [.cnf-includes]
diff --git a/test/ssl-tests/01-simple.cnf b/test/ssl-tests/01-simple.cnf

new file mode 100644 (file)

index 0000000..7fc23f0
--- /dev/null
+++ b/test/ssl-tests/01-simple.cnf
@@ -0,0 +1,78 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 3
+
+test-0 = 0-default
+test-1 = 1-Server signature algorithms bug
+test-2 = 2-verify-cert
+# ===========================================================
+
+[0-default]
+ssl_conf = 0-default-ssl
+
+[0-default-ssl]
+server = 0-default-server
+client = 0-default-client
+
+[0-default-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-default-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[1-Server signature algorithms bug]
+ssl_conf = 1-Server signature algorithms bug-ssl
+
+[1-Server signature algorithms bug-ssl]
+server = 1-Server signature algorithms bug-server
+client = 1-Server signature algorithms bug-client
+
+[1-Server signature algorithms bug-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = PSS+SHA512:RSA+SHA512
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-Server signature algorithms bug-client]
+CipherString = DEFAULT
+SignatureAlgorithms = PSS+SHA256:RSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[2-verify-cert]
+ssl_conf = 2-verify-cert-ssl
+
+[2-verify-cert-ssl]
+server = 2-verify-cert-server
+client = 2-verify-cert-client
+
+[2-verify-cert-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-verify-cert-client]
+CipherString = DEFAULT
+VerifyMode = Peer
+
+[test-2]
+ExpectedClientAlert = UnknownCA
+ExpectedResult = ClientFail
+
+
diff --git a/test/ssl-tests/01-simple.cnf.in b/test/ssl-tests/01-simple.cnf.in

new file mode 100644 (file)

index 0000000..ccc751a
--- /dev/null
+++ b/test/ssl-tests/01-simple.cnf.in
@@ -0,0 +1,42 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## SSL test configurations
+
+package ssltests;
+
+our @tests = (
+    {
+        name => "default",
+        server => { },
+        client => { },
+        test   => { "ExpectedResult" => "Success" },
+    },
+
+    {
+        name => "Server signature algorithms bug",
+        # Should have no effect as we aren't doing client auth
+        server => { "ClientSignatureAlgorithms" => "PSS+SHA512:RSA+SHA512" },
+        client => { "SignatureAlgorithms" => "PSS+SHA256:RSA+SHA256" },
+        test   => { "ExpectedResult" => "Success" },
+    },
+
+    {
+        name => "verify-cert",
+        server => { },
+        client => {
+            # Don't set up the client root file.
+            "VerifyCAFile" => undef,
+        },
+        test   => {
+          "ExpectedResult" => "ClientFail",
+          "ExpectedClientAlert" => "UnknownCA",
+        },
+    },
+);
diff --git a/test/ssl-tests/01-simple.conf b/test/ssl-tests/01-simple.conf

deleted file mode 100644 (file)

index 7fc23f0..0000000
--- a/test/ssl-tests/01-simple.conf
+++ /dev/null
@@ -1,78 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 3
-
-test-0 = 0-default
-test-1 = 1-Server signature algorithms bug
-test-2 = 2-verify-cert
-# ===========================================================
-
-[0-default]
-ssl_conf = 0-default-ssl
-
-[0-default-ssl]
-server = 0-default-server
-client = 0-default-client
-
-[0-default-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-default-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[1-Server signature algorithms bug]
-ssl_conf = 1-Server signature algorithms bug-ssl
-
-[1-Server signature algorithms bug-ssl]
-server = 1-Server signature algorithms bug-server
-client = 1-Server signature algorithms bug-client
-
-[1-Server signature algorithms bug-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ClientSignatureAlgorithms = PSS+SHA512:RSA+SHA512
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-Server signature algorithms bug-client]
-CipherString = DEFAULT
-SignatureAlgorithms = PSS+SHA256:RSA+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[2-verify-cert]
-ssl_conf = 2-verify-cert-ssl
-
-[2-verify-cert-ssl]
-server = 2-verify-cert-server
-client = 2-verify-cert-client
-
-[2-verify-cert-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-verify-cert-client]
-CipherString = DEFAULT
-VerifyMode = Peer
-
-[test-2]
-ExpectedClientAlert = UnknownCA
-ExpectedResult = ClientFail
-
-
diff --git a/test/ssl-tests/01-simple.conf.in b/test/ssl-tests/01-simple.conf.in

deleted file mode 100644 (file)

index ccc751a..0000000
--- a/test/ssl-tests/01-simple.conf.in
+++ /dev/null
@@ -1,42 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## SSL test configurations
-
-package ssltests;
-
-our @tests = (
-    {
-        name => "default",
-        server => { },
-        client => { },
-        test   => { "ExpectedResult" => "Success" },
-    },
-
-    {
-        name => "Server signature algorithms bug",
-        # Should have no effect as we aren't doing client auth
-        server => { "ClientSignatureAlgorithms" => "PSS+SHA512:RSA+SHA512" },
-        client => { "SignatureAlgorithms" => "PSS+SHA256:RSA+SHA256" },
-        test   => { "ExpectedResult" => "Success" },
-    },
-
-    {
-        name => "verify-cert",
-        server => { },
-        client => {
-            # Don't set up the client root file.
-            "VerifyCAFile" => undef,
-        },
-        test   => {
-          "ExpectedResult" => "ClientFail",
-          "ExpectedClientAlert" => "UnknownCA",
-        },
-    },
-);
diff --git a/test/ssl-tests/02-protocol-version.cnf b/test/ssl-tests/02-protocol-version.cnf

new file mode 100644 (file)

index 0000000..4b7d7df
--- /dev/null
+++ b/test/ssl-tests/02-protocol-version.cnf
@@ -0,0 +1,18822 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 678
+
+test-0 = 0-version-negotiation
+test-1 = 1-version-negotiation
+test-2 = 2-version-negotiation
+test-3 = 3-version-negotiation
+test-4 = 4-version-negotiation
+test-5 = 5-version-negotiation
+test-6 = 6-version-negotiation
+test-7 = 7-version-negotiation
+test-8 = 8-version-negotiation
+test-9 = 9-version-negotiation
+test-10 = 10-version-negotiation
+test-11 = 11-version-negotiation
+test-12 = 12-version-negotiation
+test-13 = 13-version-negotiation
+test-14 = 14-version-negotiation
+test-15 = 15-version-negotiation
+test-16 = 16-version-negotiation
+test-17 = 17-version-negotiation
+test-18 = 18-version-negotiation
+test-19 = 19-version-negotiation
+test-20 = 20-version-negotiation
+test-21 = 21-version-negotiation
+test-22 = 22-version-negotiation
+test-23 = 23-version-negotiation
+test-24 = 24-version-negotiation
+test-25 = 25-version-negotiation
+test-26 = 26-version-negotiation
+test-27 = 27-version-negotiation
+test-28 = 28-version-negotiation
+test-29 = 29-version-negotiation
+test-30 = 30-version-negotiation
+test-31 = 31-version-negotiation
+test-32 = 32-version-negotiation
+test-33 = 33-version-negotiation
+test-34 = 34-version-negotiation
+test-35 = 35-version-negotiation
+test-36 = 36-version-negotiation
+test-37 = 37-version-negotiation
+test-38 = 38-version-negotiation
+test-39 = 39-version-negotiation
+test-40 = 40-version-negotiation
+test-41 = 41-version-negotiation
+test-42 = 42-version-negotiation
+test-43 = 43-version-negotiation
+test-44 = 44-version-negotiation
+test-45 = 45-version-negotiation
+test-46 = 46-version-negotiation
+test-47 = 47-version-negotiation
+test-48 = 48-version-negotiation
+test-49 = 49-version-negotiation
+test-50 = 50-version-negotiation
+test-51 = 51-version-negotiation
+test-52 = 52-version-negotiation
+test-53 = 53-version-negotiation
+test-54 = 54-version-negotiation
+test-55 = 55-version-negotiation
+test-56 = 56-version-negotiation
+test-57 = 57-version-negotiation
+test-58 = 58-version-negotiation
+test-59 = 59-version-negotiation
+test-60 = 60-version-negotiation
+test-61 = 61-version-negotiation
+test-62 = 62-version-negotiation
+test-63 = 63-version-negotiation
+test-64 = 64-version-negotiation
+test-65 = 65-version-negotiation
+test-66 = 66-version-negotiation
+test-67 = 67-version-negotiation
+test-68 = 68-version-negotiation
+test-69 = 69-version-negotiation
+test-70 = 70-version-negotiation
+test-71 = 71-version-negotiation
+test-72 = 72-version-negotiation
+test-73 = 73-version-negotiation
+test-74 = 74-version-negotiation
+test-75 = 75-version-negotiation
+test-76 = 76-version-negotiation
+test-77 = 77-version-negotiation
+test-78 = 78-version-negotiation
+test-79 = 79-version-negotiation
+test-80 = 80-version-negotiation
+test-81 = 81-version-negotiation
+test-82 = 82-version-negotiation
+test-83 = 83-version-negotiation
+test-84 = 84-version-negotiation
+test-85 = 85-version-negotiation
+test-86 = 86-version-negotiation
+test-87 = 87-version-negotiation
+test-88 = 88-version-negotiation
+test-89 = 89-version-negotiation
+test-90 = 90-version-negotiation
+test-91 = 91-version-negotiation
+test-92 = 92-version-negotiation
+test-93 = 93-version-negotiation
+test-94 = 94-version-negotiation
+test-95 = 95-version-negotiation
+test-96 = 96-version-negotiation
+test-97 = 97-version-negotiation
+test-98 = 98-version-negotiation
+test-99 = 99-version-negotiation
+test-100 = 100-version-negotiation
+test-101 = 101-version-negotiation
+test-102 = 102-version-negotiation
+test-103 = 103-version-negotiation
+test-104 = 104-version-negotiation
+test-105 = 105-version-negotiation
+test-106 = 106-version-negotiation
+test-107 = 107-version-negotiation
+test-108 = 108-version-negotiation
+test-109 = 109-version-negotiation
+test-110 = 110-version-negotiation
+test-111 = 111-version-negotiation
+test-112 = 112-version-negotiation
+test-113 = 113-version-negotiation
+test-114 = 114-version-negotiation
+test-115 = 115-version-negotiation
+test-116 = 116-version-negotiation
+test-117 = 117-version-negotiation
+test-118 = 118-version-negotiation
+test-119 = 119-version-negotiation
+test-120 = 120-version-negotiation
+test-121 = 121-version-negotiation
+test-122 = 122-version-negotiation
+test-123 = 123-version-negotiation
+test-124 = 124-version-negotiation
+test-125 = 125-version-negotiation
+test-126 = 126-version-negotiation
+test-127 = 127-version-negotiation
+test-128 = 128-version-negotiation
+test-129 = 129-version-negotiation
+test-130 = 130-version-negotiation
+test-131 = 131-version-negotiation
+test-132 = 132-version-negotiation
+test-133 = 133-version-negotiation
+test-134 = 134-version-negotiation
+test-135 = 135-version-negotiation
+test-136 = 136-version-negotiation
+test-137 = 137-version-negotiation
+test-138 = 138-version-negotiation
+test-139 = 139-version-negotiation
+test-140 = 140-version-negotiation
+test-141 = 141-version-negotiation
+test-142 = 142-version-negotiation
+test-143 = 143-version-negotiation
+test-144 = 144-version-negotiation
+test-145 = 145-version-negotiation
+test-146 = 146-version-negotiation
+test-147 = 147-version-negotiation
+test-148 = 148-version-negotiation
+test-149 = 149-version-negotiation
+test-150 = 150-version-negotiation
+test-151 = 151-version-negotiation
+test-152 = 152-version-negotiation
+test-153 = 153-version-negotiation
+test-154 = 154-version-negotiation
+test-155 = 155-version-negotiation
+test-156 = 156-version-negotiation
+test-157 = 157-version-negotiation
+test-158 = 158-version-negotiation
+test-159 = 159-version-negotiation
+test-160 = 160-version-negotiation
+test-161 = 161-version-negotiation
+test-162 = 162-version-negotiation
+test-163 = 163-version-negotiation
+test-164 = 164-version-negotiation
+test-165 = 165-version-negotiation
+test-166 = 166-version-negotiation
+test-167 = 167-version-negotiation
+test-168 = 168-version-negotiation
+test-169 = 169-version-negotiation
+test-170 = 170-version-negotiation
+test-171 = 171-version-negotiation
+test-172 = 172-version-negotiation
+test-173 = 173-version-negotiation
+test-174 = 174-version-negotiation
+test-175 = 175-version-negotiation
+test-176 = 176-version-negotiation
+test-177 = 177-version-negotiation
+test-178 = 178-version-negotiation
+test-179 = 179-version-negotiation
+test-180 = 180-version-negotiation
+test-181 = 181-version-negotiation
+test-182 = 182-version-negotiation
+test-183 = 183-version-negotiation
+test-184 = 184-version-negotiation
+test-185 = 185-version-negotiation
+test-186 = 186-version-negotiation
+test-187 = 187-version-negotiation
+test-188 = 188-version-negotiation
+test-189 = 189-version-negotiation
+test-190 = 190-version-negotiation
+test-191 = 191-version-negotiation
+test-192 = 192-version-negotiation
+test-193 = 193-version-negotiation
+test-194 = 194-version-negotiation
+test-195 = 195-version-negotiation
+test-196 = 196-version-negotiation
+test-197 = 197-version-negotiation
+test-198 = 198-version-negotiation
+test-199 = 199-version-negotiation
+test-200 = 200-version-negotiation
+test-201 = 201-version-negotiation
+test-202 = 202-version-negotiation
+test-203 = 203-version-negotiation
+test-204 = 204-version-negotiation
+test-205 = 205-version-negotiation
+test-206 = 206-version-negotiation
+test-207 = 207-version-negotiation
+test-208 = 208-version-negotiation
+test-209 = 209-version-negotiation
+test-210 = 210-version-negotiation
+test-211 = 211-version-negotiation
+test-212 = 212-version-negotiation
+test-213 = 213-version-negotiation
+test-214 = 214-version-negotiation
+test-215 = 215-version-negotiation
+test-216 = 216-version-negotiation
+test-217 = 217-version-negotiation
+test-218 = 218-version-negotiation
+test-219 = 219-version-negotiation
+test-220 = 220-version-negotiation
+test-221 = 221-version-negotiation
+test-222 = 222-version-negotiation
+test-223 = 223-version-negotiation
+test-224 = 224-version-negotiation
+test-225 = 225-version-negotiation
+test-226 = 226-version-negotiation
+test-227 = 227-version-negotiation
+test-228 = 228-version-negotiation
+test-229 = 229-version-negotiation
+test-230 = 230-version-negotiation
+test-231 = 231-version-negotiation
+test-232 = 232-version-negotiation
+test-233 = 233-version-negotiation
+test-234 = 234-version-negotiation
+test-235 = 235-version-negotiation
+test-236 = 236-version-negotiation
+test-237 = 237-version-negotiation
+test-238 = 238-version-negotiation
+test-239 = 239-version-negotiation
+test-240 = 240-version-negotiation
+test-241 = 241-version-negotiation
+test-242 = 242-version-negotiation
+test-243 = 243-version-negotiation
+test-244 = 244-version-negotiation
+test-245 = 245-version-negotiation
+test-246 = 246-version-negotiation
+test-247 = 247-version-negotiation
+test-248 = 248-version-negotiation
+test-249 = 249-version-negotiation
+test-250 = 250-version-negotiation
+test-251 = 251-version-negotiation
+test-252 = 252-version-negotiation
+test-253 = 253-version-negotiation
+test-254 = 254-version-negotiation
+test-255 = 255-version-negotiation
+test-256 = 256-version-negotiation
+test-257 = 257-version-negotiation
+test-258 = 258-version-negotiation
+test-259 = 259-version-negotiation
+test-260 = 260-version-negotiation
+test-261 = 261-version-negotiation
+test-262 = 262-version-negotiation
+test-263 = 263-version-negotiation
+test-264 = 264-version-negotiation
+test-265 = 265-version-negotiation
+test-266 = 266-version-negotiation
+test-267 = 267-version-negotiation
+test-268 = 268-version-negotiation
+test-269 = 269-version-negotiation
+test-270 = 270-version-negotiation
+test-271 = 271-version-negotiation
+test-272 = 272-version-negotiation
+test-273 = 273-version-negotiation
+test-274 = 274-version-negotiation
+test-275 = 275-version-negotiation
+test-276 = 276-version-negotiation
+test-277 = 277-version-negotiation
+test-278 = 278-version-negotiation
+test-279 = 279-version-negotiation
+test-280 = 280-version-negotiation
+test-281 = 281-version-negotiation
+test-282 = 282-version-negotiation
+test-283 = 283-version-negotiation
+test-284 = 284-version-negotiation
+test-285 = 285-version-negotiation
+test-286 = 286-version-negotiation
+test-287 = 287-version-negotiation
+test-288 = 288-version-negotiation
+test-289 = 289-version-negotiation
+test-290 = 290-version-negotiation
+test-291 = 291-version-negotiation
+test-292 = 292-version-negotiation
+test-293 = 293-version-negotiation
+test-294 = 294-version-negotiation
+test-295 = 295-version-negotiation
+test-296 = 296-version-negotiation
+test-297 = 297-version-negotiation
+test-298 = 298-version-negotiation
+test-299 = 299-version-negotiation
+test-300 = 300-version-negotiation
+test-301 = 301-version-negotiation
+test-302 = 302-version-negotiation
+test-303 = 303-version-negotiation
+test-304 = 304-version-negotiation
+test-305 = 305-version-negotiation
+test-306 = 306-version-negotiation
+test-307 = 307-version-negotiation
+test-308 = 308-version-negotiation
+test-309 = 309-version-negotiation
+test-310 = 310-version-negotiation
+test-311 = 311-version-negotiation
+test-312 = 312-version-negotiation
+test-313 = 313-version-negotiation
+test-314 = 314-version-negotiation
+test-315 = 315-version-negotiation
+test-316 = 316-version-negotiation
+test-317 = 317-version-negotiation
+test-318 = 318-version-negotiation
+test-319 = 319-version-negotiation
+test-320 = 320-version-negotiation
+test-321 = 321-version-negotiation
+test-322 = 322-version-negotiation
+test-323 = 323-version-negotiation
+test-324 = 324-version-negotiation
+test-325 = 325-version-negotiation
+test-326 = 326-version-negotiation
+test-327 = 327-version-negotiation
+test-328 = 328-version-negotiation
+test-329 = 329-version-negotiation
+test-330 = 330-version-negotiation
+test-331 = 331-version-negotiation
+test-332 = 332-version-negotiation
+test-333 = 333-version-negotiation
+test-334 = 334-version-negotiation
+test-335 = 335-version-negotiation
+test-336 = 336-version-negotiation
+test-337 = 337-version-negotiation
+test-338 = 338-version-negotiation
+test-339 = 339-version-negotiation
+test-340 = 340-version-negotiation
+test-341 = 341-version-negotiation
+test-342 = 342-version-negotiation
+test-343 = 343-version-negotiation
+test-344 = 344-version-negotiation
+test-345 = 345-version-negotiation
+test-346 = 346-version-negotiation
+test-347 = 347-version-negotiation
+test-348 = 348-version-negotiation
+test-349 = 349-version-negotiation
+test-350 = 350-version-negotiation
+test-351 = 351-version-negotiation
+test-352 = 352-version-negotiation
+test-353 = 353-version-negotiation
+test-354 = 354-version-negotiation
+test-355 = 355-version-negotiation
+test-356 = 356-version-negotiation
+test-357 = 357-version-negotiation
+test-358 = 358-version-negotiation
+test-359 = 359-version-negotiation
+test-360 = 360-version-negotiation
+test-361 = 361-version-negotiation
+test-362 = 362-version-negotiation
+test-363 = 363-version-negotiation
+test-364 = 364-version-negotiation
+test-365 = 365-version-negotiation
+test-366 = 366-version-negotiation
+test-367 = 367-version-negotiation
+test-368 = 368-version-negotiation
+test-369 = 369-version-negotiation
+test-370 = 370-version-negotiation
+test-371 = 371-version-negotiation
+test-372 = 372-version-negotiation
+test-373 = 373-version-negotiation
+test-374 = 374-version-negotiation
+test-375 = 375-version-negotiation
+test-376 = 376-version-negotiation
+test-377 = 377-version-negotiation
+test-378 = 378-version-negotiation
+test-379 = 379-version-negotiation
+test-380 = 380-version-negotiation
+test-381 = 381-version-negotiation
+test-382 = 382-version-negotiation
+test-383 = 383-version-negotiation
+test-384 = 384-version-negotiation
+test-385 = 385-version-negotiation
+test-386 = 386-version-negotiation
+test-387 = 387-version-negotiation
+test-388 = 388-version-negotiation
+test-389 = 389-version-negotiation
+test-390 = 390-version-negotiation
+test-391 = 391-version-negotiation
+test-392 = 392-version-negotiation
+test-393 = 393-version-negotiation
+test-394 = 394-version-negotiation
+test-395 = 395-version-negotiation
+test-396 = 396-version-negotiation
+test-397 = 397-version-negotiation
+test-398 = 398-version-negotiation
+test-399 = 399-version-negotiation
+test-400 = 400-version-negotiation
+test-401 = 401-version-negotiation
+test-402 = 402-version-negotiation
+test-403 = 403-version-negotiation
+test-404 = 404-version-negotiation
+test-405 = 405-version-negotiation
+test-406 = 406-version-negotiation
+test-407 = 407-version-negotiation
+test-408 = 408-version-negotiation
+test-409 = 409-version-negotiation
+test-410 = 410-version-negotiation
+test-411 = 411-version-negotiation
+test-412 = 412-version-negotiation
+test-413 = 413-version-negotiation
+test-414 = 414-version-negotiation
+test-415 = 415-version-negotiation
+test-416 = 416-version-negotiation
+test-417 = 417-version-negotiation
+test-418 = 418-version-negotiation
+test-419 = 419-version-negotiation
+test-420 = 420-version-negotiation
+test-421 = 421-version-negotiation
+test-422 = 422-version-negotiation
+test-423 = 423-version-negotiation
+test-424 = 424-version-negotiation
+test-425 = 425-version-negotiation
+test-426 = 426-version-negotiation
+test-427 = 427-version-negotiation
+test-428 = 428-version-negotiation
+test-429 = 429-version-negotiation
+test-430 = 430-version-negotiation
+test-431 = 431-version-negotiation
+test-432 = 432-version-negotiation
+test-433 = 433-version-negotiation
+test-434 = 434-version-negotiation
+test-435 = 435-version-negotiation
+test-436 = 436-version-negotiation
+test-437 = 437-version-negotiation
+test-438 = 438-version-negotiation
+test-439 = 439-version-negotiation
+test-440 = 440-version-negotiation
+test-441 = 441-version-negotiation
+test-442 = 442-version-negotiation
+test-443 = 443-version-negotiation
+test-444 = 444-version-negotiation
+test-445 = 445-version-negotiation
+test-446 = 446-version-negotiation
+test-447 = 447-version-negotiation
+test-448 = 448-version-negotiation
+test-449 = 449-version-negotiation
+test-450 = 450-version-negotiation
+test-451 = 451-version-negotiation
+test-452 = 452-version-negotiation
+test-453 = 453-version-negotiation
+test-454 = 454-version-negotiation
+test-455 = 455-version-negotiation
+test-456 = 456-version-negotiation
+test-457 = 457-version-negotiation
+test-458 = 458-version-negotiation
+test-459 = 459-version-negotiation
+test-460 = 460-version-negotiation
+test-461 = 461-version-negotiation
+test-462 = 462-version-negotiation
+test-463 = 463-version-negotiation
+test-464 = 464-version-negotiation
+test-465 = 465-version-negotiation
+test-466 = 466-version-negotiation
+test-467 = 467-version-negotiation
+test-468 = 468-version-negotiation
+test-469 = 469-version-negotiation
+test-470 = 470-version-negotiation
+test-471 = 471-version-negotiation
+test-472 = 472-version-negotiation
+test-473 = 473-version-negotiation
+test-474 = 474-version-negotiation
+test-475 = 475-version-negotiation
+test-476 = 476-version-negotiation
+test-477 = 477-version-negotiation
+test-478 = 478-version-negotiation
+test-479 = 479-version-negotiation
+test-480 = 480-version-negotiation
+test-481 = 481-version-negotiation
+test-482 = 482-version-negotiation
+test-483 = 483-version-negotiation
+test-484 = 484-version-negotiation
+test-485 = 485-version-negotiation
+test-486 = 486-version-negotiation
+test-487 = 487-version-negotiation
+test-488 = 488-version-negotiation
+test-489 = 489-version-negotiation
+test-490 = 490-version-negotiation
+test-491 = 491-version-negotiation
+test-492 = 492-version-negotiation
+test-493 = 493-version-negotiation
+test-494 = 494-version-negotiation
+test-495 = 495-version-negotiation
+test-496 = 496-version-negotiation
+test-497 = 497-version-negotiation
+test-498 = 498-version-negotiation
+test-499 = 499-version-negotiation
+test-500 = 500-version-negotiation
+test-501 = 501-version-negotiation
+test-502 = 502-version-negotiation
+test-503 = 503-version-negotiation
+test-504 = 504-version-negotiation
+test-505 = 505-version-negotiation
+test-506 = 506-version-negotiation
+test-507 = 507-version-negotiation
+test-508 = 508-version-negotiation
+test-509 = 509-version-negotiation
+test-510 = 510-version-negotiation
+test-511 = 511-version-negotiation
+test-512 = 512-version-negotiation
+test-513 = 513-version-negotiation
+test-514 = 514-version-negotiation
+test-515 = 515-version-negotiation
+test-516 = 516-version-negotiation
+test-517 = 517-version-negotiation
+test-518 = 518-version-negotiation
+test-519 = 519-version-negotiation
+test-520 = 520-version-negotiation
+test-521 = 521-version-negotiation
+test-522 = 522-version-negotiation
+test-523 = 523-version-negotiation
+test-524 = 524-version-negotiation
+test-525 = 525-version-negotiation
+test-526 = 526-version-negotiation
+test-527 = 527-version-negotiation
+test-528 = 528-version-negotiation
+test-529 = 529-version-negotiation
+test-530 = 530-version-negotiation
+test-531 = 531-version-negotiation
+test-532 = 532-version-negotiation
+test-533 = 533-version-negotiation
+test-534 = 534-version-negotiation
+test-535 = 535-version-negotiation
+test-536 = 536-version-negotiation
+test-537 = 537-version-negotiation
+test-538 = 538-version-negotiation
+test-539 = 539-version-negotiation
+test-540 = 540-version-negotiation
+test-541 = 541-version-negotiation
+test-542 = 542-version-negotiation
+test-543 = 543-version-negotiation
+test-544 = 544-version-negotiation
+test-545 = 545-version-negotiation
+test-546 = 546-version-negotiation
+test-547 = 547-version-negotiation
+test-548 = 548-version-negotiation
+test-549 = 549-version-negotiation
+test-550 = 550-version-negotiation
+test-551 = 551-version-negotiation
+test-552 = 552-version-negotiation
+test-553 = 553-version-negotiation
+test-554 = 554-version-negotiation
+test-555 = 555-version-negotiation
+test-556 = 556-version-negotiation
+test-557 = 557-version-negotiation
+test-558 = 558-version-negotiation
+test-559 = 559-version-negotiation
+test-560 = 560-version-negotiation
+test-561 = 561-version-negotiation
+test-562 = 562-version-negotiation
+test-563 = 563-version-negotiation
+test-564 = 564-version-negotiation
+test-565 = 565-version-negotiation
+test-566 = 566-version-negotiation
+test-567 = 567-version-negotiation
+test-568 = 568-version-negotiation
+test-569 = 569-version-negotiation
+test-570 = 570-version-negotiation
+test-571 = 571-version-negotiation
+test-572 = 572-version-negotiation
+test-573 = 573-version-negotiation
+test-574 = 574-version-negotiation
+test-575 = 575-version-negotiation
+test-576 = 576-version-negotiation
+test-577 = 577-version-negotiation
+test-578 = 578-version-negotiation
+test-579 = 579-version-negotiation
+test-580 = 580-version-negotiation
+test-581 = 581-version-negotiation
+test-582 = 582-version-negotiation
+test-583 = 583-version-negotiation
+test-584 = 584-version-negotiation
+test-585 = 585-version-negotiation
+test-586 = 586-version-negotiation
+test-587 = 587-version-negotiation
+test-588 = 588-version-negotiation
+test-589 = 589-version-negotiation
+test-590 = 590-version-negotiation
+test-591 = 591-version-negotiation
+test-592 = 592-version-negotiation
+test-593 = 593-version-negotiation
+test-594 = 594-version-negotiation
+test-595 = 595-version-negotiation
+test-596 = 596-version-negotiation
+test-597 = 597-version-negotiation
+test-598 = 598-version-negotiation
+test-599 = 599-version-negotiation
+test-600 = 600-version-negotiation
+test-601 = 601-version-negotiation
+test-602 = 602-version-negotiation
+test-603 = 603-version-negotiation
+test-604 = 604-version-negotiation
+test-605 = 605-version-negotiation
+test-606 = 606-version-negotiation
+test-607 = 607-version-negotiation
+test-608 = 608-version-negotiation
+test-609 = 609-version-negotiation
+test-610 = 610-version-negotiation
+test-611 = 611-version-negotiation
+test-612 = 612-version-negotiation
+test-613 = 613-version-negotiation
+test-614 = 614-version-negotiation
+test-615 = 615-version-negotiation
+test-616 = 616-version-negotiation
+test-617 = 617-version-negotiation
+test-618 = 618-version-negotiation
+test-619 = 619-version-negotiation
+test-620 = 620-version-negotiation
+test-621 = 621-version-negotiation
+test-622 = 622-version-negotiation
+test-623 = 623-version-negotiation
+test-624 = 624-version-negotiation
+test-625 = 625-version-negotiation
+test-626 = 626-version-negotiation
+test-627 = 627-version-negotiation
+test-628 = 628-version-negotiation
+test-629 = 629-version-negotiation
+test-630 = 630-version-negotiation
+test-631 = 631-version-negotiation
+test-632 = 632-version-negotiation
+test-633 = 633-version-negotiation
+test-634 = 634-version-negotiation
+test-635 = 635-version-negotiation
+test-636 = 636-version-negotiation
+test-637 = 637-version-negotiation
+test-638 = 638-version-negotiation
+test-639 = 639-version-negotiation
+test-640 = 640-version-negotiation
+test-641 = 641-version-negotiation
+test-642 = 642-version-negotiation
+test-643 = 643-version-negotiation
+test-644 = 644-version-negotiation
+test-645 = 645-version-negotiation
+test-646 = 646-version-negotiation
+test-647 = 647-version-negotiation
+test-648 = 648-version-negotiation
+test-649 = 649-version-negotiation
+test-650 = 650-version-negotiation
+test-651 = 651-version-negotiation
+test-652 = 652-version-negotiation
+test-653 = 653-version-negotiation
+test-654 = 654-version-negotiation
+test-655 = 655-version-negotiation
+test-656 = 656-version-negotiation
+test-657 = 657-version-negotiation
+test-658 = 658-version-negotiation
+test-659 = 659-version-negotiation
+test-660 = 660-version-negotiation
+test-661 = 661-version-negotiation
+test-662 = 662-version-negotiation
+test-663 = 663-version-negotiation
+test-664 = 664-version-negotiation
+test-665 = 665-version-negotiation
+test-666 = 666-version-negotiation
+test-667 = 667-version-negotiation
+test-668 = 668-version-negotiation
+test-669 = 669-version-negotiation
+test-670 = 670-version-negotiation
+test-671 = 671-version-negotiation
+test-672 = 672-version-negotiation
+test-673 = 673-version-negotiation
+test-674 = 674-version-negotiation
+test-675 = 675-version-negotiation
+test-676 = 676-ciphersuite-sanity-check-client
+test-677 = 677-ciphersuite-sanity-check-server
+# ===========================================================
+
+[0-version-negotiation]
+ssl_conf = 0-version-negotiation-ssl
+
+[0-version-negotiation-ssl]
+server = 0-version-negotiation-server
+client = 0-version-negotiation-client
+
+[0-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[1-version-negotiation]
+ssl_conf = 1-version-negotiation-ssl
+
+[1-version-negotiation-ssl]
+server = 1-version-negotiation-server
+client = 1-version-negotiation-client
+
+[1-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[2-version-negotiation]
+ssl_conf = 2-version-negotiation-ssl
+
+[2-version-negotiation-ssl]
+server = 2-version-negotiation-server
+client = 2-version-negotiation-client
+
+[2-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[3-version-negotiation]
+ssl_conf = 3-version-negotiation-ssl
+
+[3-version-negotiation-ssl]
+server = 3-version-negotiation-server
+client = 3-version-negotiation-client
+
+[3-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[4-version-negotiation]
+ssl_conf = 4-version-negotiation-ssl
+
+[4-version-negotiation-ssl]
+server = 4-version-negotiation-server
+client = 4-version-negotiation-client
+
+[4-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[5-version-negotiation]
+ssl_conf = 5-version-negotiation-ssl
+
+[5-version-negotiation-ssl]
+server = 5-version-negotiation-server
+client = 5-version-negotiation-client
+
+[5-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[6-version-negotiation]
+ssl_conf = 6-version-negotiation-ssl
+
+[6-version-negotiation-ssl]
+server = 6-version-negotiation-server
+client = 6-version-negotiation-client
+
+[6-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[7-version-negotiation]
+ssl_conf = 7-version-negotiation-ssl
+
+[7-version-negotiation-ssl]
+server = 7-version-negotiation-server
+client = 7-version-negotiation-client
+
+[7-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[8-version-negotiation]
+ssl_conf = 8-version-negotiation-ssl
+
+[8-version-negotiation-ssl]
+server = 8-version-negotiation-server
+client = 8-version-negotiation-client
+
+[8-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[9-version-negotiation]
+ssl_conf = 9-version-negotiation-ssl
+
+[9-version-negotiation-ssl]
+server = 9-version-negotiation-server
+client = 9-version-negotiation-client
+
+[9-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[10-version-negotiation]
+ssl_conf = 10-version-negotiation-ssl
+
+[10-version-negotiation-ssl]
+server = 10-version-negotiation-server
+client = 10-version-negotiation-client
+
+[10-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[11-version-negotiation]
+ssl_conf = 11-version-negotiation-ssl
+
+[11-version-negotiation-ssl]
+server = 11-version-negotiation-server
+client = 11-version-negotiation-client
+
+[11-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[12-version-negotiation]
+ssl_conf = 12-version-negotiation-ssl
+
+[12-version-negotiation-ssl]
+server = 12-version-negotiation-server
+client = 12-version-negotiation-client
+
+[12-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[13-version-negotiation]
+ssl_conf = 13-version-negotiation-ssl
+
+[13-version-negotiation-ssl]
+server = 13-version-negotiation-server
+client = 13-version-negotiation-client
+
+[13-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[14-version-negotiation]
+ssl_conf = 14-version-negotiation-ssl
+
+[14-version-negotiation-ssl]
+server = 14-version-negotiation-server
+client = 14-version-negotiation-client
+
+[14-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[15-version-negotiation]
+ssl_conf = 15-version-negotiation-ssl
+
+[15-version-negotiation-ssl]
+server = 15-version-negotiation-server
+client = 15-version-negotiation-client
+
+[15-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[16-version-negotiation]
+ssl_conf = 16-version-negotiation-ssl
+
+[16-version-negotiation-ssl]
+server = 16-version-negotiation-server
+client = 16-version-negotiation-client
+
+[16-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[17-version-negotiation]
+ssl_conf = 17-version-negotiation-ssl
+
+[17-version-negotiation-ssl]
+server = 17-version-negotiation-server
+client = 17-version-negotiation-client
+
+[17-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[18-version-negotiation]
+ssl_conf = 18-version-negotiation-ssl
+
+[18-version-negotiation-ssl]
+server = 18-version-negotiation-server
+client = 18-version-negotiation-client
+
+[18-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[19-version-negotiation]
+ssl_conf = 19-version-negotiation-ssl
+
+[19-version-negotiation-ssl]
+server = 19-version-negotiation-server
+client = 19-version-negotiation-client
+
+[19-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[20-version-negotiation]
+ssl_conf = 20-version-negotiation-ssl
+
+[20-version-negotiation-ssl]
+server = 20-version-negotiation-server
+client = 20-version-negotiation-client
+
+[20-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[20-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-20]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[21-version-negotiation]
+ssl_conf = 21-version-negotiation-ssl
+
+[21-version-negotiation-ssl]
+server = 21-version-negotiation-server
+client = 21-version-negotiation-client
+
+[21-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[21-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-21]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[22-version-negotiation]
+ssl_conf = 22-version-negotiation-ssl
+
+[22-version-negotiation-ssl]
+server = 22-version-negotiation-server
+client = 22-version-negotiation-client
+
+[22-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[22-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-22]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[23-version-negotiation]
+ssl_conf = 23-version-negotiation-ssl
+
+[23-version-negotiation-ssl]
+server = 23-version-negotiation-server
+client = 23-version-negotiation-client
+
+[23-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[23-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-23]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[24-version-negotiation]
+ssl_conf = 24-version-negotiation-ssl
+
+[24-version-negotiation-ssl]
+server = 24-version-negotiation-server
+client = 24-version-negotiation-client
+
+[24-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[24-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-24]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[25-version-negotiation]
+ssl_conf = 25-version-negotiation-ssl
+
+[25-version-negotiation-ssl]
+server = 25-version-negotiation-server
+client = 25-version-negotiation-client
+
+[25-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[25-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-25]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[26-version-negotiation]
+ssl_conf = 26-version-negotiation-ssl
+
+[26-version-negotiation-ssl]
+server = 26-version-negotiation-server
+client = 26-version-negotiation-client
+
+[26-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[26-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-26]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[27-version-negotiation]
+ssl_conf = 27-version-negotiation-ssl
+
+[27-version-negotiation-ssl]
+server = 27-version-negotiation-server
+client = 27-version-negotiation-client
+
+[27-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[27-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-27]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[28-version-negotiation]
+ssl_conf = 28-version-negotiation-ssl
+
+[28-version-negotiation-ssl]
+server = 28-version-negotiation-server
+client = 28-version-negotiation-client
+
+[28-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[28-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-28]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[29-version-negotiation]
+ssl_conf = 29-version-negotiation-ssl
+
+[29-version-negotiation-ssl]
+server = 29-version-negotiation-server
+client = 29-version-negotiation-client
+
+[29-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[29-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-29]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[30-version-negotiation]
+ssl_conf = 30-version-negotiation-ssl
+
+[30-version-negotiation-ssl]
+server = 30-version-negotiation-server
+client = 30-version-negotiation-client
+
+[30-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[30-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-30]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[31-version-negotiation]
+ssl_conf = 31-version-negotiation-ssl
+
+[31-version-negotiation-ssl]
+server = 31-version-negotiation-server
+client = 31-version-negotiation-client
+
+[31-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[31-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-31]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[32-version-negotiation]
+ssl_conf = 32-version-negotiation-ssl
+
+[32-version-negotiation-ssl]
+server = 32-version-negotiation-server
+client = 32-version-negotiation-client
+
+[32-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[32-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-32]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[33-version-negotiation]
+ssl_conf = 33-version-negotiation-ssl
+
+[33-version-negotiation-ssl]
+server = 33-version-negotiation-server
+client = 33-version-negotiation-client
+
+[33-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[33-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-33]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[34-version-negotiation]
+ssl_conf = 34-version-negotiation-ssl
+
+[34-version-negotiation-ssl]
+server = 34-version-negotiation-server
+client = 34-version-negotiation-client
+
+[34-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[34-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-34]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[35-version-negotiation]
+ssl_conf = 35-version-negotiation-ssl
+
+[35-version-negotiation-ssl]
+server = 35-version-negotiation-server
+client = 35-version-negotiation-client
+
+[35-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[35-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-35]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[36-version-negotiation]
+ssl_conf = 36-version-negotiation-ssl
+
+[36-version-negotiation-ssl]
+server = 36-version-negotiation-server
+client = 36-version-negotiation-client
+
+[36-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[36-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-36]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[37-version-negotiation]
+ssl_conf = 37-version-negotiation-ssl
+
+[37-version-negotiation-ssl]
+server = 37-version-negotiation-server
+client = 37-version-negotiation-client
+
+[37-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[37-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-37]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[38-version-negotiation]
+ssl_conf = 38-version-negotiation-ssl
+
+[38-version-negotiation-ssl]
+server = 38-version-negotiation-server
+client = 38-version-negotiation-client
+
+[38-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[38-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-38]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[39-version-negotiation]
+ssl_conf = 39-version-negotiation-ssl
+
+[39-version-negotiation-ssl]
+server = 39-version-negotiation-server
+client = 39-version-negotiation-client
+
+[39-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[39-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-39]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[40-version-negotiation]
+ssl_conf = 40-version-negotiation-ssl
+
+[40-version-negotiation-ssl]
+server = 40-version-negotiation-server
+client = 40-version-negotiation-client
+
+[40-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[40-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-40]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[41-version-negotiation]
+ssl_conf = 41-version-negotiation-ssl
+
+[41-version-negotiation-ssl]
+server = 41-version-negotiation-server
+client = 41-version-negotiation-client
+
+[41-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[41-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-41]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[42-version-negotiation]
+ssl_conf = 42-version-negotiation-ssl
+
+[42-version-negotiation-ssl]
+server = 42-version-negotiation-server
+client = 42-version-negotiation-client
+
+[42-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[42-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-42]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[43-version-negotiation]
+ssl_conf = 43-version-negotiation-ssl
+
+[43-version-negotiation-ssl]
+server = 43-version-negotiation-server
+client = 43-version-negotiation-client
+
+[43-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[43-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-43]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[44-version-negotiation]
+ssl_conf = 44-version-negotiation-ssl
+
+[44-version-negotiation-ssl]
+server = 44-version-negotiation-server
+client = 44-version-negotiation-client
+
+[44-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[44-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-44]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[45-version-negotiation]
+ssl_conf = 45-version-negotiation-ssl
+
+[45-version-negotiation-ssl]
+server = 45-version-negotiation-server
+client = 45-version-negotiation-client
+
+[45-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[45-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-45]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[46-version-negotiation]
+ssl_conf = 46-version-negotiation-ssl
+
+[46-version-negotiation-ssl]
+server = 46-version-negotiation-server
+client = 46-version-negotiation-client
+
+[46-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[46-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-46]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[47-version-negotiation]
+ssl_conf = 47-version-negotiation-ssl
+
+[47-version-negotiation-ssl]
+server = 47-version-negotiation-server
+client = 47-version-negotiation-client
+
+[47-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[47-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-47]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[48-version-negotiation]
+ssl_conf = 48-version-negotiation-ssl
+
+[48-version-negotiation-ssl]
+server = 48-version-negotiation-server
+client = 48-version-negotiation-client
+
+[48-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[48-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-48]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[49-version-negotiation]
+ssl_conf = 49-version-negotiation-ssl
+
+[49-version-negotiation-ssl]
+server = 49-version-negotiation-server
+client = 49-version-negotiation-client
+
+[49-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[49-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-49]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[50-version-negotiation]
+ssl_conf = 50-version-negotiation-ssl
+
+[50-version-negotiation-ssl]
+server = 50-version-negotiation-server
+client = 50-version-negotiation-client
+
+[50-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[50-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-50]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[51-version-negotiation]
+ssl_conf = 51-version-negotiation-ssl
+
+[51-version-negotiation-ssl]
+server = 51-version-negotiation-server
+client = 51-version-negotiation-client
+
+[51-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[51-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-51]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[52-version-negotiation]
+ssl_conf = 52-version-negotiation-ssl
+
+[52-version-negotiation-ssl]
+server = 52-version-negotiation-server
+client = 52-version-negotiation-client
+
+[52-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[52-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-52]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[53-version-negotiation]
+ssl_conf = 53-version-negotiation-ssl
+
+[53-version-negotiation-ssl]
+server = 53-version-negotiation-server
+client = 53-version-negotiation-client
+
+[53-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[53-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-53]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[54-version-negotiation]
+ssl_conf = 54-version-negotiation-ssl
+
+[54-version-negotiation-ssl]
+server = 54-version-negotiation-server
+client = 54-version-negotiation-client
+
+[54-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[54-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-54]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[55-version-negotiation]
+ssl_conf = 55-version-negotiation-ssl
+
+[55-version-negotiation-ssl]
+server = 55-version-negotiation-server
+client = 55-version-negotiation-client
+
+[55-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[55-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-55]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[56-version-negotiation]
+ssl_conf = 56-version-negotiation-ssl
+
+[56-version-negotiation-ssl]
+server = 56-version-negotiation-server
+client = 56-version-negotiation-client
+
+[56-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[56-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-56]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[57-version-negotiation]
+ssl_conf = 57-version-negotiation-ssl
+
+[57-version-negotiation-ssl]
+server = 57-version-negotiation-server
+client = 57-version-negotiation-client
+
+[57-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[57-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-57]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[58-version-negotiation]
+ssl_conf = 58-version-negotiation-ssl
+
+[58-version-negotiation-ssl]
+server = 58-version-negotiation-server
+client = 58-version-negotiation-client
+
+[58-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[58-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-58]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[59-version-negotiation]
+ssl_conf = 59-version-negotiation-ssl
+
+[59-version-negotiation-ssl]
+server = 59-version-negotiation-server
+client = 59-version-negotiation-client
+
+[59-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[59-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-59]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[60-version-negotiation]
+ssl_conf = 60-version-negotiation-ssl
+
+[60-version-negotiation-ssl]
+server = 60-version-negotiation-server
+client = 60-version-negotiation-client
+
+[60-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[60-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-60]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[61-version-negotiation]
+ssl_conf = 61-version-negotiation-ssl
+
+[61-version-negotiation-ssl]
+server = 61-version-negotiation-server
+client = 61-version-negotiation-client
+
+[61-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[61-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-61]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[62-version-negotiation]
+ssl_conf = 62-version-negotiation-ssl
+
+[62-version-negotiation-ssl]
+server = 62-version-negotiation-server
+client = 62-version-negotiation-client
+
+[62-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[62-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-62]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[63-version-negotiation]
+ssl_conf = 63-version-negotiation-ssl
+
+[63-version-negotiation-ssl]
+server = 63-version-negotiation-server
+client = 63-version-negotiation-client
+
+[63-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[63-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-63]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[64-version-negotiation]
+ssl_conf = 64-version-negotiation-ssl
+
+[64-version-negotiation-ssl]
+server = 64-version-negotiation-server
+client = 64-version-negotiation-client
+
+[64-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[64-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-64]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[65-version-negotiation]
+ssl_conf = 65-version-negotiation-ssl
+
+[65-version-negotiation-ssl]
+server = 65-version-negotiation-server
+client = 65-version-negotiation-client
+
+[65-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[65-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-65]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[66-version-negotiation]
+ssl_conf = 66-version-negotiation-ssl
+
+[66-version-negotiation-ssl]
+server = 66-version-negotiation-server
+client = 66-version-negotiation-client
+
+[66-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[66-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-66]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[67-version-negotiation]
+ssl_conf = 67-version-negotiation-ssl
+
+[67-version-negotiation-ssl]
+server = 67-version-negotiation-server
+client = 67-version-negotiation-client
+
+[67-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[67-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-67]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[68-version-negotiation]
+ssl_conf = 68-version-negotiation-ssl
+
+[68-version-negotiation-ssl]
+server = 68-version-negotiation-server
+client = 68-version-negotiation-client
+
+[68-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[68-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-68]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[69-version-negotiation]
+ssl_conf = 69-version-negotiation-ssl
+
+[69-version-negotiation-ssl]
+server = 69-version-negotiation-server
+client = 69-version-negotiation-client
+
+[69-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[69-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-69]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[70-version-negotiation]
+ssl_conf = 70-version-negotiation-ssl
+
+[70-version-negotiation-ssl]
+server = 70-version-negotiation-server
+client = 70-version-negotiation-client
+
+[70-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[70-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-70]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[71-version-negotiation]
+ssl_conf = 71-version-negotiation-ssl
+
+[71-version-negotiation-ssl]
+server = 71-version-negotiation-server
+client = 71-version-negotiation-client
+
+[71-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[71-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-71]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[72-version-negotiation]
+ssl_conf = 72-version-negotiation-ssl
+
+[72-version-negotiation-ssl]
+server = 72-version-negotiation-server
+client = 72-version-negotiation-client
+
+[72-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[72-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-72]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[73-version-negotiation]
+ssl_conf = 73-version-negotiation-ssl
+
+[73-version-negotiation-ssl]
+server = 73-version-negotiation-server
+client = 73-version-negotiation-client
+
+[73-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[73-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-73]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[74-version-negotiation]
+ssl_conf = 74-version-negotiation-ssl
+
+[74-version-negotiation-ssl]
+server = 74-version-negotiation-server
+client = 74-version-negotiation-client
+
+[74-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[74-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-74]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[75-version-negotiation]
+ssl_conf = 75-version-negotiation-ssl
+
+[75-version-negotiation-ssl]
+server = 75-version-negotiation-server
+client = 75-version-negotiation-client
+
+[75-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[75-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-75]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[76-version-negotiation]
+ssl_conf = 76-version-negotiation-ssl
+
+[76-version-negotiation-ssl]
+server = 76-version-negotiation-server
+client = 76-version-negotiation-client
+
+[76-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[76-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-76]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[77-version-negotiation]
+ssl_conf = 77-version-negotiation-ssl
+
+[77-version-negotiation-ssl]
+server = 77-version-negotiation-server
+client = 77-version-negotiation-client
+
+[77-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[77-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-77]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[78-version-negotiation]
+ssl_conf = 78-version-negotiation-ssl
+
+[78-version-negotiation-ssl]
+server = 78-version-negotiation-server
+client = 78-version-negotiation-client
+
+[78-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[78-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-78]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[79-version-negotiation]
+ssl_conf = 79-version-negotiation-ssl
+
+[79-version-negotiation-ssl]
+server = 79-version-negotiation-server
+client = 79-version-negotiation-client
+
+[79-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[79-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-79]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[80-version-negotiation]
+ssl_conf = 80-version-negotiation-ssl
+
+[80-version-negotiation-ssl]
+server = 80-version-negotiation-server
+client = 80-version-negotiation-client
+
+[80-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[80-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-80]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[81-version-negotiation]
+ssl_conf = 81-version-negotiation-ssl
+
+[81-version-negotiation-ssl]
+server = 81-version-negotiation-server
+client = 81-version-negotiation-client
+
+[81-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[81-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-81]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[82-version-negotiation]
+ssl_conf = 82-version-negotiation-ssl
+
+[82-version-negotiation-ssl]
+server = 82-version-negotiation-server
+client = 82-version-negotiation-client
+
+[82-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[82-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-82]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[83-version-negotiation]
+ssl_conf = 83-version-negotiation-ssl
+
+[83-version-negotiation-ssl]
+server = 83-version-negotiation-server
+client = 83-version-negotiation-client
+
+[83-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[83-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-83]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[84-version-negotiation]
+ssl_conf = 84-version-negotiation-ssl
+
+[84-version-negotiation-ssl]
+server = 84-version-negotiation-server
+client = 84-version-negotiation-client
+
+[84-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[84-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-84]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[85-version-negotiation]
+ssl_conf = 85-version-negotiation-ssl
+
+[85-version-negotiation-ssl]
+server = 85-version-negotiation-server
+client = 85-version-negotiation-client
+
+[85-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[85-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-85]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[86-version-negotiation]
+ssl_conf = 86-version-negotiation-ssl
+
+[86-version-negotiation-ssl]
+server = 86-version-negotiation-server
+client = 86-version-negotiation-client
+
+[86-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[86-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-86]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[87-version-negotiation]
+ssl_conf = 87-version-negotiation-ssl
+
+[87-version-negotiation-ssl]
+server = 87-version-negotiation-server
+client = 87-version-negotiation-client
+
+[87-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[87-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-87]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[88-version-negotiation]
+ssl_conf = 88-version-negotiation-ssl
+
+[88-version-negotiation-ssl]
+server = 88-version-negotiation-server
+client = 88-version-negotiation-client
+
+[88-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[88-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-88]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[89-version-negotiation]
+ssl_conf = 89-version-negotiation-ssl
+
+[89-version-negotiation-ssl]
+server = 89-version-negotiation-server
+client = 89-version-negotiation-client
+
+[89-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[89-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-89]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[90-version-negotiation]
+ssl_conf = 90-version-negotiation-ssl
+
+[90-version-negotiation-ssl]
+server = 90-version-negotiation-server
+client = 90-version-negotiation-client
+
+[90-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[90-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-90]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[91-version-negotiation]
+ssl_conf = 91-version-negotiation-ssl
+
+[91-version-negotiation-ssl]
+server = 91-version-negotiation-server
+client = 91-version-negotiation-client
+
+[91-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[91-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-91]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[92-version-negotiation]
+ssl_conf = 92-version-negotiation-ssl
+
+[92-version-negotiation-ssl]
+server = 92-version-negotiation-server
+client = 92-version-negotiation-client
+
+[92-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[92-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-92]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[93-version-negotiation]
+ssl_conf = 93-version-negotiation-ssl
+
+[93-version-negotiation-ssl]
+server = 93-version-negotiation-server
+client = 93-version-negotiation-client
+
+[93-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[93-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-93]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[94-version-negotiation]
+ssl_conf = 94-version-negotiation-ssl
+
+[94-version-negotiation-ssl]
+server = 94-version-negotiation-server
+client = 94-version-negotiation-client
+
+[94-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[94-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-94]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[95-version-negotiation]
+ssl_conf = 95-version-negotiation-ssl
+
+[95-version-negotiation-ssl]
+server = 95-version-negotiation-server
+client = 95-version-negotiation-client
+
+[95-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[95-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-95]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[96-version-negotiation]
+ssl_conf = 96-version-negotiation-ssl
+
+[96-version-negotiation-ssl]
+server = 96-version-negotiation-server
+client = 96-version-negotiation-client
+
+[96-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[96-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-96]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[97-version-negotiation]
+ssl_conf = 97-version-negotiation-ssl
+
+[97-version-negotiation-ssl]
+server = 97-version-negotiation-server
+client = 97-version-negotiation-client
+
+[97-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[97-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-97]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[98-version-negotiation]
+ssl_conf = 98-version-negotiation-ssl
+
+[98-version-negotiation-ssl]
+server = 98-version-negotiation-server
+client = 98-version-negotiation-client
+
+[98-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[98-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-98]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[99-version-negotiation]
+ssl_conf = 99-version-negotiation-ssl
+
+[99-version-negotiation-ssl]
+server = 99-version-negotiation-server
+client = 99-version-negotiation-client
+
+[99-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[99-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-99]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[100-version-negotiation]
+ssl_conf = 100-version-negotiation-ssl
+
+[100-version-negotiation-ssl]
+server = 100-version-negotiation-server
+client = 100-version-negotiation-client
+
+[100-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[100-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-100]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[101-version-negotiation]
+ssl_conf = 101-version-negotiation-ssl
+
+[101-version-negotiation-ssl]
+server = 101-version-negotiation-server
+client = 101-version-negotiation-client
+
+[101-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[101-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-101]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[102-version-negotiation]
+ssl_conf = 102-version-negotiation-ssl
+
+[102-version-negotiation-ssl]
+server = 102-version-negotiation-server
+client = 102-version-negotiation-client
+
+[102-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[102-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-102]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[103-version-negotiation]
+ssl_conf = 103-version-negotiation-ssl
+
+[103-version-negotiation-ssl]
+server = 103-version-negotiation-server
+client = 103-version-negotiation-client
+
+[103-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[103-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-103]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[104-version-negotiation]
+ssl_conf = 104-version-negotiation-ssl
+
+[104-version-negotiation-ssl]
+server = 104-version-negotiation-server
+client = 104-version-negotiation-client
+
+[104-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[104-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-104]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[105-version-negotiation]
+ssl_conf = 105-version-negotiation-ssl
+
+[105-version-negotiation-ssl]
+server = 105-version-negotiation-server
+client = 105-version-negotiation-client
+
+[105-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[105-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-105]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[106-version-negotiation]
+ssl_conf = 106-version-negotiation-ssl
+
+[106-version-negotiation-ssl]
+server = 106-version-negotiation-server
+client = 106-version-negotiation-client
+
+[106-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[106-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-106]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[107-version-negotiation]
+ssl_conf = 107-version-negotiation-ssl
+
+[107-version-negotiation-ssl]
+server = 107-version-negotiation-server
+client = 107-version-negotiation-client
+
+[107-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[107-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-107]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[108-version-negotiation]
+ssl_conf = 108-version-negotiation-ssl
+
+[108-version-negotiation-ssl]
+server = 108-version-negotiation-server
+client = 108-version-negotiation-client
+
+[108-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[108-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-108]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[109-version-negotiation]
+ssl_conf = 109-version-negotiation-ssl
+
+[109-version-negotiation-ssl]
+server = 109-version-negotiation-server
+client = 109-version-negotiation-client
+
+[109-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[109-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-109]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[110-version-negotiation]
+ssl_conf = 110-version-negotiation-ssl
+
+[110-version-negotiation-ssl]
+server = 110-version-negotiation-server
+client = 110-version-negotiation-client
+
+[110-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[110-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-110]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[111-version-negotiation]
+ssl_conf = 111-version-negotiation-ssl
+
+[111-version-negotiation-ssl]
+server = 111-version-negotiation-server
+client = 111-version-negotiation-client
+
+[111-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[111-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-111]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[112-version-negotiation]
+ssl_conf = 112-version-negotiation-ssl
+
+[112-version-negotiation-ssl]
+server = 112-version-negotiation-server
+client = 112-version-negotiation-client
+
+[112-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[112-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-112]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[113-version-negotiation]
+ssl_conf = 113-version-negotiation-ssl
+
+[113-version-negotiation-ssl]
+server = 113-version-negotiation-server
+client = 113-version-negotiation-client
+
+[113-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[113-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-113]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[114-version-negotiation]
+ssl_conf = 114-version-negotiation-ssl
+
+[114-version-negotiation-ssl]
+server = 114-version-negotiation-server
+client = 114-version-negotiation-client
+
+[114-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[114-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-114]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[115-version-negotiation]
+ssl_conf = 115-version-negotiation-ssl
+
+[115-version-negotiation-ssl]
+server = 115-version-negotiation-server
+client = 115-version-negotiation-client
+
+[115-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[115-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-115]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[116-version-negotiation]
+ssl_conf = 116-version-negotiation-ssl
+
+[116-version-negotiation-ssl]
+server = 116-version-negotiation-server
+client = 116-version-negotiation-client
+
+[116-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[116-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-116]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[117-version-negotiation]
+ssl_conf = 117-version-negotiation-ssl
+
+[117-version-negotiation-ssl]
+server = 117-version-negotiation-server
+client = 117-version-negotiation-client
+
+[117-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[117-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-117]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[118-version-negotiation]
+ssl_conf = 118-version-negotiation-ssl
+
+[118-version-negotiation-ssl]
+server = 118-version-negotiation-server
+client = 118-version-negotiation-client
+
+[118-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[118-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-118]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[119-version-negotiation]
+ssl_conf = 119-version-negotiation-ssl
+
+[119-version-negotiation-ssl]
+server = 119-version-negotiation-server
+client = 119-version-negotiation-client
+
+[119-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[119-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-119]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[120-version-negotiation]
+ssl_conf = 120-version-negotiation-ssl
+
+[120-version-negotiation-ssl]
+server = 120-version-negotiation-server
+client = 120-version-negotiation-client
+
+[120-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[120-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-120]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[121-version-negotiation]
+ssl_conf = 121-version-negotiation-ssl
+
+[121-version-negotiation-ssl]
+server = 121-version-negotiation-server
+client = 121-version-negotiation-client
+
+[121-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[121-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-121]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[122-version-negotiation]
+ssl_conf = 122-version-negotiation-ssl
+
+[122-version-negotiation-ssl]
+server = 122-version-negotiation-server
+client = 122-version-negotiation-client
+
+[122-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[122-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-122]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[123-version-negotiation]
+ssl_conf = 123-version-negotiation-ssl
+
+[123-version-negotiation-ssl]
+server = 123-version-negotiation-server
+client = 123-version-negotiation-client
+
+[123-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[123-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-123]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[124-version-negotiation]
+ssl_conf = 124-version-negotiation-ssl
+
+[124-version-negotiation-ssl]
+server = 124-version-negotiation-server
+client = 124-version-negotiation-client
+
+[124-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[124-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-124]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[125-version-negotiation]
+ssl_conf = 125-version-negotiation-ssl
+
+[125-version-negotiation-ssl]
+server = 125-version-negotiation-server
+client = 125-version-negotiation-client
+
+[125-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[125-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-125]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[126-version-negotiation]
+ssl_conf = 126-version-negotiation-ssl
+
+[126-version-negotiation-ssl]
+server = 126-version-negotiation-server
+client = 126-version-negotiation-client
+
+[126-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[126-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-126]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[127-version-negotiation]
+ssl_conf = 127-version-negotiation-ssl
+
+[127-version-negotiation-ssl]
+server = 127-version-negotiation-server
+client = 127-version-negotiation-client
+
+[127-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[127-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-127]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[128-version-negotiation]
+ssl_conf = 128-version-negotiation-ssl
+
+[128-version-negotiation-ssl]
+server = 128-version-negotiation-server
+client = 128-version-negotiation-client
+
+[128-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[128-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-128]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[129-version-negotiation]
+ssl_conf = 129-version-negotiation-ssl
+
+[129-version-negotiation-ssl]
+server = 129-version-negotiation-server
+client = 129-version-negotiation-client
+
+[129-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[129-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-129]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[130-version-negotiation]
+ssl_conf = 130-version-negotiation-ssl
+
+[130-version-negotiation-ssl]
+server = 130-version-negotiation-server
+client = 130-version-negotiation-client
+
+[130-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[130-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-130]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[131-version-negotiation]
+ssl_conf = 131-version-negotiation-ssl
+
+[131-version-negotiation-ssl]
+server = 131-version-negotiation-server
+client = 131-version-negotiation-client
+
+[131-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[131-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-131]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[132-version-negotiation]
+ssl_conf = 132-version-negotiation-ssl
+
+[132-version-negotiation-ssl]
+server = 132-version-negotiation-server
+client = 132-version-negotiation-client
+
+[132-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[132-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-132]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[133-version-negotiation]
+ssl_conf = 133-version-negotiation-ssl
+
+[133-version-negotiation-ssl]
+server = 133-version-negotiation-server
+client = 133-version-negotiation-client
+
+[133-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[133-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-133]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[134-version-negotiation]
+ssl_conf = 134-version-negotiation-ssl
+
+[134-version-negotiation-ssl]
+server = 134-version-negotiation-server
+client = 134-version-negotiation-client
+
+[134-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[134-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-134]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[135-version-negotiation]
+ssl_conf = 135-version-negotiation-ssl
+
+[135-version-negotiation-ssl]
+server = 135-version-negotiation-server
+client = 135-version-negotiation-client
+
+[135-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[135-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-135]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[136-version-negotiation]
+ssl_conf = 136-version-negotiation-ssl
+
+[136-version-negotiation-ssl]
+server = 136-version-negotiation-server
+client = 136-version-negotiation-client
+
+[136-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[136-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-136]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[137-version-negotiation]
+ssl_conf = 137-version-negotiation-ssl
+
+[137-version-negotiation-ssl]
+server = 137-version-negotiation-server
+client = 137-version-negotiation-client
+
+[137-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[137-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-137]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[138-version-negotiation]
+ssl_conf = 138-version-negotiation-ssl
+
+[138-version-negotiation-ssl]
+server = 138-version-negotiation-server
+client = 138-version-negotiation-client
+
+[138-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[138-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-138]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[139-version-negotiation]
+ssl_conf = 139-version-negotiation-ssl
+
+[139-version-negotiation-ssl]
+server = 139-version-negotiation-server
+client = 139-version-negotiation-client
+
+[139-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[139-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-139]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[140-version-negotiation]
+ssl_conf = 140-version-negotiation-ssl
+
+[140-version-negotiation-ssl]
+server = 140-version-negotiation-server
+client = 140-version-negotiation-client
+
+[140-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[140-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-140]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[141-version-negotiation]
+ssl_conf = 141-version-negotiation-ssl
+
+[141-version-negotiation-ssl]
+server = 141-version-negotiation-server
+client = 141-version-negotiation-client
+
+[141-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[141-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-141]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[142-version-negotiation]
+ssl_conf = 142-version-negotiation-ssl
+
+[142-version-negotiation-ssl]
+server = 142-version-negotiation-server
+client = 142-version-negotiation-client
+
+[142-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[142-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-142]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[143-version-negotiation]
+ssl_conf = 143-version-negotiation-ssl
+
+[143-version-negotiation-ssl]
+server = 143-version-negotiation-server
+client = 143-version-negotiation-client
+
+[143-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[143-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-143]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[144-version-negotiation]
+ssl_conf = 144-version-negotiation-ssl
+
+[144-version-negotiation-ssl]
+server = 144-version-negotiation-server
+client = 144-version-negotiation-client
+
+[144-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[144-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-144]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[145-version-negotiation]
+ssl_conf = 145-version-negotiation-ssl
+
+[145-version-negotiation-ssl]
+server = 145-version-negotiation-server
+client = 145-version-negotiation-client
+
+[145-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[145-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-145]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[146-version-negotiation]
+ssl_conf = 146-version-negotiation-ssl
+
+[146-version-negotiation-ssl]
+server = 146-version-negotiation-server
+client = 146-version-negotiation-client
+
+[146-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[146-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-146]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[147-version-negotiation]
+ssl_conf = 147-version-negotiation-ssl
+
+[147-version-negotiation-ssl]
+server = 147-version-negotiation-server
+client = 147-version-negotiation-client
+
+[147-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[147-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-147]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[148-version-negotiation]
+ssl_conf = 148-version-negotiation-ssl
+
+[148-version-negotiation-ssl]
+server = 148-version-negotiation-server
+client = 148-version-negotiation-client
+
+[148-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[148-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-148]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[149-version-negotiation]
+ssl_conf = 149-version-negotiation-ssl
+
+[149-version-negotiation-ssl]
+server = 149-version-negotiation-server
+client = 149-version-negotiation-client
+
+[149-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[149-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-149]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[150-version-negotiation]
+ssl_conf = 150-version-negotiation-ssl
+
+[150-version-negotiation-ssl]
+server = 150-version-negotiation-server
+client = 150-version-negotiation-client
+
+[150-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[150-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-150]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[151-version-negotiation]
+ssl_conf = 151-version-negotiation-ssl
+
+[151-version-negotiation-ssl]
+server = 151-version-negotiation-server
+client = 151-version-negotiation-client
+
+[151-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[151-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-151]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[152-version-negotiation]
+ssl_conf = 152-version-negotiation-ssl
+
+[152-version-negotiation-ssl]
+server = 152-version-negotiation-server
+client = 152-version-negotiation-client
+
+[152-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[152-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-152]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[153-version-negotiation]
+ssl_conf = 153-version-negotiation-ssl
+
+[153-version-negotiation-ssl]
+server = 153-version-negotiation-server
+client = 153-version-negotiation-client
+
+[153-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[153-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-153]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[154-version-negotiation]
+ssl_conf = 154-version-negotiation-ssl
+
+[154-version-negotiation-ssl]
+server = 154-version-negotiation-server
+client = 154-version-negotiation-client
+
+[154-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[154-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-154]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[155-version-negotiation]
+ssl_conf = 155-version-negotiation-ssl
+
+[155-version-negotiation-ssl]
+server = 155-version-negotiation-server
+client = 155-version-negotiation-client
+
+[155-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[155-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-155]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[156-version-negotiation]
+ssl_conf = 156-version-negotiation-ssl
+
+[156-version-negotiation-ssl]
+server = 156-version-negotiation-server
+client = 156-version-negotiation-client
+
+[156-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[156-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-156]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[157-version-negotiation]
+ssl_conf = 157-version-negotiation-ssl
+
+[157-version-negotiation-ssl]
+server = 157-version-negotiation-server
+client = 157-version-negotiation-client
+
+[157-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[157-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-157]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[158-version-negotiation]
+ssl_conf = 158-version-negotiation-ssl
+
+[158-version-negotiation-ssl]
+server = 158-version-negotiation-server
+client = 158-version-negotiation-client
+
+[158-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[158-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-158]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[159-version-negotiation]
+ssl_conf = 159-version-negotiation-ssl
+
+[159-version-negotiation-ssl]
+server = 159-version-negotiation-server
+client = 159-version-negotiation-client
+
+[159-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[159-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-159]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[160-version-negotiation]
+ssl_conf = 160-version-negotiation-ssl
+
+[160-version-negotiation-ssl]
+server = 160-version-negotiation-server
+client = 160-version-negotiation-client
+
+[160-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[160-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-160]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[161-version-negotiation]
+ssl_conf = 161-version-negotiation-ssl
+
+[161-version-negotiation-ssl]
+server = 161-version-negotiation-server
+client = 161-version-negotiation-client
+
+[161-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[161-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-161]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[162-version-negotiation]
+ssl_conf = 162-version-negotiation-ssl
+
+[162-version-negotiation-ssl]
+server = 162-version-negotiation-server
+client = 162-version-negotiation-client
+
+[162-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[162-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-162]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[163-version-negotiation]
+ssl_conf = 163-version-negotiation-ssl
+
+[163-version-negotiation-ssl]
+server = 163-version-negotiation-server
+client = 163-version-negotiation-client
+
+[163-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[163-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-163]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[164-version-negotiation]
+ssl_conf = 164-version-negotiation-ssl
+
+[164-version-negotiation-ssl]
+server = 164-version-negotiation-server
+client = 164-version-negotiation-client
+
+[164-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[164-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-164]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[165-version-negotiation]
+ssl_conf = 165-version-negotiation-ssl
+
+[165-version-negotiation-ssl]
+server = 165-version-negotiation-server
+client = 165-version-negotiation-client
+
+[165-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[165-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-165]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[166-version-negotiation]
+ssl_conf = 166-version-negotiation-ssl
+
+[166-version-negotiation-ssl]
+server = 166-version-negotiation-server
+client = 166-version-negotiation-client
+
+[166-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[166-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-166]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[167-version-negotiation]
+ssl_conf = 167-version-negotiation-ssl
+
+[167-version-negotiation-ssl]
+server = 167-version-negotiation-server
+client = 167-version-negotiation-client
+
+[167-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[167-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-167]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[168-version-negotiation]
+ssl_conf = 168-version-negotiation-ssl
+
+[168-version-negotiation-ssl]
+server = 168-version-negotiation-server
+client = 168-version-negotiation-client
+
+[168-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[168-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-168]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[169-version-negotiation]
+ssl_conf = 169-version-negotiation-ssl
+
+[169-version-negotiation-ssl]
+server = 169-version-negotiation-server
+client = 169-version-negotiation-client
+
+[169-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[169-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-169]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[170-version-negotiation]
+ssl_conf = 170-version-negotiation-ssl
+
+[170-version-negotiation-ssl]
+server = 170-version-negotiation-server
+client = 170-version-negotiation-client
+
+[170-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[170-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-170]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[171-version-negotiation]
+ssl_conf = 171-version-negotiation-ssl
+
+[171-version-negotiation-ssl]
+server = 171-version-negotiation-server
+client = 171-version-negotiation-client
+
+[171-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[171-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-171]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[172-version-negotiation]
+ssl_conf = 172-version-negotiation-ssl
+
+[172-version-negotiation-ssl]
+server = 172-version-negotiation-server
+client = 172-version-negotiation-client
+
+[172-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[172-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-172]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[173-version-negotiation]
+ssl_conf = 173-version-negotiation-ssl
+
+[173-version-negotiation-ssl]
+server = 173-version-negotiation-server
+client = 173-version-negotiation-client
+
+[173-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[173-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-173]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[174-version-negotiation]
+ssl_conf = 174-version-negotiation-ssl
+
+[174-version-negotiation-ssl]
+server = 174-version-negotiation-server
+client = 174-version-negotiation-client
+
+[174-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[174-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-174]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[175-version-negotiation]
+ssl_conf = 175-version-negotiation-ssl
+
+[175-version-negotiation-ssl]
+server = 175-version-negotiation-server
+client = 175-version-negotiation-client
+
+[175-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[175-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-175]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[176-version-negotiation]
+ssl_conf = 176-version-negotiation-ssl
+
+[176-version-negotiation-ssl]
+server = 176-version-negotiation-server
+client = 176-version-negotiation-client
+
+[176-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[176-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-176]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[177-version-negotiation]
+ssl_conf = 177-version-negotiation-ssl
+
+[177-version-negotiation-ssl]
+server = 177-version-negotiation-server
+client = 177-version-negotiation-client
+
+[177-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[177-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-177]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[178-version-negotiation]
+ssl_conf = 178-version-negotiation-ssl
+
+[178-version-negotiation-ssl]
+server = 178-version-negotiation-server
+client = 178-version-negotiation-client
+
+[178-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[178-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-178]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[179-version-negotiation]
+ssl_conf = 179-version-negotiation-ssl
+
+[179-version-negotiation-ssl]
+server = 179-version-negotiation-server
+client = 179-version-negotiation-client
+
+[179-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[179-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-179]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[180-version-negotiation]
+ssl_conf = 180-version-negotiation-ssl
+
+[180-version-negotiation-ssl]
+server = 180-version-negotiation-server
+client = 180-version-negotiation-client
+
+[180-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[180-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-180]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[181-version-negotiation]
+ssl_conf = 181-version-negotiation-ssl
+
+[181-version-negotiation-ssl]
+server = 181-version-negotiation-server
+client = 181-version-negotiation-client
+
+[181-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[181-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-181]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[182-version-negotiation]
+ssl_conf = 182-version-negotiation-ssl
+
+[182-version-negotiation-ssl]
+server = 182-version-negotiation-server
+client = 182-version-negotiation-client
+
+[182-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[182-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-182]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[183-version-negotiation]
+ssl_conf = 183-version-negotiation-ssl
+
+[183-version-negotiation-ssl]
+server = 183-version-negotiation-server
+client = 183-version-negotiation-client
+
+[183-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[183-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-183]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[184-version-negotiation]
+ssl_conf = 184-version-negotiation-ssl
+
+[184-version-negotiation-ssl]
+server = 184-version-negotiation-server
+client = 184-version-negotiation-client
+
+[184-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[184-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-184]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[185-version-negotiation]
+ssl_conf = 185-version-negotiation-ssl
+
+[185-version-negotiation-ssl]
+server = 185-version-negotiation-server
+client = 185-version-negotiation-client
+
+[185-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[185-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-185]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[186-version-negotiation]
+ssl_conf = 186-version-negotiation-ssl
+
+[186-version-negotiation-ssl]
+server = 186-version-negotiation-server
+client = 186-version-negotiation-client
+
+[186-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[186-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-186]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[187-version-negotiation]
+ssl_conf = 187-version-negotiation-ssl
+
+[187-version-negotiation-ssl]
+server = 187-version-negotiation-server
+client = 187-version-negotiation-client
+
+[187-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[187-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-187]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[188-version-negotiation]
+ssl_conf = 188-version-negotiation-ssl
+
+[188-version-negotiation-ssl]
+server = 188-version-negotiation-server
+client = 188-version-negotiation-client
+
+[188-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[188-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-188]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[189-version-negotiation]
+ssl_conf = 189-version-negotiation-ssl
+
+[189-version-negotiation-ssl]
+server = 189-version-negotiation-server
+client = 189-version-negotiation-client
+
+[189-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[189-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-189]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[190-version-negotiation]
+ssl_conf = 190-version-negotiation-ssl
+
+[190-version-negotiation-ssl]
+server = 190-version-negotiation-server
+client = 190-version-negotiation-client
+
+[190-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[190-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-190]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[191-version-negotiation]
+ssl_conf = 191-version-negotiation-ssl
+
+[191-version-negotiation-ssl]
+server = 191-version-negotiation-server
+client = 191-version-negotiation-client
+
+[191-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[191-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-191]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[192-version-negotiation]
+ssl_conf = 192-version-negotiation-ssl
+
+[192-version-negotiation-ssl]
+server = 192-version-negotiation-server
+client = 192-version-negotiation-client
+
+[192-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[192-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-192]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[193-version-negotiation]
+ssl_conf = 193-version-negotiation-ssl
+
+[193-version-negotiation-ssl]
+server = 193-version-negotiation-server
+client = 193-version-negotiation-client
+
+[193-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[193-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-193]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[194-version-negotiation]
+ssl_conf = 194-version-negotiation-ssl
+
+[194-version-negotiation-ssl]
+server = 194-version-negotiation-server
+client = 194-version-negotiation-client
+
+[194-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[194-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-194]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[195-version-negotiation]
+ssl_conf = 195-version-negotiation-ssl
+
+[195-version-negotiation-ssl]
+server = 195-version-negotiation-server
+client = 195-version-negotiation-client
+
+[195-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[195-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-195]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[196-version-negotiation]
+ssl_conf = 196-version-negotiation-ssl
+
+[196-version-negotiation-ssl]
+server = 196-version-negotiation-server
+client = 196-version-negotiation-client
+
+[196-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[196-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-196]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[197-version-negotiation]
+ssl_conf = 197-version-negotiation-ssl
+
+[197-version-negotiation-ssl]
+server = 197-version-negotiation-server
+client = 197-version-negotiation-client
+
+[197-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[197-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-197]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[198-version-negotiation]
+ssl_conf = 198-version-negotiation-ssl
+
+[198-version-negotiation-ssl]
+server = 198-version-negotiation-server
+client = 198-version-negotiation-client
+
+[198-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[198-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-198]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[199-version-negotiation]
+ssl_conf = 199-version-negotiation-ssl
+
+[199-version-negotiation-ssl]
+server = 199-version-negotiation-server
+client = 199-version-negotiation-client
+
+[199-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[199-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-199]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[200-version-negotiation]
+ssl_conf = 200-version-negotiation-ssl
+
+[200-version-negotiation-ssl]
+server = 200-version-negotiation-server
+client = 200-version-negotiation-client
+
+[200-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[200-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-200]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[201-version-negotiation]
+ssl_conf = 201-version-negotiation-ssl
+
+[201-version-negotiation-ssl]
+server = 201-version-negotiation-server
+client = 201-version-negotiation-client
+
+[201-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[201-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-201]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[202-version-negotiation]
+ssl_conf = 202-version-negotiation-ssl
+
+[202-version-negotiation-ssl]
+server = 202-version-negotiation-server
+client = 202-version-negotiation-client
+
+[202-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[202-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-202]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[203-version-negotiation]
+ssl_conf = 203-version-negotiation-ssl
+
+[203-version-negotiation-ssl]
+server = 203-version-negotiation-server
+client = 203-version-negotiation-client
+
+[203-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[203-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-203]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[204-version-negotiation]
+ssl_conf = 204-version-negotiation-ssl
+
+[204-version-negotiation-ssl]
+server = 204-version-negotiation-server
+client = 204-version-negotiation-client
+
+[204-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[204-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-204]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[205-version-negotiation]
+ssl_conf = 205-version-negotiation-ssl
+
+[205-version-negotiation-ssl]
+server = 205-version-negotiation-server
+client = 205-version-negotiation-client
+
+[205-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[205-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-205]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[206-version-negotiation]
+ssl_conf = 206-version-negotiation-ssl
+
+[206-version-negotiation-ssl]
+server = 206-version-negotiation-server
+client = 206-version-negotiation-client
+
+[206-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[206-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-206]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[207-version-negotiation]
+ssl_conf = 207-version-negotiation-ssl
+
+[207-version-negotiation-ssl]
+server = 207-version-negotiation-server
+client = 207-version-negotiation-client
+
+[207-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[207-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-207]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[208-version-negotiation]
+ssl_conf = 208-version-negotiation-ssl
+
+[208-version-negotiation-ssl]
+server = 208-version-negotiation-server
+client = 208-version-negotiation-client
+
+[208-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[208-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-208]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[209-version-negotiation]
+ssl_conf = 209-version-negotiation-ssl
+
+[209-version-negotiation-ssl]
+server = 209-version-negotiation-server
+client = 209-version-negotiation-client
+
+[209-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[209-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-209]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[210-version-negotiation]
+ssl_conf = 210-version-negotiation-ssl
+
+[210-version-negotiation-ssl]
+server = 210-version-negotiation-server
+client = 210-version-negotiation-client
+
+[210-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[210-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-210]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[211-version-negotiation]
+ssl_conf = 211-version-negotiation-ssl
+
+[211-version-negotiation-ssl]
+server = 211-version-negotiation-server
+client = 211-version-negotiation-client
+
+[211-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[211-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-211]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[212-version-negotiation]
+ssl_conf = 212-version-negotiation-ssl
+
+[212-version-negotiation-ssl]
+server = 212-version-negotiation-server
+client = 212-version-negotiation-client
+
+[212-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[212-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-212]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[213-version-negotiation]
+ssl_conf = 213-version-negotiation-ssl
+
+[213-version-negotiation-ssl]
+server = 213-version-negotiation-server
+client = 213-version-negotiation-client
+
+[213-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[213-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-213]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[214-version-negotiation]
+ssl_conf = 214-version-negotiation-ssl
+
+[214-version-negotiation-ssl]
+server = 214-version-negotiation-server
+client = 214-version-negotiation-client
+
+[214-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[214-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-214]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[215-version-negotiation]
+ssl_conf = 215-version-negotiation-ssl
+
+[215-version-negotiation-ssl]
+server = 215-version-negotiation-server
+client = 215-version-negotiation-client
+
+[215-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[215-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-215]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[216-version-negotiation]
+ssl_conf = 216-version-negotiation-ssl
+
+[216-version-negotiation-ssl]
+server = 216-version-negotiation-server
+client = 216-version-negotiation-client
+
+[216-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[216-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-216]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[217-version-negotiation]
+ssl_conf = 217-version-negotiation-ssl
+
+[217-version-negotiation-ssl]
+server = 217-version-negotiation-server
+client = 217-version-negotiation-client
+
+[217-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[217-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-217]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[218-version-negotiation]
+ssl_conf = 218-version-negotiation-ssl
+
+[218-version-negotiation-ssl]
+server = 218-version-negotiation-server
+client = 218-version-negotiation-client
+
+[218-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[218-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-218]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[219-version-negotiation]
+ssl_conf = 219-version-negotiation-ssl
+
+[219-version-negotiation-ssl]
+server = 219-version-negotiation-server
+client = 219-version-negotiation-client
+
+[219-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[219-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-219]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[220-version-negotiation]
+ssl_conf = 220-version-negotiation-ssl
+
+[220-version-negotiation-ssl]
+server = 220-version-negotiation-server
+client = 220-version-negotiation-client
+
+[220-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[220-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-220]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[221-version-negotiation]
+ssl_conf = 221-version-negotiation-ssl
+
+[221-version-negotiation-ssl]
+server = 221-version-negotiation-server
+client = 221-version-negotiation-client
+
+[221-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[221-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-221]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[222-version-negotiation]
+ssl_conf = 222-version-negotiation-ssl
+
+[222-version-negotiation-ssl]
+server = 222-version-negotiation-server
+client = 222-version-negotiation-client
+
+[222-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[222-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-222]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[223-version-negotiation]
+ssl_conf = 223-version-negotiation-ssl
+
+[223-version-negotiation-ssl]
+server = 223-version-negotiation-server
+client = 223-version-negotiation-client
+
+[223-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[223-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-223]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[224-version-negotiation]
+ssl_conf = 224-version-negotiation-ssl
+
+[224-version-negotiation-ssl]
+server = 224-version-negotiation-server
+client = 224-version-negotiation-client
+
+[224-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[224-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-224]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[225-version-negotiation]
+ssl_conf = 225-version-negotiation-ssl
+
+[225-version-negotiation-ssl]
+server = 225-version-negotiation-server
+client = 225-version-negotiation-client
+
+[225-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[225-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-225]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[226-version-negotiation]
+ssl_conf = 226-version-negotiation-ssl
+
+[226-version-negotiation-ssl]
+server = 226-version-negotiation-server
+client = 226-version-negotiation-client
+
+[226-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[226-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-226]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[227-version-negotiation]
+ssl_conf = 227-version-negotiation-ssl
+
+[227-version-negotiation-ssl]
+server = 227-version-negotiation-server
+client = 227-version-negotiation-client
+
+[227-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[227-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-227]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[228-version-negotiation]
+ssl_conf = 228-version-negotiation-ssl
+
+[228-version-negotiation-ssl]
+server = 228-version-negotiation-server
+client = 228-version-negotiation-client
+
+[228-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[228-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-228]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[229-version-negotiation]
+ssl_conf = 229-version-negotiation-ssl
+
+[229-version-negotiation-ssl]
+server = 229-version-negotiation-server
+client = 229-version-negotiation-client
+
+[229-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[229-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-229]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[230-version-negotiation]
+ssl_conf = 230-version-negotiation-ssl
+
+[230-version-negotiation-ssl]
+server = 230-version-negotiation-server
+client = 230-version-negotiation-client
+
+[230-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[230-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-230]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[231-version-negotiation]
+ssl_conf = 231-version-negotiation-ssl
+
+[231-version-negotiation-ssl]
+server = 231-version-negotiation-server
+client = 231-version-negotiation-client
+
+[231-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[231-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-231]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[232-version-negotiation]
+ssl_conf = 232-version-negotiation-ssl
+
+[232-version-negotiation-ssl]
+server = 232-version-negotiation-server
+client = 232-version-negotiation-client
+
+[232-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[232-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-232]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[233-version-negotiation]
+ssl_conf = 233-version-negotiation-ssl
+
+[233-version-negotiation-ssl]
+server = 233-version-negotiation-server
+client = 233-version-negotiation-client
+
+[233-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[233-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-233]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[234-version-negotiation]
+ssl_conf = 234-version-negotiation-ssl
+
+[234-version-negotiation-ssl]
+server = 234-version-negotiation-server
+client = 234-version-negotiation-client
+
+[234-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[234-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-234]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[235-version-negotiation]
+ssl_conf = 235-version-negotiation-ssl
+
+[235-version-negotiation-ssl]
+server = 235-version-negotiation-server
+client = 235-version-negotiation-client
+
+[235-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[235-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-235]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[236-version-negotiation]
+ssl_conf = 236-version-negotiation-ssl
+
+[236-version-negotiation-ssl]
+server = 236-version-negotiation-server
+client = 236-version-negotiation-client
+
+[236-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[236-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-236]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[237-version-negotiation]
+ssl_conf = 237-version-negotiation-ssl
+
+[237-version-negotiation-ssl]
+server = 237-version-negotiation-server
+client = 237-version-negotiation-client
+
+[237-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[237-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-237]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[238-version-negotiation]
+ssl_conf = 238-version-negotiation-ssl
+
+[238-version-negotiation-ssl]
+server = 238-version-negotiation-server
+client = 238-version-negotiation-client
+
+[238-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[238-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-238]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[239-version-negotiation]
+ssl_conf = 239-version-negotiation-ssl
+
+[239-version-negotiation-ssl]
+server = 239-version-negotiation-server
+client = 239-version-negotiation-client
+
+[239-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[239-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-239]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[240-version-negotiation]
+ssl_conf = 240-version-negotiation-ssl
+
+[240-version-negotiation-ssl]
+server = 240-version-negotiation-server
+client = 240-version-negotiation-client
+
+[240-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[240-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-240]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[241-version-negotiation]
+ssl_conf = 241-version-negotiation-ssl
+
+[241-version-negotiation-ssl]
+server = 241-version-negotiation-server
+client = 241-version-negotiation-client
+
+[241-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[241-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-241]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[242-version-negotiation]
+ssl_conf = 242-version-negotiation-ssl
+
+[242-version-negotiation-ssl]
+server = 242-version-negotiation-server
+client = 242-version-negotiation-client
+
+[242-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[242-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-242]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[243-version-negotiation]
+ssl_conf = 243-version-negotiation-ssl
+
+[243-version-negotiation-ssl]
+server = 243-version-negotiation-server
+client = 243-version-negotiation-client
+
+[243-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[243-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-243]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[244-version-negotiation]
+ssl_conf = 244-version-negotiation-ssl
+
+[244-version-negotiation-ssl]
+server = 244-version-negotiation-server
+client = 244-version-negotiation-client
+
+[244-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[244-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-244]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[245-version-negotiation]
+ssl_conf = 245-version-negotiation-ssl
+
+[245-version-negotiation-ssl]
+server = 245-version-negotiation-server
+client = 245-version-negotiation-client
+
+[245-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[245-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-245]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[246-version-negotiation]
+ssl_conf = 246-version-negotiation-ssl
+
+[246-version-negotiation-ssl]
+server = 246-version-negotiation-server
+client = 246-version-negotiation-client
+
+[246-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[246-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-246]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[247-version-negotiation]
+ssl_conf = 247-version-negotiation-ssl
+
+[247-version-negotiation-ssl]
+server = 247-version-negotiation-server
+client = 247-version-negotiation-client
+
+[247-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[247-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-247]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[248-version-negotiation]
+ssl_conf = 248-version-negotiation-ssl
+
+[248-version-negotiation-ssl]
+server = 248-version-negotiation-server
+client = 248-version-negotiation-client
+
+[248-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[248-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-248]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[249-version-negotiation]
+ssl_conf = 249-version-negotiation-ssl
+
+[249-version-negotiation-ssl]
+server = 249-version-negotiation-server
+client = 249-version-negotiation-client
+
+[249-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[249-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-249]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[250-version-negotiation]
+ssl_conf = 250-version-negotiation-ssl
+
+[250-version-negotiation-ssl]
+server = 250-version-negotiation-server
+client = 250-version-negotiation-client
+
+[250-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[250-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-250]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[251-version-negotiation]
+ssl_conf = 251-version-negotiation-ssl
+
+[251-version-negotiation-ssl]
+server = 251-version-negotiation-server
+client = 251-version-negotiation-client
+
+[251-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[251-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-251]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[252-version-negotiation]
+ssl_conf = 252-version-negotiation-ssl
+
+[252-version-negotiation-ssl]
+server = 252-version-negotiation-server
+client = 252-version-negotiation-client
+
+[252-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[252-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-252]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[253-version-negotiation]
+ssl_conf = 253-version-negotiation-ssl
+
+[253-version-negotiation-ssl]
+server = 253-version-negotiation-server
+client = 253-version-negotiation-client
+
+[253-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[253-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-253]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[254-version-negotiation]
+ssl_conf = 254-version-negotiation-ssl
+
+[254-version-negotiation-ssl]
+server = 254-version-negotiation-server
+client = 254-version-negotiation-client
+
+[254-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[254-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-254]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[255-version-negotiation]
+ssl_conf = 255-version-negotiation-ssl
+
+[255-version-negotiation-ssl]
+server = 255-version-negotiation-server
+client = 255-version-negotiation-client
+
+[255-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[255-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-255]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[256-version-negotiation]
+ssl_conf = 256-version-negotiation-ssl
+
+[256-version-negotiation-ssl]
+server = 256-version-negotiation-server
+client = 256-version-negotiation-client
+
+[256-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[256-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-256]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[257-version-negotiation]
+ssl_conf = 257-version-negotiation-ssl
+
+[257-version-negotiation-ssl]
+server = 257-version-negotiation-server
+client = 257-version-negotiation-client
+
+[257-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[257-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-257]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[258-version-negotiation]
+ssl_conf = 258-version-negotiation-ssl
+
+[258-version-negotiation-ssl]
+server = 258-version-negotiation-server
+client = 258-version-negotiation-client
+
+[258-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[258-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-258]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[259-version-negotiation]
+ssl_conf = 259-version-negotiation-ssl
+
+[259-version-negotiation-ssl]
+server = 259-version-negotiation-server
+client = 259-version-negotiation-client
+
+[259-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[259-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-259]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[260-version-negotiation]
+ssl_conf = 260-version-negotiation-ssl
+
+[260-version-negotiation-ssl]
+server = 260-version-negotiation-server
+client = 260-version-negotiation-client
+
+[260-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[260-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-260]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[261-version-negotiation]
+ssl_conf = 261-version-negotiation-ssl
+
+[261-version-negotiation-ssl]
+server = 261-version-negotiation-server
+client = 261-version-negotiation-client
+
+[261-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[261-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-261]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[262-version-negotiation]
+ssl_conf = 262-version-negotiation-ssl
+
+[262-version-negotiation-ssl]
+server = 262-version-negotiation-server
+client = 262-version-negotiation-client
+
+[262-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[262-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-262]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[263-version-negotiation]
+ssl_conf = 263-version-negotiation-ssl
+
+[263-version-negotiation-ssl]
+server = 263-version-negotiation-server
+client = 263-version-negotiation-client
+
+[263-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[263-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-263]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[264-version-negotiation]
+ssl_conf = 264-version-negotiation-ssl
+
+[264-version-negotiation-ssl]
+server = 264-version-negotiation-server
+client = 264-version-negotiation-client
+
+[264-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[264-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-264]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[265-version-negotiation]
+ssl_conf = 265-version-negotiation-ssl
+
+[265-version-negotiation-ssl]
+server = 265-version-negotiation-server
+client = 265-version-negotiation-client
+
+[265-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[265-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-265]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[266-version-negotiation]
+ssl_conf = 266-version-negotiation-ssl
+
+[266-version-negotiation-ssl]
+server = 266-version-negotiation-server
+client = 266-version-negotiation-client
+
+[266-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[266-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-266]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[267-version-negotiation]
+ssl_conf = 267-version-negotiation-ssl
+
+[267-version-negotiation-ssl]
+server = 267-version-negotiation-server
+client = 267-version-negotiation-client
+
+[267-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[267-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-267]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[268-version-negotiation]
+ssl_conf = 268-version-negotiation-ssl
+
+[268-version-negotiation-ssl]
+server = 268-version-negotiation-server
+client = 268-version-negotiation-client
+
+[268-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[268-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-268]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[269-version-negotiation]
+ssl_conf = 269-version-negotiation-ssl
+
+[269-version-negotiation-ssl]
+server = 269-version-negotiation-server
+client = 269-version-negotiation-client
+
+[269-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[269-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-269]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[270-version-negotiation]
+ssl_conf = 270-version-negotiation-ssl
+
+[270-version-negotiation-ssl]
+server = 270-version-negotiation-server
+client = 270-version-negotiation-client
+
+[270-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[270-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-270]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[271-version-negotiation]
+ssl_conf = 271-version-negotiation-ssl
+
+[271-version-negotiation-ssl]
+server = 271-version-negotiation-server
+client = 271-version-negotiation-client
+
+[271-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[271-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-271]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[272-version-negotiation]
+ssl_conf = 272-version-negotiation-ssl
+
+[272-version-negotiation-ssl]
+server = 272-version-negotiation-server
+client = 272-version-negotiation-client
+
+[272-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[272-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-272]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[273-version-negotiation]
+ssl_conf = 273-version-negotiation-ssl
+
+[273-version-negotiation-ssl]
+server = 273-version-negotiation-server
+client = 273-version-negotiation-client
+
+[273-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[273-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-273]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[274-version-negotiation]
+ssl_conf = 274-version-negotiation-ssl
+
+[274-version-negotiation-ssl]
+server = 274-version-negotiation-server
+client = 274-version-negotiation-client
+
+[274-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[274-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-274]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[275-version-negotiation]
+ssl_conf = 275-version-negotiation-ssl
+
+[275-version-negotiation-ssl]
+server = 275-version-negotiation-server
+client = 275-version-negotiation-client
+
+[275-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[275-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-275]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[276-version-negotiation]
+ssl_conf = 276-version-negotiation-ssl
+
+[276-version-negotiation-ssl]
+server = 276-version-negotiation-server
+client = 276-version-negotiation-client
+
+[276-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[276-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-276]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[277-version-negotiation]
+ssl_conf = 277-version-negotiation-ssl
+
+[277-version-negotiation-ssl]
+server = 277-version-negotiation-server
+client = 277-version-negotiation-client
+
+[277-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[277-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-277]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[278-version-negotiation]
+ssl_conf = 278-version-negotiation-ssl
+
+[278-version-negotiation-ssl]
+server = 278-version-negotiation-server
+client = 278-version-negotiation-client
+
+[278-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[278-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-278]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[279-version-negotiation]
+ssl_conf = 279-version-negotiation-ssl
+
+[279-version-negotiation-ssl]
+server = 279-version-negotiation-server
+client = 279-version-negotiation-client
+
+[279-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[279-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-279]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[280-version-negotiation]
+ssl_conf = 280-version-negotiation-ssl
+
+[280-version-negotiation-ssl]
+server = 280-version-negotiation-server
+client = 280-version-negotiation-client
+
+[280-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[280-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-280]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[281-version-negotiation]
+ssl_conf = 281-version-negotiation-ssl
+
+[281-version-negotiation-ssl]
+server = 281-version-negotiation-server
+client = 281-version-negotiation-client
+
+[281-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[281-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-281]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[282-version-negotiation]
+ssl_conf = 282-version-negotiation-ssl
+
+[282-version-negotiation-ssl]
+server = 282-version-negotiation-server
+client = 282-version-negotiation-client
+
+[282-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[282-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-282]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[283-version-negotiation]
+ssl_conf = 283-version-negotiation-ssl
+
+[283-version-negotiation-ssl]
+server = 283-version-negotiation-server
+client = 283-version-negotiation-client
+
+[283-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[283-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-283]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[284-version-negotiation]
+ssl_conf = 284-version-negotiation-ssl
+
+[284-version-negotiation-ssl]
+server = 284-version-negotiation-server
+client = 284-version-negotiation-client
+
+[284-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[284-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-284]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[285-version-negotiation]
+ssl_conf = 285-version-negotiation-ssl
+
+[285-version-negotiation-ssl]
+server = 285-version-negotiation-server
+client = 285-version-negotiation-client
+
+[285-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[285-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-285]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[286-version-negotiation]
+ssl_conf = 286-version-negotiation-ssl
+
+[286-version-negotiation-ssl]
+server = 286-version-negotiation-server
+client = 286-version-negotiation-client
+
+[286-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[286-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-286]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[287-version-negotiation]
+ssl_conf = 287-version-negotiation-ssl
+
+[287-version-negotiation-ssl]
+server = 287-version-negotiation-server
+client = 287-version-negotiation-client
+
+[287-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[287-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-287]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[288-version-negotiation]
+ssl_conf = 288-version-negotiation-ssl
+
+[288-version-negotiation-ssl]
+server = 288-version-negotiation-server
+client = 288-version-negotiation-client
+
+[288-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[288-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-288]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[289-version-negotiation]
+ssl_conf = 289-version-negotiation-ssl
+
+[289-version-negotiation-ssl]
+server = 289-version-negotiation-server
+client = 289-version-negotiation-client
+
+[289-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[289-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-289]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[290-version-negotiation]
+ssl_conf = 290-version-negotiation-ssl
+
+[290-version-negotiation-ssl]
+server = 290-version-negotiation-server
+client = 290-version-negotiation-client
+
+[290-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[290-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-290]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[291-version-negotiation]
+ssl_conf = 291-version-negotiation-ssl
+
+[291-version-negotiation-ssl]
+server = 291-version-negotiation-server
+client = 291-version-negotiation-client
+
+[291-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[291-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-291]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[292-version-negotiation]
+ssl_conf = 292-version-negotiation-ssl
+
+[292-version-negotiation-ssl]
+server = 292-version-negotiation-server
+client = 292-version-negotiation-client
+
+[292-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[292-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-292]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[293-version-negotiation]
+ssl_conf = 293-version-negotiation-ssl
+
+[293-version-negotiation-ssl]
+server = 293-version-negotiation-server
+client = 293-version-negotiation-client
+
+[293-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[293-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-293]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[294-version-negotiation]
+ssl_conf = 294-version-negotiation-ssl
+
+[294-version-negotiation-ssl]
+server = 294-version-negotiation-server
+client = 294-version-negotiation-client
+
+[294-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[294-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-294]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[295-version-negotiation]
+ssl_conf = 295-version-negotiation-ssl
+
+[295-version-negotiation-ssl]
+server = 295-version-negotiation-server
+client = 295-version-negotiation-client
+
+[295-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[295-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-295]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[296-version-negotiation]
+ssl_conf = 296-version-negotiation-ssl
+
+[296-version-negotiation-ssl]
+server = 296-version-negotiation-server
+client = 296-version-negotiation-client
+
+[296-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[296-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-296]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[297-version-negotiation]
+ssl_conf = 297-version-negotiation-ssl
+
+[297-version-negotiation-ssl]
+server = 297-version-negotiation-server
+client = 297-version-negotiation-client
+
+[297-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[297-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-297]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[298-version-negotiation]
+ssl_conf = 298-version-negotiation-ssl
+
+[298-version-negotiation-ssl]
+server = 298-version-negotiation-server
+client = 298-version-negotiation-client
+
+[298-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[298-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-298]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[299-version-negotiation]
+ssl_conf = 299-version-negotiation-ssl
+
+[299-version-negotiation-ssl]
+server = 299-version-negotiation-server
+client = 299-version-negotiation-client
+
+[299-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[299-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-299]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[300-version-negotiation]
+ssl_conf = 300-version-negotiation-ssl
+
+[300-version-negotiation-ssl]
+server = 300-version-negotiation-server
+client = 300-version-negotiation-client
+
+[300-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[300-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-300]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[301-version-negotiation]
+ssl_conf = 301-version-negotiation-ssl
+
+[301-version-negotiation-ssl]
+server = 301-version-negotiation-server
+client = 301-version-negotiation-client
+
+[301-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[301-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-301]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[302-version-negotiation]
+ssl_conf = 302-version-negotiation-ssl
+
+[302-version-negotiation-ssl]
+server = 302-version-negotiation-server
+client = 302-version-negotiation-client
+
+[302-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[302-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-302]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[303-version-negotiation]
+ssl_conf = 303-version-negotiation-ssl
+
+[303-version-negotiation-ssl]
+server = 303-version-negotiation-server
+client = 303-version-negotiation-client
+
+[303-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[303-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-303]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[304-version-negotiation]
+ssl_conf = 304-version-negotiation-ssl
+
+[304-version-negotiation-ssl]
+server = 304-version-negotiation-server
+client = 304-version-negotiation-client
+
+[304-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[304-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-304]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[305-version-negotiation]
+ssl_conf = 305-version-negotiation-ssl
+
+[305-version-negotiation-ssl]
+server = 305-version-negotiation-server
+client = 305-version-negotiation-client
+
+[305-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[305-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-305]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[306-version-negotiation]
+ssl_conf = 306-version-negotiation-ssl
+
+[306-version-negotiation-ssl]
+server = 306-version-negotiation-server
+client = 306-version-negotiation-client
+
+[306-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[306-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-306]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[307-version-negotiation]
+ssl_conf = 307-version-negotiation-ssl
+
+[307-version-negotiation-ssl]
+server = 307-version-negotiation-server
+client = 307-version-negotiation-client
+
+[307-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[307-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-307]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[308-version-negotiation]
+ssl_conf = 308-version-negotiation-ssl
+
+[308-version-negotiation-ssl]
+server = 308-version-negotiation-server
+client = 308-version-negotiation-client
+
+[308-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[308-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-308]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[309-version-negotiation]
+ssl_conf = 309-version-negotiation-ssl
+
+[309-version-negotiation-ssl]
+server = 309-version-negotiation-server
+client = 309-version-negotiation-client
+
+[309-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[309-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-309]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[310-version-negotiation]
+ssl_conf = 310-version-negotiation-ssl
+
+[310-version-negotiation-ssl]
+server = 310-version-negotiation-server
+client = 310-version-negotiation-client
+
+[310-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[310-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-310]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[311-version-negotiation]
+ssl_conf = 311-version-negotiation-ssl
+
+[311-version-negotiation-ssl]
+server = 311-version-negotiation-server
+client = 311-version-negotiation-client
+
+[311-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[311-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = SSLv3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-311]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[312-version-negotiation]
+ssl_conf = 312-version-negotiation-ssl
+
+[312-version-negotiation-ssl]
+server = 312-version-negotiation-server
+client = 312-version-negotiation-client
+
+[312-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[312-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-312]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[313-version-negotiation]
+ssl_conf = 313-version-negotiation-ssl
+
+[313-version-negotiation-ssl]
+server = 313-version-negotiation-server
+client = 313-version-negotiation-client
+
+[313-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[313-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-313]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[314-version-negotiation]
+ssl_conf = 314-version-negotiation-ssl
+
+[314-version-negotiation-ssl]
+server = 314-version-negotiation-server
+client = 314-version-negotiation-client
+
+[314-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[314-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-314]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[315-version-negotiation]
+ssl_conf = 315-version-negotiation-ssl
+
+[315-version-negotiation-ssl]
+server = 315-version-negotiation-server
+client = 315-version-negotiation-client
+
+[315-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[315-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-315]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[316-version-negotiation]
+ssl_conf = 316-version-negotiation-ssl
+
+[316-version-negotiation-ssl]
+server = 316-version-negotiation-server
+client = 316-version-negotiation-client
+
+[316-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[316-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-316]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[317-version-negotiation]
+ssl_conf = 317-version-negotiation-ssl
+
+[317-version-negotiation-ssl]
+server = 317-version-negotiation-server
+client = 317-version-negotiation-client
+
+[317-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[317-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-317]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[318-version-negotiation]
+ssl_conf = 318-version-negotiation-ssl
+
+[318-version-negotiation-ssl]
+server = 318-version-negotiation-server
+client = 318-version-negotiation-client
+
+[318-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[318-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-318]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[319-version-negotiation]
+ssl_conf = 319-version-negotiation-ssl
+
+[319-version-negotiation-ssl]
+server = 319-version-negotiation-server
+client = 319-version-negotiation-client
+
+[319-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[319-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-319]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[320-version-negotiation]
+ssl_conf = 320-version-negotiation-ssl
+
+[320-version-negotiation-ssl]
+server = 320-version-negotiation-server
+client = 320-version-negotiation-client
+
+[320-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[320-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-320]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[321-version-negotiation]
+ssl_conf = 321-version-negotiation-ssl
+
+[321-version-negotiation-ssl]
+server = 321-version-negotiation-server
+client = 321-version-negotiation-client
+
+[321-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[321-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-321]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[322-version-negotiation]
+ssl_conf = 322-version-negotiation-ssl
+
+[322-version-negotiation-ssl]
+server = 322-version-negotiation-server
+client = 322-version-negotiation-client
+
+[322-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[322-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-322]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[323-version-negotiation]
+ssl_conf = 323-version-negotiation-ssl
+
+[323-version-negotiation-ssl]
+server = 323-version-negotiation-server
+client = 323-version-negotiation-client
+
+[323-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[323-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-323]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[324-version-negotiation]
+ssl_conf = 324-version-negotiation-ssl
+
+[324-version-negotiation-ssl]
+server = 324-version-negotiation-server
+client = 324-version-negotiation-client
+
+[324-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[324-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-324]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[325-version-negotiation]
+ssl_conf = 325-version-negotiation-ssl
+
+[325-version-negotiation-ssl]
+server = 325-version-negotiation-server
+client = 325-version-negotiation-client
+
+[325-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[325-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-325]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[326-version-negotiation]
+ssl_conf = 326-version-negotiation-ssl
+
+[326-version-negotiation-ssl]
+server = 326-version-negotiation-server
+client = 326-version-negotiation-client
+
+[326-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[326-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-326]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[327-version-negotiation]
+ssl_conf = 327-version-negotiation-ssl
+
+[327-version-negotiation-ssl]
+server = 327-version-negotiation-server
+client = 327-version-negotiation-client
+
+[327-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[327-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-327]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[328-version-negotiation]
+ssl_conf = 328-version-negotiation-ssl
+
+[328-version-negotiation-ssl]
+server = 328-version-negotiation-server
+client = 328-version-negotiation-client
+
+[328-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[328-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-328]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[329-version-negotiation]
+ssl_conf = 329-version-negotiation-ssl
+
+[329-version-negotiation-ssl]
+server = 329-version-negotiation-server
+client = 329-version-negotiation-client
+
+[329-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[329-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-329]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[330-version-negotiation]
+ssl_conf = 330-version-negotiation-ssl
+
+[330-version-negotiation-ssl]
+server = 330-version-negotiation-server
+client = 330-version-negotiation-client
+
+[330-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[330-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-330]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[331-version-negotiation]
+ssl_conf = 331-version-negotiation-ssl
+
+[331-version-negotiation-ssl]
+server = 331-version-negotiation-server
+client = 331-version-negotiation-client
+
+[331-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[331-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-331]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[332-version-negotiation]
+ssl_conf = 332-version-negotiation-ssl
+
+[332-version-negotiation-ssl]
+server = 332-version-negotiation-server
+client = 332-version-negotiation-client
+
+[332-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[332-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-332]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[333-version-negotiation]
+ssl_conf = 333-version-negotiation-ssl
+
+[333-version-negotiation-ssl]
+server = 333-version-negotiation-server
+client = 333-version-negotiation-client
+
+[333-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[333-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-333]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[334-version-negotiation]
+ssl_conf = 334-version-negotiation-ssl
+
+[334-version-negotiation-ssl]
+server = 334-version-negotiation-server
+client = 334-version-negotiation-client
+
+[334-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[334-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-334]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[335-version-negotiation]
+ssl_conf = 335-version-negotiation-ssl
+
+[335-version-negotiation-ssl]
+server = 335-version-negotiation-server
+client = 335-version-negotiation-client
+
+[335-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[335-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-335]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[336-version-negotiation]
+ssl_conf = 336-version-negotiation-ssl
+
+[336-version-negotiation-ssl]
+server = 336-version-negotiation-server
+client = 336-version-negotiation-client
+
+[336-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[336-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-336]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[337-version-negotiation]
+ssl_conf = 337-version-negotiation-ssl
+
+[337-version-negotiation-ssl]
+server = 337-version-negotiation-server
+client = 337-version-negotiation-client
+
+[337-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[337-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-337]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[338-version-negotiation]
+ssl_conf = 338-version-negotiation-ssl
+
+[338-version-negotiation-ssl]
+server = 338-version-negotiation-server
+client = 338-version-negotiation-client
+
+[338-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[338-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-338]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[339-version-negotiation]
+ssl_conf = 339-version-negotiation-ssl
+
+[339-version-negotiation-ssl]
+server = 339-version-negotiation-server
+client = 339-version-negotiation-client
+
+[339-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[339-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-339]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[340-version-negotiation]
+ssl_conf = 340-version-negotiation-ssl
+
+[340-version-negotiation-ssl]
+server = 340-version-negotiation-server
+client = 340-version-negotiation-client
+
+[340-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[340-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-340]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[341-version-negotiation]
+ssl_conf = 341-version-negotiation-ssl
+
+[341-version-negotiation-ssl]
+server = 341-version-negotiation-server
+client = 341-version-negotiation-client
+
+[341-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[341-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-341]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[342-version-negotiation]
+ssl_conf = 342-version-negotiation-ssl
+
+[342-version-negotiation-ssl]
+server = 342-version-negotiation-server
+client = 342-version-negotiation-client
+
+[342-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[342-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-342]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[343-version-negotiation]
+ssl_conf = 343-version-negotiation-ssl
+
+[343-version-negotiation-ssl]
+server = 343-version-negotiation-server
+client = 343-version-negotiation-client
+
+[343-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[343-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-343]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[344-version-negotiation]
+ssl_conf = 344-version-negotiation-ssl
+
+[344-version-negotiation-ssl]
+server = 344-version-negotiation-server
+client = 344-version-negotiation-client
+
+[344-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[344-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-344]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[345-version-negotiation]
+ssl_conf = 345-version-negotiation-ssl
+
+[345-version-negotiation-ssl]
+server = 345-version-negotiation-server
+client = 345-version-negotiation-client
+
+[345-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[345-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-345]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[346-version-negotiation]
+ssl_conf = 346-version-negotiation-ssl
+
+[346-version-negotiation-ssl]
+server = 346-version-negotiation-server
+client = 346-version-negotiation-client
+
+[346-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[346-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-346]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[347-version-negotiation]
+ssl_conf = 347-version-negotiation-ssl
+
+[347-version-negotiation-ssl]
+server = 347-version-negotiation-server
+client = 347-version-negotiation-client
+
+[347-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[347-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-347]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[348-version-negotiation]
+ssl_conf = 348-version-negotiation-ssl
+
+[348-version-negotiation-ssl]
+server = 348-version-negotiation-server
+client = 348-version-negotiation-client
+
+[348-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[348-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-348]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[349-version-negotiation]
+ssl_conf = 349-version-negotiation-ssl
+
+[349-version-negotiation-ssl]
+server = 349-version-negotiation-server
+client = 349-version-negotiation-client
+
+[349-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[349-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-349]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[350-version-negotiation]
+ssl_conf = 350-version-negotiation-ssl
+
+[350-version-negotiation-ssl]
+server = 350-version-negotiation-server
+client = 350-version-negotiation-client
+
+[350-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[350-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-350]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[351-version-negotiation]
+ssl_conf = 351-version-negotiation-ssl
+
+[351-version-negotiation-ssl]
+server = 351-version-negotiation-server
+client = 351-version-negotiation-client
+
+[351-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[351-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-351]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[352-version-negotiation]
+ssl_conf = 352-version-negotiation-ssl
+
+[352-version-negotiation-ssl]
+server = 352-version-negotiation-server
+client = 352-version-negotiation-client
+
+[352-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[352-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-352]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[353-version-negotiation]
+ssl_conf = 353-version-negotiation-ssl
+
+[353-version-negotiation-ssl]
+server = 353-version-negotiation-server
+client = 353-version-negotiation-client
+
+[353-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[353-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-353]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[354-version-negotiation]
+ssl_conf = 354-version-negotiation-ssl
+
+[354-version-negotiation-ssl]
+server = 354-version-negotiation-server
+client = 354-version-negotiation-client
+
+[354-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[354-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-354]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[355-version-negotiation]
+ssl_conf = 355-version-negotiation-ssl
+
+[355-version-negotiation-ssl]
+server = 355-version-negotiation-server
+client = 355-version-negotiation-client
+
+[355-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[355-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-355]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[356-version-negotiation]
+ssl_conf = 356-version-negotiation-ssl
+
+[356-version-negotiation-ssl]
+server = 356-version-negotiation-server
+client = 356-version-negotiation-client
+
+[356-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[356-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-356]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[357-version-negotiation]
+ssl_conf = 357-version-negotiation-ssl
+
+[357-version-negotiation-ssl]
+server = 357-version-negotiation-server
+client = 357-version-negotiation-client
+
+[357-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[357-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-357]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[358-version-negotiation]
+ssl_conf = 358-version-negotiation-ssl
+
+[358-version-negotiation-ssl]
+server = 358-version-negotiation-server
+client = 358-version-negotiation-client
+
+[358-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[358-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-358]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[359-version-negotiation]
+ssl_conf = 359-version-negotiation-ssl
+
+[359-version-negotiation-ssl]
+server = 359-version-negotiation-server
+client = 359-version-negotiation-client
+
+[359-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[359-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-359]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[360-version-negotiation]
+ssl_conf = 360-version-negotiation-ssl
+
+[360-version-negotiation-ssl]
+server = 360-version-negotiation-server
+client = 360-version-negotiation-client
+
+[360-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[360-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-360]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[361-version-negotiation]
+ssl_conf = 361-version-negotiation-ssl
+
+[361-version-negotiation-ssl]
+server = 361-version-negotiation-server
+client = 361-version-negotiation-client
+
+[361-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[361-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-361]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[362-version-negotiation]
+ssl_conf = 362-version-negotiation-ssl
+
+[362-version-negotiation-ssl]
+server = 362-version-negotiation-server
+client = 362-version-negotiation-client
+
+[362-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[362-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-362]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[363-version-negotiation]
+ssl_conf = 363-version-negotiation-ssl
+
+[363-version-negotiation-ssl]
+server = 363-version-negotiation-server
+client = 363-version-negotiation-client
+
+[363-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[363-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-363]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[364-version-negotiation]
+ssl_conf = 364-version-negotiation-ssl
+
+[364-version-negotiation-ssl]
+server = 364-version-negotiation-server
+client = 364-version-negotiation-client
+
+[364-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[364-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-364]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[365-version-negotiation]
+ssl_conf = 365-version-negotiation-ssl
+
+[365-version-negotiation-ssl]
+server = 365-version-negotiation-server
+client = 365-version-negotiation-client
+
+[365-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[365-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-365]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[366-version-negotiation]
+ssl_conf = 366-version-negotiation-ssl
+
+[366-version-negotiation-ssl]
+server = 366-version-negotiation-server
+client = 366-version-negotiation-client
+
+[366-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[366-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-366]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[367-version-negotiation]
+ssl_conf = 367-version-negotiation-ssl
+
+[367-version-negotiation-ssl]
+server = 367-version-negotiation-server
+client = 367-version-negotiation-client
+
+[367-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[367-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-367]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[368-version-negotiation]
+ssl_conf = 368-version-negotiation-ssl
+
+[368-version-negotiation-ssl]
+server = 368-version-negotiation-server
+client = 368-version-negotiation-client
+
+[368-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[368-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-368]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[369-version-negotiation]
+ssl_conf = 369-version-negotiation-ssl
+
+[369-version-negotiation-ssl]
+server = 369-version-negotiation-server
+client = 369-version-negotiation-client
+
+[369-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[369-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-369]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[370-version-negotiation]
+ssl_conf = 370-version-negotiation-ssl
+
+[370-version-negotiation-ssl]
+server = 370-version-negotiation-server
+client = 370-version-negotiation-client
+
+[370-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[370-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-370]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[371-version-negotiation]
+ssl_conf = 371-version-negotiation-ssl
+
+[371-version-negotiation-ssl]
+server = 371-version-negotiation-server
+client = 371-version-negotiation-client
+
+[371-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[371-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-371]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[372-version-negotiation]
+ssl_conf = 372-version-negotiation-ssl
+
+[372-version-negotiation-ssl]
+server = 372-version-negotiation-server
+client = 372-version-negotiation-client
+
+[372-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[372-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-372]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[373-version-negotiation]
+ssl_conf = 373-version-negotiation-ssl
+
+[373-version-negotiation-ssl]
+server = 373-version-negotiation-server
+client = 373-version-negotiation-client
+
+[373-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[373-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-373]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[374-version-negotiation]
+ssl_conf = 374-version-negotiation-ssl
+
+[374-version-negotiation-ssl]
+server = 374-version-negotiation-server
+client = 374-version-negotiation-client
+
+[374-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[374-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-374]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[375-version-negotiation]
+ssl_conf = 375-version-negotiation-ssl
+
+[375-version-negotiation-ssl]
+server = 375-version-negotiation-server
+client = 375-version-negotiation-client
+
+[375-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[375-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-375]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[376-version-negotiation]
+ssl_conf = 376-version-negotiation-ssl
+
+[376-version-negotiation-ssl]
+server = 376-version-negotiation-server
+client = 376-version-negotiation-client
+
+[376-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[376-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-376]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[377-version-negotiation]
+ssl_conf = 377-version-negotiation-ssl
+
+[377-version-negotiation-ssl]
+server = 377-version-negotiation-server
+client = 377-version-negotiation-client
+
+[377-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[377-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-377]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[378-version-negotiation]
+ssl_conf = 378-version-negotiation-ssl
+
+[378-version-negotiation-ssl]
+server = 378-version-negotiation-server
+client = 378-version-negotiation-client
+
+[378-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[378-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-378]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[379-version-negotiation]
+ssl_conf = 379-version-negotiation-ssl
+
+[379-version-negotiation-ssl]
+server = 379-version-negotiation-server
+client = 379-version-negotiation-client
+
+[379-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[379-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-379]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[380-version-negotiation]
+ssl_conf = 380-version-negotiation-ssl
+
+[380-version-negotiation-ssl]
+server = 380-version-negotiation-server
+client = 380-version-negotiation-client
+
+[380-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[380-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-380]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[381-version-negotiation]
+ssl_conf = 381-version-negotiation-ssl
+
+[381-version-negotiation-ssl]
+server = 381-version-negotiation-server
+client = 381-version-negotiation-client
+
+[381-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[381-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-381]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[382-version-negotiation]
+ssl_conf = 382-version-negotiation-ssl
+
+[382-version-negotiation-ssl]
+server = 382-version-negotiation-server
+client = 382-version-negotiation-client
+
+[382-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[382-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-382]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[383-version-negotiation]
+ssl_conf = 383-version-negotiation-ssl
+
+[383-version-negotiation-ssl]
+server = 383-version-negotiation-server
+client = 383-version-negotiation-client
+
+[383-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[383-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-383]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[384-version-negotiation]
+ssl_conf = 384-version-negotiation-ssl
+
+[384-version-negotiation-ssl]
+server = 384-version-negotiation-server
+client = 384-version-negotiation-client
+
+[384-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[384-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-384]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[385-version-negotiation]
+ssl_conf = 385-version-negotiation-ssl
+
+[385-version-negotiation-ssl]
+server = 385-version-negotiation-server
+client = 385-version-negotiation-client
+
+[385-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[385-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-385]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[386-version-negotiation]
+ssl_conf = 386-version-negotiation-ssl
+
+[386-version-negotiation-ssl]
+server = 386-version-negotiation-server
+client = 386-version-negotiation-client
+
+[386-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[386-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-386]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[387-version-negotiation]
+ssl_conf = 387-version-negotiation-ssl
+
+[387-version-negotiation-ssl]
+server = 387-version-negotiation-server
+client = 387-version-negotiation-client
+
+[387-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[387-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-387]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[388-version-negotiation]
+ssl_conf = 388-version-negotiation-ssl
+
+[388-version-negotiation-ssl]
+server = 388-version-negotiation-server
+client = 388-version-negotiation-client
+
+[388-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[388-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-388]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[389-version-negotiation]
+ssl_conf = 389-version-negotiation-ssl
+
+[389-version-negotiation-ssl]
+server = 389-version-negotiation-server
+client = 389-version-negotiation-client
+
+[389-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[389-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-389]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[390-version-negotiation]
+ssl_conf = 390-version-negotiation-ssl
+
+[390-version-negotiation-ssl]
+server = 390-version-negotiation-server
+client = 390-version-negotiation-client
+
+[390-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[390-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-390]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[391-version-negotiation]
+ssl_conf = 391-version-negotiation-ssl
+
+[391-version-negotiation-ssl]
+server = 391-version-negotiation-server
+client = 391-version-negotiation-client
+
+[391-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[391-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-391]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[392-version-negotiation]
+ssl_conf = 392-version-negotiation-ssl
+
+[392-version-negotiation-ssl]
+server = 392-version-negotiation-server
+client = 392-version-negotiation-client
+
+[392-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[392-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-392]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[393-version-negotiation]
+ssl_conf = 393-version-negotiation-ssl
+
+[393-version-negotiation-ssl]
+server = 393-version-negotiation-server
+client = 393-version-negotiation-client
+
+[393-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[393-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-393]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[394-version-negotiation]
+ssl_conf = 394-version-negotiation-ssl
+
+[394-version-negotiation-ssl]
+server = 394-version-negotiation-server
+client = 394-version-negotiation-client
+
+[394-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[394-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-394]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[395-version-negotiation]
+ssl_conf = 395-version-negotiation-ssl
+
+[395-version-negotiation-ssl]
+server = 395-version-negotiation-server
+client = 395-version-negotiation-client
+
+[395-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[395-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-395]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[396-version-negotiation]
+ssl_conf = 396-version-negotiation-ssl
+
+[396-version-negotiation-ssl]
+server = 396-version-negotiation-server
+client = 396-version-negotiation-client
+
+[396-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[396-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-396]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[397-version-negotiation]
+ssl_conf = 397-version-negotiation-ssl
+
+[397-version-negotiation-ssl]
+server = 397-version-negotiation-server
+client = 397-version-negotiation-client
+
+[397-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[397-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-397]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[398-version-negotiation]
+ssl_conf = 398-version-negotiation-ssl
+
+[398-version-negotiation-ssl]
+server = 398-version-negotiation-server
+client = 398-version-negotiation-client
+
+[398-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[398-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-398]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[399-version-negotiation]
+ssl_conf = 399-version-negotiation-ssl
+
+[399-version-negotiation-ssl]
+server = 399-version-negotiation-server
+client = 399-version-negotiation-client
+
+[399-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[399-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-399]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[400-version-negotiation]
+ssl_conf = 400-version-negotiation-ssl
+
+[400-version-negotiation-ssl]
+server = 400-version-negotiation-server
+client = 400-version-negotiation-client
+
+[400-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[400-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-400]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[401-version-negotiation]
+ssl_conf = 401-version-negotiation-ssl
+
+[401-version-negotiation-ssl]
+server = 401-version-negotiation-server
+client = 401-version-negotiation-client
+
+[401-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[401-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-401]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[402-version-negotiation]
+ssl_conf = 402-version-negotiation-ssl
+
+[402-version-negotiation-ssl]
+server = 402-version-negotiation-server
+client = 402-version-negotiation-client
+
+[402-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[402-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-402]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[403-version-negotiation]
+ssl_conf = 403-version-negotiation-ssl
+
+[403-version-negotiation-ssl]
+server = 403-version-negotiation-server
+client = 403-version-negotiation-client
+
+[403-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[403-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-403]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[404-version-negotiation]
+ssl_conf = 404-version-negotiation-ssl
+
+[404-version-negotiation-ssl]
+server = 404-version-negotiation-server
+client = 404-version-negotiation-client
+
+[404-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[404-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-404]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[405-version-negotiation]
+ssl_conf = 405-version-negotiation-ssl
+
+[405-version-negotiation-ssl]
+server = 405-version-negotiation-server
+client = 405-version-negotiation-client
+
+[405-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[405-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-405]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[406-version-negotiation]
+ssl_conf = 406-version-negotiation-ssl
+
+[406-version-negotiation-ssl]
+server = 406-version-negotiation-server
+client = 406-version-negotiation-client
+
+[406-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[406-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-406]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[407-version-negotiation]
+ssl_conf = 407-version-negotiation-ssl
+
+[407-version-negotiation-ssl]
+server = 407-version-negotiation-server
+client = 407-version-negotiation-client
+
+[407-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[407-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-407]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[408-version-negotiation]
+ssl_conf = 408-version-negotiation-ssl
+
+[408-version-negotiation-ssl]
+server = 408-version-negotiation-server
+client = 408-version-negotiation-client
+
+[408-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[408-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-408]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[409-version-negotiation]
+ssl_conf = 409-version-negotiation-ssl
+
+[409-version-negotiation-ssl]
+server = 409-version-negotiation-server
+client = 409-version-negotiation-client
+
+[409-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[409-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-409]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[410-version-negotiation]
+ssl_conf = 410-version-negotiation-ssl
+
+[410-version-negotiation-ssl]
+server = 410-version-negotiation-server
+client = 410-version-negotiation-client
+
+[410-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[410-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-410]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[411-version-negotiation]
+ssl_conf = 411-version-negotiation-ssl
+
+[411-version-negotiation-ssl]
+server = 411-version-negotiation-server
+client = 411-version-negotiation-client
+
+[411-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[411-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-411]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[412-version-negotiation]
+ssl_conf = 412-version-negotiation-ssl
+
+[412-version-negotiation-ssl]
+server = 412-version-negotiation-server
+client = 412-version-negotiation-client
+
+[412-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[412-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-412]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[413-version-negotiation]
+ssl_conf = 413-version-negotiation-ssl
+
+[413-version-negotiation-ssl]
+server = 413-version-negotiation-server
+client = 413-version-negotiation-client
+
+[413-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[413-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-413]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[414-version-negotiation]
+ssl_conf = 414-version-negotiation-ssl
+
+[414-version-negotiation-ssl]
+server = 414-version-negotiation-server
+client = 414-version-negotiation-client
+
+[414-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[414-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-414]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[415-version-negotiation]
+ssl_conf = 415-version-negotiation-ssl
+
+[415-version-negotiation-ssl]
+server = 415-version-negotiation-server
+client = 415-version-negotiation-client
+
+[415-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[415-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-415]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[416-version-negotiation]
+ssl_conf = 416-version-negotiation-ssl
+
+[416-version-negotiation-ssl]
+server = 416-version-negotiation-server
+client = 416-version-negotiation-client
+
+[416-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[416-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-416]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[417-version-negotiation]
+ssl_conf = 417-version-negotiation-ssl
+
+[417-version-negotiation-ssl]
+server = 417-version-negotiation-server
+client = 417-version-negotiation-client
+
+[417-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[417-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-417]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[418-version-negotiation]
+ssl_conf = 418-version-negotiation-ssl
+
+[418-version-negotiation-ssl]
+server = 418-version-negotiation-server
+client = 418-version-negotiation-client
+
+[418-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[418-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-418]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[419-version-negotiation]
+ssl_conf = 419-version-negotiation-ssl
+
+[419-version-negotiation-ssl]
+server = 419-version-negotiation-server
+client = 419-version-negotiation-client
+
+[419-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[419-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-419]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[420-version-negotiation]
+ssl_conf = 420-version-negotiation-ssl
+
+[420-version-negotiation-ssl]
+server = 420-version-negotiation-server
+client = 420-version-negotiation-client
+
+[420-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[420-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-420]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[421-version-negotiation]
+ssl_conf = 421-version-negotiation-ssl
+
+[421-version-negotiation-ssl]
+server = 421-version-negotiation-server
+client = 421-version-negotiation-client
+
+[421-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[421-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-421]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[422-version-negotiation]
+ssl_conf = 422-version-negotiation-ssl
+
+[422-version-negotiation-ssl]
+server = 422-version-negotiation-server
+client = 422-version-negotiation-client
+
+[422-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[422-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-422]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[423-version-negotiation]
+ssl_conf = 423-version-negotiation-ssl
+
+[423-version-negotiation-ssl]
+server = 423-version-negotiation-server
+client = 423-version-negotiation-client
+
+[423-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[423-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-423]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[424-version-negotiation]
+ssl_conf = 424-version-negotiation-ssl
+
+[424-version-negotiation-ssl]
+server = 424-version-negotiation-server
+client = 424-version-negotiation-client
+
+[424-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[424-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-424]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[425-version-negotiation]
+ssl_conf = 425-version-negotiation-ssl
+
+[425-version-negotiation-ssl]
+server = 425-version-negotiation-server
+client = 425-version-negotiation-client
+
+[425-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[425-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-425]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[426-version-negotiation]
+ssl_conf = 426-version-negotiation-ssl
+
+[426-version-negotiation-ssl]
+server = 426-version-negotiation-server
+client = 426-version-negotiation-client
+
+[426-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[426-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-426]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[427-version-negotiation]
+ssl_conf = 427-version-negotiation-ssl
+
+[427-version-negotiation-ssl]
+server = 427-version-negotiation-server
+client = 427-version-negotiation-client
+
+[427-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[427-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-427]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[428-version-negotiation]
+ssl_conf = 428-version-negotiation-ssl
+
+[428-version-negotiation-ssl]
+server = 428-version-negotiation-server
+client = 428-version-negotiation-client
+
+[428-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[428-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-428]
+ExpectedProtocol = TLSv1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[429-version-negotiation]
+ssl_conf = 429-version-negotiation-ssl
+
+[429-version-negotiation-ssl]
+server = 429-version-negotiation-server
+client = 429-version-negotiation-client
+
+[429-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[429-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-429]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[430-version-negotiation]
+ssl_conf = 430-version-negotiation-ssl
+
+[430-version-negotiation-ssl]
+server = 430-version-negotiation-server
+client = 430-version-negotiation-client
+
+[430-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[430-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-430]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[431-version-negotiation]
+ssl_conf = 431-version-negotiation-ssl
+
+[431-version-negotiation-ssl]
+server = 431-version-negotiation-server
+client = 431-version-negotiation-client
+
+[431-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[431-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-431]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[432-version-negotiation]
+ssl_conf = 432-version-negotiation-ssl
+
+[432-version-negotiation-ssl]
+server = 432-version-negotiation-server
+client = 432-version-negotiation-client
+
+[432-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[432-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-432]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[433-version-negotiation]
+ssl_conf = 433-version-negotiation-ssl
+
+[433-version-negotiation-ssl]
+server = 433-version-negotiation-server
+client = 433-version-negotiation-client
+
+[433-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[433-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-433]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[434-version-negotiation]
+ssl_conf = 434-version-negotiation-ssl
+
+[434-version-negotiation-ssl]
+server = 434-version-negotiation-server
+client = 434-version-negotiation-client
+
+[434-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[434-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-434]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[435-version-negotiation]
+ssl_conf = 435-version-negotiation-ssl
+
+[435-version-negotiation-ssl]
+server = 435-version-negotiation-server
+client = 435-version-negotiation-client
+
+[435-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[435-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-435]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[436-version-negotiation]
+ssl_conf = 436-version-negotiation-ssl
+
+[436-version-negotiation-ssl]
+server = 436-version-negotiation-server
+client = 436-version-negotiation-client
+
+[436-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[436-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-436]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[437-version-negotiation]
+ssl_conf = 437-version-negotiation-ssl
+
+[437-version-negotiation-ssl]
+server = 437-version-negotiation-server
+client = 437-version-negotiation-client
+
+[437-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[437-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-437]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[438-version-negotiation]
+ssl_conf = 438-version-negotiation-ssl
+
+[438-version-negotiation-ssl]
+server = 438-version-negotiation-server
+client = 438-version-negotiation-client
+
+[438-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[438-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-438]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[439-version-negotiation]
+ssl_conf = 439-version-negotiation-ssl
+
+[439-version-negotiation-ssl]
+server = 439-version-negotiation-server
+client = 439-version-negotiation-client
+
+[439-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[439-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-439]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[440-version-negotiation]
+ssl_conf = 440-version-negotiation-ssl
+
+[440-version-negotiation-ssl]
+server = 440-version-negotiation-server
+client = 440-version-negotiation-client
+
+[440-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[440-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-440]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[441-version-negotiation]
+ssl_conf = 441-version-negotiation-ssl
+
+[441-version-negotiation-ssl]
+server = 441-version-negotiation-server
+client = 441-version-negotiation-client
+
+[441-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[441-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-441]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[442-version-negotiation]
+ssl_conf = 442-version-negotiation-ssl
+
+[442-version-negotiation-ssl]
+server = 442-version-negotiation-server
+client = 442-version-negotiation-client
+
+[442-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[442-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-442]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[443-version-negotiation]
+ssl_conf = 443-version-negotiation-ssl
+
+[443-version-negotiation-ssl]
+server = 443-version-negotiation-server
+client = 443-version-negotiation-client
+
+[443-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[443-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-443]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[444-version-negotiation]
+ssl_conf = 444-version-negotiation-ssl
+
+[444-version-negotiation-ssl]
+server = 444-version-negotiation-server
+client = 444-version-negotiation-client
+
+[444-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[444-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-444]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[445-version-negotiation]
+ssl_conf = 445-version-negotiation-ssl
+
+[445-version-negotiation-ssl]
+server = 445-version-negotiation-server
+client = 445-version-negotiation-client
+
+[445-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[445-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-445]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[446-version-negotiation]
+ssl_conf = 446-version-negotiation-ssl
+
+[446-version-negotiation-ssl]
+server = 446-version-negotiation-server
+client = 446-version-negotiation-client
+
+[446-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[446-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-446]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[447-version-negotiation]
+ssl_conf = 447-version-negotiation-ssl
+
+[447-version-negotiation-ssl]
+server = 447-version-negotiation-server
+client = 447-version-negotiation-client
+
+[447-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[447-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-447]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[448-version-negotiation]
+ssl_conf = 448-version-negotiation-ssl
+
+[448-version-negotiation-ssl]
+server = 448-version-negotiation-server
+client = 448-version-negotiation-client
+
+[448-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[448-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-448]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[449-version-negotiation]
+ssl_conf = 449-version-negotiation-ssl
+
+[449-version-negotiation-ssl]
+server = 449-version-negotiation-server
+client = 449-version-negotiation-client
+
+[449-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[449-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-449]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[450-version-negotiation]
+ssl_conf = 450-version-negotiation-ssl
+
+[450-version-negotiation-ssl]
+server = 450-version-negotiation-server
+client = 450-version-negotiation-client
+
+[450-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[450-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-450]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[451-version-negotiation]
+ssl_conf = 451-version-negotiation-ssl
+
+[451-version-negotiation-ssl]
+server = 451-version-negotiation-server
+client = 451-version-negotiation-client
+
+[451-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[451-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-451]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[452-version-negotiation]
+ssl_conf = 452-version-negotiation-ssl
+
+[452-version-negotiation-ssl]
+server = 452-version-negotiation-server
+client = 452-version-negotiation-client
+
+[452-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[452-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-452]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[453-version-negotiation]
+ssl_conf = 453-version-negotiation-ssl
+
+[453-version-negotiation-ssl]
+server = 453-version-negotiation-server
+client = 453-version-negotiation-client
+
+[453-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[453-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-453]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[454-version-negotiation]
+ssl_conf = 454-version-negotiation-ssl
+
+[454-version-negotiation-ssl]
+server = 454-version-negotiation-server
+client = 454-version-negotiation-client
+
+[454-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[454-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-454]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[455-version-negotiation]
+ssl_conf = 455-version-negotiation-ssl
+
+[455-version-negotiation-ssl]
+server = 455-version-negotiation-server
+client = 455-version-negotiation-client
+
+[455-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[455-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-455]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[456-version-negotiation]
+ssl_conf = 456-version-negotiation-ssl
+
+[456-version-negotiation-ssl]
+server = 456-version-negotiation-server
+client = 456-version-negotiation-client
+
+[456-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[456-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-456]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[457-version-negotiation]
+ssl_conf = 457-version-negotiation-ssl
+
+[457-version-negotiation-ssl]
+server = 457-version-negotiation-server
+client = 457-version-negotiation-client
+
+[457-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[457-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-457]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[458-version-negotiation]
+ssl_conf = 458-version-negotiation-ssl
+
+[458-version-negotiation-ssl]
+server = 458-version-negotiation-server
+client = 458-version-negotiation-client
+
+[458-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[458-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-458]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[459-version-negotiation]
+ssl_conf = 459-version-negotiation-ssl
+
+[459-version-negotiation-ssl]
+server = 459-version-negotiation-server
+client = 459-version-negotiation-client
+
+[459-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[459-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-459]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[460-version-negotiation]
+ssl_conf = 460-version-negotiation-ssl
+
+[460-version-negotiation-ssl]
+server = 460-version-negotiation-server
+client = 460-version-negotiation-client
+
+[460-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[460-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-460]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[461-version-negotiation]
+ssl_conf = 461-version-negotiation-ssl
+
+[461-version-negotiation-ssl]
+server = 461-version-negotiation-server
+client = 461-version-negotiation-client
+
+[461-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[461-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-461]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[462-version-negotiation]
+ssl_conf = 462-version-negotiation-ssl
+
+[462-version-negotiation-ssl]
+server = 462-version-negotiation-server
+client = 462-version-negotiation-client
+
+[462-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[462-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-462]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[463-version-negotiation]
+ssl_conf = 463-version-negotiation-ssl
+
+[463-version-negotiation-ssl]
+server = 463-version-negotiation-server
+client = 463-version-negotiation-client
+
+[463-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[463-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-463]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[464-version-negotiation]
+ssl_conf = 464-version-negotiation-ssl
+
+[464-version-negotiation-ssl]
+server = 464-version-negotiation-server
+client = 464-version-negotiation-client
+
+[464-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[464-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-464]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[465-version-negotiation]
+ssl_conf = 465-version-negotiation-ssl
+
+[465-version-negotiation-ssl]
+server = 465-version-negotiation-server
+client = 465-version-negotiation-client
+
+[465-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[465-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-465]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[466-version-negotiation]
+ssl_conf = 466-version-negotiation-ssl
+
+[466-version-negotiation-ssl]
+server = 466-version-negotiation-server
+client = 466-version-negotiation-client
+
+[466-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[466-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-466]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[467-version-negotiation]
+ssl_conf = 467-version-negotiation-ssl
+
+[467-version-negotiation-ssl]
+server = 467-version-negotiation-server
+client = 467-version-negotiation-client
+
+[467-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[467-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-467]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[468-version-negotiation]
+ssl_conf = 468-version-negotiation-ssl
+
+[468-version-negotiation-ssl]
+server = 468-version-negotiation-server
+client = 468-version-negotiation-client
+
+[468-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[468-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-468]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[469-version-negotiation]
+ssl_conf = 469-version-negotiation-ssl
+
+[469-version-negotiation-ssl]
+server = 469-version-negotiation-server
+client = 469-version-negotiation-client
+
+[469-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[469-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-469]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[470-version-negotiation]
+ssl_conf = 470-version-negotiation-ssl
+
+[470-version-negotiation-ssl]
+server = 470-version-negotiation-server
+client = 470-version-negotiation-client
+
+[470-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[470-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-470]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[471-version-negotiation]
+ssl_conf = 471-version-negotiation-ssl
+
+[471-version-negotiation-ssl]
+server = 471-version-negotiation-server
+client = 471-version-negotiation-client
+
+[471-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[471-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-471]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[472-version-negotiation]
+ssl_conf = 472-version-negotiation-ssl
+
+[472-version-negotiation-ssl]
+server = 472-version-negotiation-server
+client = 472-version-negotiation-client
+
+[472-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[472-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-472]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[473-version-negotiation]
+ssl_conf = 473-version-negotiation-ssl
+
+[473-version-negotiation-ssl]
+server = 473-version-negotiation-server
+client = 473-version-negotiation-client
+
+[473-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[473-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-473]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[474-version-negotiation]
+ssl_conf = 474-version-negotiation-ssl
+
+[474-version-negotiation-ssl]
+server = 474-version-negotiation-server
+client = 474-version-negotiation-client
+
+[474-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[474-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-474]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[475-version-negotiation]
+ssl_conf = 475-version-negotiation-ssl
+
+[475-version-negotiation-ssl]
+server = 475-version-negotiation-server
+client = 475-version-negotiation-client
+
+[475-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[475-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-475]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[476-version-negotiation]
+ssl_conf = 476-version-negotiation-ssl
+
+[476-version-negotiation-ssl]
+server = 476-version-negotiation-server
+client = 476-version-negotiation-client
+
+[476-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[476-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-476]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[477-version-negotiation]
+ssl_conf = 477-version-negotiation-ssl
+
+[477-version-negotiation-ssl]
+server = 477-version-negotiation-server
+client = 477-version-negotiation-client
+
+[477-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[477-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-477]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[478-version-negotiation]
+ssl_conf = 478-version-negotiation-ssl
+
+[478-version-negotiation-ssl]
+server = 478-version-negotiation-server
+client = 478-version-negotiation-client
+
+[478-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[478-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-478]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[479-version-negotiation]
+ssl_conf = 479-version-negotiation-ssl
+
+[479-version-negotiation-ssl]
+server = 479-version-negotiation-server
+client = 479-version-negotiation-client
+
+[479-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[479-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-479]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[480-version-negotiation]
+ssl_conf = 480-version-negotiation-ssl
+
+[480-version-negotiation-ssl]
+server = 480-version-negotiation-server
+client = 480-version-negotiation-client
+
+[480-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[480-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-480]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[481-version-negotiation]
+ssl_conf = 481-version-negotiation-ssl
+
+[481-version-negotiation-ssl]
+server = 481-version-negotiation-server
+client = 481-version-negotiation-client
+
+[481-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[481-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-481]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[482-version-negotiation]
+ssl_conf = 482-version-negotiation-ssl
+
+[482-version-negotiation-ssl]
+server = 482-version-negotiation-server
+client = 482-version-negotiation-client
+
+[482-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[482-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-482]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[483-version-negotiation]
+ssl_conf = 483-version-negotiation-ssl
+
+[483-version-negotiation-ssl]
+server = 483-version-negotiation-server
+client = 483-version-negotiation-client
+
+[483-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[483-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-483]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[484-version-negotiation]
+ssl_conf = 484-version-negotiation-ssl
+
+[484-version-negotiation-ssl]
+server = 484-version-negotiation-server
+client = 484-version-negotiation-client
+
+[484-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[484-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-484]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[485-version-negotiation]
+ssl_conf = 485-version-negotiation-ssl
+
+[485-version-negotiation-ssl]
+server = 485-version-negotiation-server
+client = 485-version-negotiation-client
+
+[485-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[485-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-485]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[486-version-negotiation]
+ssl_conf = 486-version-negotiation-ssl
+
+[486-version-negotiation-ssl]
+server = 486-version-negotiation-server
+client = 486-version-negotiation-client
+
+[486-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[486-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-486]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[487-version-negotiation]
+ssl_conf = 487-version-negotiation-ssl
+
+[487-version-negotiation-ssl]
+server = 487-version-negotiation-server
+client = 487-version-negotiation-client
+
+[487-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[487-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-487]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[488-version-negotiation]
+ssl_conf = 488-version-negotiation-ssl
+
+[488-version-negotiation-ssl]
+server = 488-version-negotiation-server
+client = 488-version-negotiation-client
+
+[488-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[488-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-488]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[489-version-negotiation]
+ssl_conf = 489-version-negotiation-ssl
+
+[489-version-negotiation-ssl]
+server = 489-version-negotiation-server
+client = 489-version-negotiation-client
+
+[489-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[489-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-489]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[490-version-negotiation]
+ssl_conf = 490-version-negotiation-ssl
+
+[490-version-negotiation-ssl]
+server = 490-version-negotiation-server
+client = 490-version-negotiation-client
+
+[490-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[490-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-490]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[491-version-negotiation]
+ssl_conf = 491-version-negotiation-ssl
+
+[491-version-negotiation-ssl]
+server = 491-version-negotiation-server
+client = 491-version-negotiation-client
+
+[491-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[491-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-491]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[492-version-negotiation]
+ssl_conf = 492-version-negotiation-ssl
+
+[492-version-negotiation-ssl]
+server = 492-version-negotiation-server
+client = 492-version-negotiation-client
+
+[492-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[492-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-492]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[493-version-negotiation]
+ssl_conf = 493-version-negotiation-ssl
+
+[493-version-negotiation-ssl]
+server = 493-version-negotiation-server
+client = 493-version-negotiation-client
+
+[493-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[493-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-493]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[494-version-negotiation]
+ssl_conf = 494-version-negotiation-ssl
+
+[494-version-negotiation-ssl]
+server = 494-version-negotiation-server
+client = 494-version-negotiation-client
+
+[494-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[494-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-494]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[495-version-negotiation]
+ssl_conf = 495-version-negotiation-ssl
+
+[495-version-negotiation-ssl]
+server = 495-version-negotiation-server
+client = 495-version-negotiation-client
+
+[495-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[495-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-495]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[496-version-negotiation]
+ssl_conf = 496-version-negotiation-ssl
+
+[496-version-negotiation-ssl]
+server = 496-version-negotiation-server
+client = 496-version-negotiation-client
+
+[496-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[496-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-496]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[497-version-negotiation]
+ssl_conf = 497-version-negotiation-ssl
+
+[497-version-negotiation-ssl]
+server = 497-version-negotiation-server
+client = 497-version-negotiation-client
+
+[497-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[497-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-497]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[498-version-negotiation]
+ssl_conf = 498-version-negotiation-ssl
+
+[498-version-negotiation-ssl]
+server = 498-version-negotiation-server
+client = 498-version-negotiation-client
+
+[498-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[498-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-498]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[499-version-negotiation]
+ssl_conf = 499-version-negotiation-ssl
+
+[499-version-negotiation-ssl]
+server = 499-version-negotiation-server
+client = 499-version-negotiation-client
+
+[499-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[499-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-499]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[500-version-negotiation]
+ssl_conf = 500-version-negotiation-ssl
+
+[500-version-negotiation-ssl]
+server = 500-version-negotiation-server
+client = 500-version-negotiation-client
+
+[500-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[500-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-500]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[501-version-negotiation]
+ssl_conf = 501-version-negotiation-ssl
+
+[501-version-negotiation-ssl]
+server = 501-version-negotiation-server
+client = 501-version-negotiation-client
+
+[501-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[501-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-501]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[502-version-negotiation]
+ssl_conf = 502-version-negotiation-ssl
+
+[502-version-negotiation-ssl]
+server = 502-version-negotiation-server
+client = 502-version-negotiation-client
+
+[502-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[502-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-502]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[503-version-negotiation]
+ssl_conf = 503-version-negotiation-ssl
+
+[503-version-negotiation-ssl]
+server = 503-version-negotiation-server
+client = 503-version-negotiation-client
+
+[503-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[503-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-503]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[504-version-negotiation]
+ssl_conf = 504-version-negotiation-ssl
+
+[504-version-negotiation-ssl]
+server = 504-version-negotiation-server
+client = 504-version-negotiation-client
+
+[504-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[504-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-504]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[505-version-negotiation]
+ssl_conf = 505-version-negotiation-ssl
+
+[505-version-negotiation-ssl]
+server = 505-version-negotiation-server
+client = 505-version-negotiation-client
+
+[505-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[505-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-505]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[506-version-negotiation]
+ssl_conf = 506-version-negotiation-ssl
+
+[506-version-negotiation-ssl]
+server = 506-version-negotiation-server
+client = 506-version-negotiation-client
+
+[506-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[506-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-506]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[507-version-negotiation]
+ssl_conf = 507-version-negotiation-ssl
+
+[507-version-negotiation-ssl]
+server = 507-version-negotiation-server
+client = 507-version-negotiation-client
+
+[507-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[507-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-507]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[508-version-negotiation]
+ssl_conf = 508-version-negotiation-ssl
+
+[508-version-negotiation-ssl]
+server = 508-version-negotiation-server
+client = 508-version-negotiation-client
+
+[508-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[508-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-508]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[509-version-negotiation]
+ssl_conf = 509-version-negotiation-ssl
+
+[509-version-negotiation-ssl]
+server = 509-version-negotiation-server
+client = 509-version-negotiation-client
+
+[509-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[509-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-509]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[510-version-negotiation]
+ssl_conf = 510-version-negotiation-ssl
+
+[510-version-negotiation-ssl]
+server = 510-version-negotiation-server
+client = 510-version-negotiation-client
+
+[510-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[510-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-510]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[511-version-negotiation]
+ssl_conf = 511-version-negotiation-ssl
+
+[511-version-negotiation-ssl]
+server = 511-version-negotiation-server
+client = 511-version-negotiation-client
+
+[511-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[511-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-511]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[512-version-negotiation]
+ssl_conf = 512-version-negotiation-ssl
+
+[512-version-negotiation-ssl]
+server = 512-version-negotiation-server
+client = 512-version-negotiation-client
+
+[512-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[512-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-512]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[513-version-negotiation]
+ssl_conf = 513-version-negotiation-ssl
+
+[513-version-negotiation-ssl]
+server = 513-version-negotiation-server
+client = 513-version-negotiation-client
+
+[513-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[513-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-513]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[514-version-negotiation]
+ssl_conf = 514-version-negotiation-ssl
+
+[514-version-negotiation-ssl]
+server = 514-version-negotiation-server
+client = 514-version-negotiation-client
+
+[514-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[514-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-514]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[515-version-negotiation]
+ssl_conf = 515-version-negotiation-ssl
+
+[515-version-negotiation-ssl]
+server = 515-version-negotiation-server
+client = 515-version-negotiation-client
+
+[515-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[515-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-515]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[516-version-negotiation]
+ssl_conf = 516-version-negotiation-ssl
+
+[516-version-negotiation-ssl]
+server = 516-version-negotiation-server
+client = 516-version-negotiation-client
+
+[516-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[516-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-516]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[517-version-negotiation]
+ssl_conf = 517-version-negotiation-ssl
+
+[517-version-negotiation-ssl]
+server = 517-version-negotiation-server
+client = 517-version-negotiation-client
+
+[517-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[517-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-517]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[518-version-negotiation]
+ssl_conf = 518-version-negotiation-ssl
+
+[518-version-negotiation-ssl]
+server = 518-version-negotiation-server
+client = 518-version-negotiation-client
+
+[518-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[518-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-518]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[519-version-negotiation]
+ssl_conf = 519-version-negotiation-ssl
+
+[519-version-negotiation-ssl]
+server = 519-version-negotiation-server
+client = 519-version-negotiation-client
+
+[519-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[519-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-519]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[520-version-negotiation]
+ssl_conf = 520-version-negotiation-ssl
+
+[520-version-negotiation-ssl]
+server = 520-version-negotiation-server
+client = 520-version-negotiation-client
+
+[520-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[520-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-520]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[521-version-negotiation]
+ssl_conf = 521-version-negotiation-ssl
+
+[521-version-negotiation-ssl]
+server = 521-version-negotiation-server
+client = 521-version-negotiation-client
+
+[521-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[521-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-521]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[522-version-negotiation]
+ssl_conf = 522-version-negotiation-ssl
+
+[522-version-negotiation-ssl]
+server = 522-version-negotiation-server
+client = 522-version-negotiation-client
+
+[522-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[522-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-522]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[523-version-negotiation]
+ssl_conf = 523-version-negotiation-ssl
+
+[523-version-negotiation-ssl]
+server = 523-version-negotiation-server
+client = 523-version-negotiation-client
+
+[523-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[523-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-523]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[524-version-negotiation]
+ssl_conf = 524-version-negotiation-ssl
+
+[524-version-negotiation-ssl]
+server = 524-version-negotiation-server
+client = 524-version-negotiation-client
+
+[524-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[524-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-524]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[525-version-negotiation]
+ssl_conf = 525-version-negotiation-ssl
+
+[525-version-negotiation-ssl]
+server = 525-version-negotiation-server
+client = 525-version-negotiation-client
+
+[525-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[525-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-525]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[526-version-negotiation]
+ssl_conf = 526-version-negotiation-ssl
+
+[526-version-negotiation-ssl]
+server = 526-version-negotiation-server
+client = 526-version-negotiation-client
+
+[526-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[526-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-526]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[527-version-negotiation]
+ssl_conf = 527-version-negotiation-ssl
+
+[527-version-negotiation-ssl]
+server = 527-version-negotiation-server
+client = 527-version-negotiation-client
+
+[527-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[527-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-527]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[528-version-negotiation]
+ssl_conf = 528-version-negotiation-ssl
+
+[528-version-negotiation-ssl]
+server = 528-version-negotiation-server
+client = 528-version-negotiation-client
+
+[528-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[528-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-528]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[529-version-negotiation]
+ssl_conf = 529-version-negotiation-ssl
+
+[529-version-negotiation-ssl]
+server = 529-version-negotiation-server
+client = 529-version-negotiation-client
+
+[529-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[529-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-529]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[530-version-negotiation]
+ssl_conf = 530-version-negotiation-ssl
+
+[530-version-negotiation-ssl]
+server = 530-version-negotiation-server
+client = 530-version-negotiation-client
+
+[530-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[530-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-530]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[531-version-negotiation]
+ssl_conf = 531-version-negotiation-ssl
+
+[531-version-negotiation-ssl]
+server = 531-version-negotiation-server
+client = 531-version-negotiation-client
+
+[531-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[531-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-531]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[532-version-negotiation]
+ssl_conf = 532-version-negotiation-ssl
+
+[532-version-negotiation-ssl]
+server = 532-version-negotiation-server
+client = 532-version-negotiation-client
+
+[532-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[532-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-532]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[533-version-negotiation]
+ssl_conf = 533-version-negotiation-ssl
+
+[533-version-negotiation-ssl]
+server = 533-version-negotiation-server
+client = 533-version-negotiation-client
+
+[533-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[533-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-533]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[534-version-negotiation]
+ssl_conf = 534-version-negotiation-ssl
+
+[534-version-negotiation-ssl]
+server = 534-version-negotiation-server
+client = 534-version-negotiation-client
+
+[534-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[534-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-534]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[535-version-negotiation]
+ssl_conf = 535-version-negotiation-ssl
+
+[535-version-negotiation-ssl]
+server = 535-version-negotiation-server
+client = 535-version-negotiation-client
+
+[535-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[535-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-535]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[536-version-negotiation]
+ssl_conf = 536-version-negotiation-ssl
+
+[536-version-negotiation-ssl]
+server = 536-version-negotiation-server
+client = 536-version-negotiation-client
+
+[536-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[536-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-536]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[537-version-negotiation]
+ssl_conf = 537-version-negotiation-ssl
+
+[537-version-negotiation-ssl]
+server = 537-version-negotiation-server
+client = 537-version-negotiation-client
+
+[537-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[537-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-537]
+ExpectedProtocol = TLSv1.1
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[538-version-negotiation]
+ssl_conf = 538-version-negotiation-ssl
+
+[538-version-negotiation-ssl]
+server = 538-version-negotiation-server
+client = 538-version-negotiation-client
+
+[538-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[538-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-538]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[539-version-negotiation]
+ssl_conf = 539-version-negotiation-ssl
+
+[539-version-negotiation-ssl]
+server = 539-version-negotiation-server
+client = 539-version-negotiation-client
+
+[539-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[539-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-539]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[540-version-negotiation]
+ssl_conf = 540-version-negotiation-ssl
+
+[540-version-negotiation-ssl]
+server = 540-version-negotiation-server
+client = 540-version-negotiation-client
+
+[540-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[540-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-540]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[541-version-negotiation]
+ssl_conf = 541-version-negotiation-ssl
+
+[541-version-negotiation-ssl]
+server = 541-version-negotiation-server
+client = 541-version-negotiation-client
+
+[541-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[541-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-541]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[542-version-negotiation]
+ssl_conf = 542-version-negotiation-ssl
+
+[542-version-negotiation-ssl]
+server = 542-version-negotiation-server
+client = 542-version-negotiation-client
+
+[542-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[542-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-542]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[543-version-negotiation]
+ssl_conf = 543-version-negotiation-ssl
+
+[543-version-negotiation-ssl]
+server = 543-version-negotiation-server
+client = 543-version-negotiation-client
+
+[543-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[543-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-543]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[544-version-negotiation]
+ssl_conf = 544-version-negotiation-ssl
+
+[544-version-negotiation-ssl]
+server = 544-version-negotiation-server
+client = 544-version-negotiation-client
+
+[544-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[544-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-544]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[545-version-negotiation]
+ssl_conf = 545-version-negotiation-ssl
+
+[545-version-negotiation-ssl]
+server = 545-version-negotiation-server
+client = 545-version-negotiation-client
+
+[545-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[545-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-545]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[546-version-negotiation]
+ssl_conf = 546-version-negotiation-ssl
+
+[546-version-negotiation-ssl]
+server = 546-version-negotiation-server
+client = 546-version-negotiation-client
+
+[546-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[546-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-546]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[547-version-negotiation]
+ssl_conf = 547-version-negotiation-ssl
+
+[547-version-negotiation-ssl]
+server = 547-version-negotiation-server
+client = 547-version-negotiation-client
+
+[547-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[547-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-547]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[548-version-negotiation]
+ssl_conf = 548-version-negotiation-ssl
+
+[548-version-negotiation-ssl]
+server = 548-version-negotiation-server
+client = 548-version-negotiation-client
+
+[548-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[548-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-548]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[549-version-negotiation]
+ssl_conf = 549-version-negotiation-ssl
+
+[549-version-negotiation-ssl]
+server = 549-version-negotiation-server
+client = 549-version-negotiation-client
+
+[549-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[549-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-549]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[550-version-negotiation]
+ssl_conf = 550-version-negotiation-ssl
+
+[550-version-negotiation-ssl]
+server = 550-version-negotiation-server
+client = 550-version-negotiation-client
+
+[550-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[550-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-550]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[551-version-negotiation]
+ssl_conf = 551-version-negotiation-ssl
+
+[551-version-negotiation-ssl]
+server = 551-version-negotiation-server
+client = 551-version-negotiation-client
+
+[551-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[551-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-551]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[552-version-negotiation]
+ssl_conf = 552-version-negotiation-ssl
+
+[552-version-negotiation-ssl]
+server = 552-version-negotiation-server
+client = 552-version-negotiation-client
+
+[552-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[552-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-552]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[553-version-negotiation]
+ssl_conf = 553-version-negotiation-ssl
+
+[553-version-negotiation-ssl]
+server = 553-version-negotiation-server
+client = 553-version-negotiation-client
+
+[553-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[553-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-553]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[554-version-negotiation]
+ssl_conf = 554-version-negotiation-ssl
+
+[554-version-negotiation-ssl]
+server = 554-version-negotiation-server
+client = 554-version-negotiation-client
+
+[554-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[554-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-554]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[555-version-negotiation]
+ssl_conf = 555-version-negotiation-ssl
+
+[555-version-negotiation-ssl]
+server = 555-version-negotiation-server
+client = 555-version-negotiation-client
+
+[555-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[555-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-555]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[556-version-negotiation]
+ssl_conf = 556-version-negotiation-ssl
+
+[556-version-negotiation-ssl]
+server = 556-version-negotiation-server
+client = 556-version-negotiation-client
+
+[556-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[556-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-556]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[557-version-negotiation]
+ssl_conf = 557-version-negotiation-ssl
+
+[557-version-negotiation-ssl]
+server = 557-version-negotiation-server
+client = 557-version-negotiation-client
+
+[557-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[557-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-557]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[558-version-negotiation]
+ssl_conf = 558-version-negotiation-ssl
+
+[558-version-negotiation-ssl]
+server = 558-version-negotiation-server
+client = 558-version-negotiation-client
+
+[558-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[558-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-558]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[559-version-negotiation]
+ssl_conf = 559-version-negotiation-ssl
+
+[559-version-negotiation-ssl]
+server = 559-version-negotiation-server
+client = 559-version-negotiation-client
+
+[559-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[559-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-559]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[560-version-negotiation]
+ssl_conf = 560-version-negotiation-ssl
+
+[560-version-negotiation-ssl]
+server = 560-version-negotiation-server
+client = 560-version-negotiation-client
+
+[560-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[560-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-560]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[561-version-negotiation]
+ssl_conf = 561-version-negotiation-ssl
+
+[561-version-negotiation-ssl]
+server = 561-version-negotiation-server
+client = 561-version-negotiation-client
+
+[561-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[561-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-561]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[562-version-negotiation]
+ssl_conf = 562-version-negotiation-ssl
+
+[562-version-negotiation-ssl]
+server = 562-version-negotiation-server
+client = 562-version-negotiation-client
+
+[562-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[562-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-562]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[563-version-negotiation]
+ssl_conf = 563-version-negotiation-ssl
+
+[563-version-negotiation-ssl]
+server = 563-version-negotiation-server
+client = 563-version-negotiation-client
+
+[563-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[563-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-563]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[564-version-negotiation]
+ssl_conf = 564-version-negotiation-ssl
+
+[564-version-negotiation-ssl]
+server = 564-version-negotiation-server
+client = 564-version-negotiation-client
+
+[564-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[564-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-564]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[565-version-negotiation]
+ssl_conf = 565-version-negotiation-ssl
+
+[565-version-negotiation-ssl]
+server = 565-version-negotiation-server
+client = 565-version-negotiation-client
+
+[565-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[565-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-565]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[566-version-negotiation]
+ssl_conf = 566-version-negotiation-ssl
+
+[566-version-negotiation-ssl]
+server = 566-version-negotiation-server
+client = 566-version-negotiation-client
+
+[566-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[566-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-566]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[567-version-negotiation]
+ssl_conf = 567-version-negotiation-ssl
+
+[567-version-negotiation-ssl]
+server = 567-version-negotiation-server
+client = 567-version-negotiation-client
+
+[567-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[567-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-567]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[568-version-negotiation]
+ssl_conf = 568-version-negotiation-ssl
+
+[568-version-negotiation-ssl]
+server = 568-version-negotiation-server
+client = 568-version-negotiation-client
+
+[568-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[568-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-568]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[569-version-negotiation]
+ssl_conf = 569-version-negotiation-ssl
+
+[569-version-negotiation-ssl]
+server = 569-version-negotiation-server
+client = 569-version-negotiation-client
+
+[569-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[569-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-569]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[570-version-negotiation]
+ssl_conf = 570-version-negotiation-ssl
+
+[570-version-negotiation-ssl]
+server = 570-version-negotiation-server
+client = 570-version-negotiation-client
+
+[570-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[570-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-570]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[571-version-negotiation]
+ssl_conf = 571-version-negotiation-ssl
+
+[571-version-negotiation-ssl]
+server = 571-version-negotiation-server
+client = 571-version-negotiation-client
+
+[571-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[571-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-571]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[572-version-negotiation]
+ssl_conf = 572-version-negotiation-ssl
+
+[572-version-negotiation-ssl]
+server = 572-version-negotiation-server
+client = 572-version-negotiation-client
+
+[572-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[572-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-572]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[573-version-negotiation]
+ssl_conf = 573-version-negotiation-ssl
+
+[573-version-negotiation-ssl]
+server = 573-version-negotiation-server
+client = 573-version-negotiation-client
+
+[573-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[573-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-573]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[574-version-negotiation]
+ssl_conf = 574-version-negotiation-ssl
+
+[574-version-negotiation-ssl]
+server = 574-version-negotiation-server
+client = 574-version-negotiation-client
+
+[574-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[574-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-574]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[575-version-negotiation]
+ssl_conf = 575-version-negotiation-ssl
+
+[575-version-negotiation-ssl]
+server = 575-version-negotiation-server
+client = 575-version-negotiation-client
+
+[575-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[575-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-575]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[576-version-negotiation]
+ssl_conf = 576-version-negotiation-ssl
+
+[576-version-negotiation-ssl]
+server = 576-version-negotiation-server
+client = 576-version-negotiation-client
+
+[576-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[576-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-576]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[577-version-negotiation]
+ssl_conf = 577-version-negotiation-ssl
+
+[577-version-negotiation-ssl]
+server = 577-version-negotiation-server
+client = 577-version-negotiation-client
+
+[577-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[577-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-577]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[578-version-negotiation]
+ssl_conf = 578-version-negotiation-ssl
+
+[578-version-negotiation-ssl]
+server = 578-version-negotiation-server
+client = 578-version-negotiation-client
+
+[578-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[578-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-578]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[579-version-negotiation]
+ssl_conf = 579-version-negotiation-ssl
+
+[579-version-negotiation-ssl]
+server = 579-version-negotiation-server
+client = 579-version-negotiation-client
+
+[579-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[579-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-579]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[580-version-negotiation]
+ssl_conf = 580-version-negotiation-ssl
+
+[580-version-negotiation-ssl]
+server = 580-version-negotiation-server
+client = 580-version-negotiation-client
+
+[580-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[580-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-580]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[581-version-negotiation]
+ssl_conf = 581-version-negotiation-ssl
+
+[581-version-negotiation-ssl]
+server = 581-version-negotiation-server
+client = 581-version-negotiation-client
+
+[581-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[581-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-581]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[582-version-negotiation]
+ssl_conf = 582-version-negotiation-ssl
+
+[582-version-negotiation-ssl]
+server = 582-version-negotiation-server
+client = 582-version-negotiation-client
+
+[582-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[582-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-582]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[583-version-negotiation]
+ssl_conf = 583-version-negotiation-ssl
+
+[583-version-negotiation-ssl]
+server = 583-version-negotiation-server
+client = 583-version-negotiation-client
+
+[583-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[583-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-583]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[584-version-negotiation]
+ssl_conf = 584-version-negotiation-ssl
+
+[584-version-negotiation-ssl]
+server = 584-version-negotiation-server
+client = 584-version-negotiation-client
+
+[584-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[584-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-584]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[585-version-negotiation]
+ssl_conf = 585-version-negotiation-ssl
+
+[585-version-negotiation-ssl]
+server = 585-version-negotiation-server
+client = 585-version-negotiation-client
+
+[585-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[585-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-585]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[586-version-negotiation]
+ssl_conf = 586-version-negotiation-ssl
+
+[586-version-negotiation-ssl]
+server = 586-version-negotiation-server
+client = 586-version-negotiation-client
+
+[586-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[586-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-586]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[587-version-negotiation]
+ssl_conf = 587-version-negotiation-ssl
+
+[587-version-negotiation-ssl]
+server = 587-version-negotiation-server
+client = 587-version-negotiation-client
+
+[587-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[587-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-587]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[588-version-negotiation]
+ssl_conf = 588-version-negotiation-ssl
+
+[588-version-negotiation-ssl]
+server = 588-version-negotiation-server
+client = 588-version-negotiation-client
+
+[588-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[588-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-588]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[589-version-negotiation]
+ssl_conf = 589-version-negotiation-ssl
+
+[589-version-negotiation-ssl]
+server = 589-version-negotiation-server
+client = 589-version-negotiation-client
+
+[589-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[589-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-589]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[590-version-negotiation]
+ssl_conf = 590-version-negotiation-ssl
+
+[590-version-negotiation-ssl]
+server = 590-version-negotiation-server
+client = 590-version-negotiation-client
+
+[590-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[590-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-590]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[591-version-negotiation]
+ssl_conf = 591-version-negotiation-ssl
+
+[591-version-negotiation-ssl]
+server = 591-version-negotiation-server
+client = 591-version-negotiation-client
+
+[591-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[591-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-591]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[592-version-negotiation]
+ssl_conf = 592-version-negotiation-ssl
+
+[592-version-negotiation-ssl]
+server = 592-version-negotiation-server
+client = 592-version-negotiation-client
+
+[592-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[592-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-592]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[593-version-negotiation]
+ssl_conf = 593-version-negotiation-ssl
+
+[593-version-negotiation-ssl]
+server = 593-version-negotiation-server
+client = 593-version-negotiation-client
+
+[593-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[593-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-593]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[594-version-negotiation]
+ssl_conf = 594-version-negotiation-ssl
+
+[594-version-negotiation-ssl]
+server = 594-version-negotiation-server
+client = 594-version-negotiation-client
+
+[594-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[594-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-594]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[595-version-negotiation]
+ssl_conf = 595-version-negotiation-ssl
+
+[595-version-negotiation-ssl]
+server = 595-version-negotiation-server
+client = 595-version-negotiation-client
+
+[595-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[595-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-595]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[596-version-negotiation]
+ssl_conf = 596-version-negotiation-ssl
+
+[596-version-negotiation-ssl]
+server = 596-version-negotiation-server
+client = 596-version-negotiation-client
+
+[596-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[596-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-596]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[597-version-negotiation]
+ssl_conf = 597-version-negotiation-ssl
+
+[597-version-negotiation-ssl]
+server = 597-version-negotiation-server
+client = 597-version-negotiation-client
+
+[597-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[597-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-597]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[598-version-negotiation]
+ssl_conf = 598-version-negotiation-ssl
+
+[598-version-negotiation-ssl]
+server = 598-version-negotiation-server
+client = 598-version-negotiation-client
+
+[598-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[598-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-598]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[599-version-negotiation]
+ssl_conf = 599-version-negotiation-ssl
+
+[599-version-negotiation-ssl]
+server = 599-version-negotiation-server
+client = 599-version-negotiation-client
+
+[599-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[599-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-599]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[600-version-negotiation]
+ssl_conf = 600-version-negotiation-ssl
+
+[600-version-negotiation-ssl]
+server = 600-version-negotiation-server
+client = 600-version-negotiation-client
+
+[600-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[600-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-600]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[601-version-negotiation]
+ssl_conf = 601-version-negotiation-ssl
+
+[601-version-negotiation-ssl]
+server = 601-version-negotiation-server
+client = 601-version-negotiation-client
+
+[601-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[601-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-601]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[602-version-negotiation]
+ssl_conf = 602-version-negotiation-ssl
+
+[602-version-negotiation-ssl]
+server = 602-version-negotiation-server
+client = 602-version-negotiation-client
+
+[602-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[602-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-602]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[603-version-negotiation]
+ssl_conf = 603-version-negotiation-ssl
+
+[603-version-negotiation-ssl]
+server = 603-version-negotiation-server
+client = 603-version-negotiation-client
+
+[603-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[603-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-603]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[604-version-negotiation]
+ssl_conf = 604-version-negotiation-ssl
+
+[604-version-negotiation-ssl]
+server = 604-version-negotiation-server
+client = 604-version-negotiation-client
+
+[604-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[604-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-604]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[605-version-negotiation]
+ssl_conf = 605-version-negotiation-ssl
+
+[605-version-negotiation-ssl]
+server = 605-version-negotiation-server
+client = 605-version-negotiation-client
+
+[605-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[605-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-605]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[606-version-negotiation]
+ssl_conf = 606-version-negotiation-ssl
+
+[606-version-negotiation-ssl]
+server = 606-version-negotiation-server
+client = 606-version-negotiation-client
+
+[606-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[606-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-606]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[607-version-negotiation]
+ssl_conf = 607-version-negotiation-ssl
+
+[607-version-negotiation-ssl]
+server = 607-version-negotiation-server
+client = 607-version-negotiation-client
+
+[607-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[607-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-607]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[608-version-negotiation]
+ssl_conf = 608-version-negotiation-ssl
+
+[608-version-negotiation-ssl]
+server = 608-version-negotiation-server
+client = 608-version-negotiation-client
+
+[608-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[608-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-608]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[609-version-negotiation]
+ssl_conf = 609-version-negotiation-ssl
+
+[609-version-negotiation-ssl]
+server = 609-version-negotiation-server
+client = 609-version-negotiation-client
+
+[609-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[609-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-609]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[610-version-negotiation]
+ssl_conf = 610-version-negotiation-ssl
+
+[610-version-negotiation-ssl]
+server = 610-version-negotiation-server
+client = 610-version-negotiation-client
+
+[610-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[610-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-610]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[611-version-negotiation]
+ssl_conf = 611-version-negotiation-ssl
+
+[611-version-negotiation-ssl]
+server = 611-version-negotiation-server
+client = 611-version-negotiation-client
+
+[611-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[611-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-611]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[612-version-negotiation]
+ssl_conf = 612-version-negotiation-ssl
+
+[612-version-negotiation-ssl]
+server = 612-version-negotiation-server
+client = 612-version-negotiation-client
+
+[612-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[612-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-612]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[613-version-negotiation]
+ssl_conf = 613-version-negotiation-ssl
+
+[613-version-negotiation-ssl]
+server = 613-version-negotiation-server
+client = 613-version-negotiation-client
+
+[613-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[613-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-613]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[614-version-negotiation]
+ssl_conf = 614-version-negotiation-ssl
+
+[614-version-negotiation-ssl]
+server = 614-version-negotiation-server
+client = 614-version-negotiation-client
+
+[614-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[614-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-614]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[615-version-negotiation]
+ssl_conf = 615-version-negotiation-ssl
+
+[615-version-negotiation-ssl]
+server = 615-version-negotiation-server
+client = 615-version-negotiation-client
+
+[615-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[615-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-615]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[616-version-negotiation]
+ssl_conf = 616-version-negotiation-ssl
+
+[616-version-negotiation-ssl]
+server = 616-version-negotiation-server
+client = 616-version-negotiation-client
+
+[616-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[616-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-616]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[617-version-negotiation]
+ssl_conf = 617-version-negotiation-ssl
+
+[617-version-negotiation-ssl]
+server = 617-version-negotiation-server
+client = 617-version-negotiation-client
+
+[617-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[617-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-617]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[618-version-negotiation]
+ssl_conf = 618-version-negotiation-ssl
+
+[618-version-negotiation-ssl]
+server = 618-version-negotiation-server
+client = 618-version-negotiation-client
+
+[618-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[618-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-618]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[619-version-negotiation]
+ssl_conf = 619-version-negotiation-ssl
+
+[619-version-negotiation-ssl]
+server = 619-version-negotiation-server
+client = 619-version-negotiation-client
+
+[619-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[619-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-619]
+ExpectedProtocol = TLSv1.2
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[620-version-negotiation]
+ssl_conf = 620-version-negotiation-ssl
+
+[620-version-negotiation-ssl]
+server = 620-version-negotiation-server
+client = 620-version-negotiation-client
+
+[620-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[620-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-620]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[621-version-negotiation]
+ssl_conf = 621-version-negotiation-ssl
+
+[621-version-negotiation-ssl]
+server = 621-version-negotiation-server
+client = 621-version-negotiation-client
+
+[621-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[621-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-621]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[622-version-negotiation]
+ssl_conf = 622-version-negotiation-ssl
+
+[622-version-negotiation-ssl]
+server = 622-version-negotiation-server
+client = 622-version-negotiation-client
+
+[622-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[622-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-622]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[623-version-negotiation]
+ssl_conf = 623-version-negotiation-ssl
+
+[623-version-negotiation-ssl]
+server = 623-version-negotiation-server
+client = 623-version-negotiation-client
+
+[623-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[623-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-623]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[624-version-negotiation]
+ssl_conf = 624-version-negotiation-ssl
+
+[624-version-negotiation-ssl]
+server = 624-version-negotiation-server
+client = 624-version-negotiation-client
+
+[624-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[624-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-624]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[625-version-negotiation]
+ssl_conf = 625-version-negotiation-ssl
+
+[625-version-negotiation-ssl]
+server = 625-version-negotiation-server
+client = 625-version-negotiation-client
+
+[625-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[625-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-625]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[626-version-negotiation]
+ssl_conf = 626-version-negotiation-ssl
+
+[626-version-negotiation-ssl]
+server = 626-version-negotiation-server
+client = 626-version-negotiation-client
+
+[626-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[626-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-626]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[627-version-negotiation]
+ssl_conf = 627-version-negotiation-ssl
+
+[627-version-negotiation-ssl]
+server = 627-version-negotiation-server
+client = 627-version-negotiation-client
+
+[627-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[627-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-627]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[628-version-negotiation]
+ssl_conf = 628-version-negotiation-ssl
+
+[628-version-negotiation-ssl]
+server = 628-version-negotiation-server
+client = 628-version-negotiation-client
+
+[628-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[628-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-628]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[629-version-negotiation]
+ssl_conf = 629-version-negotiation-ssl
+
+[629-version-negotiation-ssl]
+server = 629-version-negotiation-server
+client = 629-version-negotiation-client
+
+[629-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[629-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-629]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[630-version-negotiation]
+ssl_conf = 630-version-negotiation-ssl
+
+[630-version-negotiation-ssl]
+server = 630-version-negotiation-server
+client = 630-version-negotiation-client
+
+[630-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[630-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-630]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[631-version-negotiation]
+ssl_conf = 631-version-negotiation-ssl
+
+[631-version-negotiation-ssl]
+server = 631-version-negotiation-server
+client = 631-version-negotiation-client
+
+[631-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[631-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-631]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[632-version-negotiation]
+ssl_conf = 632-version-negotiation-ssl
+
+[632-version-negotiation-ssl]
+server = 632-version-negotiation-server
+client = 632-version-negotiation-client
+
+[632-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[632-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-632]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[633-version-negotiation]
+ssl_conf = 633-version-negotiation-ssl
+
+[633-version-negotiation-ssl]
+server = 633-version-negotiation-server
+client = 633-version-negotiation-client
+
+[633-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[633-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-633]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[634-version-negotiation]
+ssl_conf = 634-version-negotiation-ssl
+
+[634-version-negotiation-ssl]
+server = 634-version-negotiation-server
+client = 634-version-negotiation-client
+
+[634-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[634-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-634]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[635-version-negotiation]
+ssl_conf = 635-version-negotiation-ssl
+
+[635-version-negotiation-ssl]
+server = 635-version-negotiation-server
+client = 635-version-negotiation-client
+
+[635-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[635-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-635]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[636-version-negotiation]
+ssl_conf = 636-version-negotiation-ssl
+
+[636-version-negotiation-ssl]
+server = 636-version-negotiation-server
+client = 636-version-negotiation-client
+
+[636-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[636-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-636]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[637-version-negotiation]
+ssl_conf = 637-version-negotiation-ssl
+
+[637-version-negotiation-ssl]
+server = 637-version-negotiation-server
+client = 637-version-negotiation-client
+
+[637-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[637-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-637]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[638-version-negotiation]
+ssl_conf = 638-version-negotiation-ssl
+
+[638-version-negotiation-ssl]
+server = 638-version-negotiation-server
+client = 638-version-negotiation-client
+
+[638-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[638-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-638]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[639-version-negotiation]
+ssl_conf = 639-version-negotiation-ssl
+
+[639-version-negotiation-ssl]
+server = 639-version-negotiation-server
+client = 639-version-negotiation-client
+
+[639-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[639-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-639]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[640-version-negotiation]
+ssl_conf = 640-version-negotiation-ssl
+
+[640-version-negotiation-ssl]
+server = 640-version-negotiation-server
+client = 640-version-negotiation-client
+
+[640-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[640-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-640]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[641-version-negotiation]
+ssl_conf = 641-version-negotiation-ssl
+
+[641-version-negotiation-ssl]
+server = 641-version-negotiation-server
+client = 641-version-negotiation-client
+
+[641-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[641-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-641]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[642-version-negotiation]
+ssl_conf = 642-version-negotiation-ssl
+
+[642-version-negotiation-ssl]
+server = 642-version-negotiation-server
+client = 642-version-negotiation-client
+
+[642-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[642-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-642]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[643-version-negotiation]
+ssl_conf = 643-version-negotiation-ssl
+
+[643-version-negotiation-ssl]
+server = 643-version-negotiation-server
+client = 643-version-negotiation-client
+
+[643-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[643-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-643]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[644-version-negotiation]
+ssl_conf = 644-version-negotiation-ssl
+
+[644-version-negotiation-ssl]
+server = 644-version-negotiation-server
+client = 644-version-negotiation-client
+
+[644-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[644-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-644]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[645-version-negotiation]
+ssl_conf = 645-version-negotiation-ssl
+
+[645-version-negotiation-ssl]
+server = 645-version-negotiation-server
+client = 645-version-negotiation-client
+
+[645-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[645-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-645]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[646-version-negotiation]
+ssl_conf = 646-version-negotiation-ssl
+
+[646-version-negotiation-ssl]
+server = 646-version-negotiation-server
+client = 646-version-negotiation-client
+
+[646-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[646-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-646]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[647-version-negotiation]
+ssl_conf = 647-version-negotiation-ssl
+
+[647-version-negotiation-ssl]
+server = 647-version-negotiation-server
+client = 647-version-negotiation-client
+
+[647-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[647-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-647]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[648-version-negotiation]
+ssl_conf = 648-version-negotiation-ssl
+
+[648-version-negotiation-ssl]
+server = 648-version-negotiation-server
+client = 648-version-negotiation-client
+
+[648-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[648-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-648]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[649-version-negotiation]
+ssl_conf = 649-version-negotiation-ssl
+
+[649-version-negotiation-ssl]
+server = 649-version-negotiation-server
+client = 649-version-negotiation-client
+
+[649-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[649-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-649]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[650-version-negotiation]
+ssl_conf = 650-version-negotiation-ssl
+
+[650-version-negotiation-ssl]
+server = 650-version-negotiation-server
+client = 650-version-negotiation-client
+
+[650-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[650-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-650]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[651-version-negotiation]
+ssl_conf = 651-version-negotiation-ssl
+
+[651-version-negotiation-ssl]
+server = 651-version-negotiation-server
+client = 651-version-negotiation-client
+
+[651-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[651-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-651]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[652-version-negotiation]
+ssl_conf = 652-version-negotiation-ssl
+
+[652-version-negotiation-ssl]
+server = 652-version-negotiation-server
+client = 652-version-negotiation-client
+
+[652-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[652-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-652]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[653-version-negotiation]
+ssl_conf = 653-version-negotiation-ssl
+
+[653-version-negotiation-ssl]
+server = 653-version-negotiation-server
+client = 653-version-negotiation-client
+
+[653-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[653-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-653]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[654-version-negotiation]
+ssl_conf = 654-version-negotiation-ssl
+
+[654-version-negotiation-ssl]
+server = 654-version-negotiation-server
+client = 654-version-negotiation-client
+
+[654-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[654-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-654]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[655-version-negotiation]
+ssl_conf = 655-version-negotiation-ssl
+
+[655-version-negotiation-ssl]
+server = 655-version-negotiation-server
+client = 655-version-negotiation-client
+
+[655-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[655-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-655]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[656-version-negotiation]
+ssl_conf = 656-version-negotiation-ssl
+
+[656-version-negotiation-ssl]
+server = 656-version-negotiation-server
+client = 656-version-negotiation-client
+
+[656-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = SSLv3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[656-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-656]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[657-version-negotiation]
+ssl_conf = 657-version-negotiation-ssl
+
+[657-version-negotiation-ssl]
+server = 657-version-negotiation-server
+client = 657-version-negotiation-client
+
+[657-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[657-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-657]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[658-version-negotiation]
+ssl_conf = 658-version-negotiation-ssl
+
+[658-version-negotiation-ssl]
+server = 658-version-negotiation-server
+client = 658-version-negotiation-client
+
+[658-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[658-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-658]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[659-version-negotiation]
+ssl_conf = 659-version-negotiation-ssl
+
+[659-version-negotiation-ssl]
+server = 659-version-negotiation-server
+client = 659-version-negotiation-client
+
+[659-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[659-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-659]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[660-version-negotiation]
+ssl_conf = 660-version-negotiation-ssl
+
+[660-version-negotiation-ssl]
+server = 660-version-negotiation-server
+client = 660-version-negotiation-client
+
+[660-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[660-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-660]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[661-version-negotiation]
+ssl_conf = 661-version-negotiation-ssl
+
+[661-version-negotiation-ssl]
+server = 661-version-negotiation-server
+client = 661-version-negotiation-client
+
+[661-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = SSLv3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[661-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-661]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[662-version-negotiation]
+ssl_conf = 662-version-negotiation-ssl
+
+[662-version-negotiation-ssl]
+server = 662-version-negotiation-server
+client = 662-version-negotiation-client
+
+[662-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[662-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-662]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[663-version-negotiation]
+ssl_conf = 663-version-negotiation-ssl
+
+[663-version-negotiation-ssl]
+server = 663-version-negotiation-server
+client = 663-version-negotiation-client
+
+[663-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[663-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-663]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[664-version-negotiation]
+ssl_conf = 664-version-negotiation-ssl
+
+[664-version-negotiation-ssl]
+server = 664-version-negotiation-server
+client = 664-version-negotiation-client
+
+[664-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[664-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-664]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[665-version-negotiation]
+ssl_conf = 665-version-negotiation-ssl
+
+[665-version-negotiation-ssl]
+server = 665-version-negotiation-server
+client = 665-version-negotiation-client
+
+[665-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[665-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-665]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[666-version-negotiation]
+ssl_conf = 666-version-negotiation-ssl
+
+[666-version-negotiation-ssl]
+server = 666-version-negotiation-server
+client = 666-version-negotiation-client
+
+[666-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[666-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-666]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[667-version-negotiation]
+ssl_conf = 667-version-negotiation-ssl
+
+[667-version-negotiation-ssl]
+server = 667-version-negotiation-server
+client = 667-version-negotiation-client
+
+[667-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[667-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-667]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[668-version-negotiation]
+ssl_conf = 668-version-negotiation-ssl
+
+[668-version-negotiation-ssl]
+server = 668-version-negotiation-server
+client = 668-version-negotiation-client
+
+[668-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[668-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-668]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[669-version-negotiation]
+ssl_conf = 669-version-negotiation-ssl
+
+[669-version-negotiation-ssl]
+server = 669-version-negotiation-server
+client = 669-version-negotiation-client
+
+[669-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[669-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-669]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[670-version-negotiation]
+ssl_conf = 670-version-negotiation-ssl
+
+[670-version-negotiation-ssl]
+server = 670-version-negotiation-server
+client = 670-version-negotiation-client
+
+[670-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[670-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-670]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[671-version-negotiation]
+ssl_conf = 671-version-negotiation-ssl
+
+[671-version-negotiation-ssl]
+server = 671-version-negotiation-server
+client = 671-version-negotiation-client
+
+[671-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[671-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-671]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[672-version-negotiation]
+ssl_conf = 672-version-negotiation-ssl
+
+[672-version-negotiation-ssl]
+server = 672-version-negotiation-server
+client = 672-version-negotiation-client
+
+[672-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[672-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-672]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[673-version-negotiation]
+ssl_conf = 673-version-negotiation-ssl
+
+[673-version-negotiation-ssl]
+server = 673-version-negotiation-server
+client = 673-version-negotiation-client
+
+[673-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[673-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-673]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[674-version-negotiation]
+ssl_conf = 674-version-negotiation-ssl
+
+[674-version-negotiation-ssl]
+server = 674-version-negotiation-server
+client = 674-version-negotiation-client
+
+[674-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[674-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-674]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[675-version-negotiation]
+ssl_conf = 675-version-negotiation-ssl
+
+[675-version-negotiation-ssl]
+server = 675-version-negotiation-server
+client = 675-version-negotiation-client
+
+[675-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[675-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-675]
+ExpectedProtocol = TLSv1.3
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[676-ciphersuite-sanity-check-client]
+ssl_conf = 676-ciphersuite-sanity-check-client-ssl
+
+[676-ciphersuite-sanity-check-client-ssl]
+server = 676-ciphersuite-sanity-check-client-server
+client = 676-ciphersuite-sanity-check-client-client
+
+[676-ciphersuite-sanity-check-client-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[676-ciphersuite-sanity-check-client-client]
+CipherString = AES128-SHA
+Ciphersuites = 
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-676]
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[677-ciphersuite-sanity-check-server]
+ssl_conf = 677-ciphersuite-sanity-check-server-ssl
+
+[677-ciphersuite-sanity-check-server-ssl]
+server = 677-ciphersuite-sanity-check-server-server
+client = 677-ciphersuite-sanity-check-server-client
+
+[677-ciphersuite-sanity-check-server-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = AES128-SHA
+Ciphersuites = 
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[677-ciphersuite-sanity-check-server-client]
+CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-677]
+ExpectedResult = ServerFail
+
+
diff --git a/test/ssl-tests/02-protocol-version.cnf.in b/test/ssl-tests/02-protocol-version.cnf.in

new file mode 100644 (file)

index 0000000..a6799df
--- /dev/null
+++ b/test/ssl-tests/02-protocol-version.cnf.in
@@ -0,0 +1,19 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test TLS version negotiation
+
+package ssltests;
+
+use strict;
+use warnings;
+
+use protocol_version;
+
+our @tests = generate_version_tests("TLS");
diff --git a/test/ssl-tests/02-protocol-version.conf b/test/ssl-tests/02-protocol-version.conf

deleted file mode 100644 (file)

index 4b7d7df..0000000
--- a/test/ssl-tests/02-protocol-version.conf
+++ /dev/null
@@ -1,18822 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 678
-
-test-0 = 0-version-negotiation
-test-1 = 1-version-negotiation
-test-2 = 2-version-negotiation
-test-3 = 3-version-negotiation
-test-4 = 4-version-negotiation
-test-5 = 5-version-negotiation
-test-6 = 6-version-negotiation
-test-7 = 7-version-negotiation
-test-8 = 8-version-negotiation
-test-9 = 9-version-negotiation
-test-10 = 10-version-negotiation
-test-11 = 11-version-negotiation
-test-12 = 12-version-negotiation
-test-13 = 13-version-negotiation
-test-14 = 14-version-negotiation
-test-15 = 15-version-negotiation
-test-16 = 16-version-negotiation
-test-17 = 17-version-negotiation
-test-18 = 18-version-negotiation
-test-19 = 19-version-negotiation
-test-20 = 20-version-negotiation
-test-21 = 21-version-negotiation
-test-22 = 22-version-negotiation
-test-23 = 23-version-negotiation
-test-24 = 24-version-negotiation
-test-25 = 25-version-negotiation
-test-26 = 26-version-negotiation
-test-27 = 27-version-negotiation
-test-28 = 28-version-negotiation
-test-29 = 29-version-negotiation
-test-30 = 30-version-negotiation
-test-31 = 31-version-negotiation
-test-32 = 32-version-negotiation
-test-33 = 33-version-negotiation
-test-34 = 34-version-negotiation
-test-35 = 35-version-negotiation
-test-36 = 36-version-negotiation
-test-37 = 37-version-negotiation
-test-38 = 38-version-negotiation
-test-39 = 39-version-negotiation
-test-40 = 40-version-negotiation
-test-41 = 41-version-negotiation
-test-42 = 42-version-negotiation
-test-43 = 43-version-negotiation
-test-44 = 44-version-negotiation
-test-45 = 45-version-negotiation
-test-46 = 46-version-negotiation
-test-47 = 47-version-negotiation
-test-48 = 48-version-negotiation
-test-49 = 49-version-negotiation
-test-50 = 50-version-negotiation
-test-51 = 51-version-negotiation
-test-52 = 52-version-negotiation
-test-53 = 53-version-negotiation
-test-54 = 54-version-negotiation
-test-55 = 55-version-negotiation
-test-56 = 56-version-negotiation
-test-57 = 57-version-negotiation
-test-58 = 58-version-negotiation
-test-59 = 59-version-negotiation
-test-60 = 60-version-negotiation
-test-61 = 61-version-negotiation
-test-62 = 62-version-negotiation
-test-63 = 63-version-negotiation
-test-64 = 64-version-negotiation
-test-65 = 65-version-negotiation
-test-66 = 66-version-negotiation
-test-67 = 67-version-negotiation
-test-68 = 68-version-negotiation
-test-69 = 69-version-negotiation
-test-70 = 70-version-negotiation
-test-71 = 71-version-negotiation
-test-72 = 72-version-negotiation
-test-73 = 73-version-negotiation
-test-74 = 74-version-negotiation
-test-75 = 75-version-negotiation
-test-76 = 76-version-negotiation
-test-77 = 77-version-negotiation
-test-78 = 78-version-negotiation
-test-79 = 79-version-negotiation
-test-80 = 80-version-negotiation
-test-81 = 81-version-negotiation
-test-82 = 82-version-negotiation
-test-83 = 83-version-negotiation
-test-84 = 84-version-negotiation
-test-85 = 85-version-negotiation
-test-86 = 86-version-negotiation
-test-87 = 87-version-negotiation
-test-88 = 88-version-negotiation
-test-89 = 89-version-negotiation
-test-90 = 90-version-negotiation
-test-91 = 91-version-negotiation
-test-92 = 92-version-negotiation
-test-93 = 93-version-negotiation
-test-94 = 94-version-negotiation
-test-95 = 95-version-negotiation
-test-96 = 96-version-negotiation
-test-97 = 97-version-negotiation
-test-98 = 98-version-negotiation
-test-99 = 99-version-negotiation
-test-100 = 100-version-negotiation
-test-101 = 101-version-negotiation
-test-102 = 102-version-negotiation
-test-103 = 103-version-negotiation
-test-104 = 104-version-negotiation
-test-105 = 105-version-negotiation
-test-106 = 106-version-negotiation
-test-107 = 107-version-negotiation
-test-108 = 108-version-negotiation
-test-109 = 109-version-negotiation
-test-110 = 110-version-negotiation
-test-111 = 111-version-negotiation
-test-112 = 112-version-negotiation
-test-113 = 113-version-negotiation
-test-114 = 114-version-negotiation
-test-115 = 115-version-negotiation
-test-116 = 116-version-negotiation
-test-117 = 117-version-negotiation
-test-118 = 118-version-negotiation
-test-119 = 119-version-negotiation
-test-120 = 120-version-negotiation
-test-121 = 121-version-negotiation
-test-122 = 122-version-negotiation
-test-123 = 123-version-negotiation
-test-124 = 124-version-negotiation
-test-125 = 125-version-negotiation
-test-126 = 126-version-negotiation
-test-127 = 127-version-negotiation
-test-128 = 128-version-negotiation
-test-129 = 129-version-negotiation
-test-130 = 130-version-negotiation
-test-131 = 131-version-negotiation
-test-132 = 132-version-negotiation
-test-133 = 133-version-negotiation
-test-134 = 134-version-negotiation
-test-135 = 135-version-negotiation
-test-136 = 136-version-negotiation
-test-137 = 137-version-negotiation
-test-138 = 138-version-negotiation
-test-139 = 139-version-negotiation
-test-140 = 140-version-negotiation
-test-141 = 141-version-negotiation
-test-142 = 142-version-negotiation
-test-143 = 143-version-negotiation
-test-144 = 144-version-negotiation
-test-145 = 145-version-negotiation
-test-146 = 146-version-negotiation
-test-147 = 147-version-negotiation
-test-148 = 148-version-negotiation
-test-149 = 149-version-negotiation
-test-150 = 150-version-negotiation
-test-151 = 151-version-negotiation
-test-152 = 152-version-negotiation
-test-153 = 153-version-negotiation
-test-154 = 154-version-negotiation
-test-155 = 155-version-negotiation
-test-156 = 156-version-negotiation
-test-157 = 157-version-negotiation
-test-158 = 158-version-negotiation
-test-159 = 159-version-negotiation
-test-160 = 160-version-negotiation
-test-161 = 161-version-negotiation
-test-162 = 162-version-negotiation
-test-163 = 163-version-negotiation
-test-164 = 164-version-negotiation
-test-165 = 165-version-negotiation
-test-166 = 166-version-negotiation
-test-167 = 167-version-negotiation
-test-168 = 168-version-negotiation
-test-169 = 169-version-negotiation
-test-170 = 170-version-negotiation
-test-171 = 171-version-negotiation
-test-172 = 172-version-negotiation
-test-173 = 173-version-negotiation
-test-174 = 174-version-negotiation
-test-175 = 175-version-negotiation
-test-176 = 176-version-negotiation
-test-177 = 177-version-negotiation
-test-178 = 178-version-negotiation
-test-179 = 179-version-negotiation
-test-180 = 180-version-negotiation
-test-181 = 181-version-negotiation
-test-182 = 182-version-negotiation
-test-183 = 183-version-negotiation
-test-184 = 184-version-negotiation
-test-185 = 185-version-negotiation
-test-186 = 186-version-negotiation
-test-187 = 187-version-negotiation
-test-188 = 188-version-negotiation
-test-189 = 189-version-negotiation
-test-190 = 190-version-negotiation
-test-191 = 191-version-negotiation
-test-192 = 192-version-negotiation
-test-193 = 193-version-negotiation
-test-194 = 194-version-negotiation
-test-195 = 195-version-negotiation
-test-196 = 196-version-negotiation
-test-197 = 197-version-negotiation
-test-198 = 198-version-negotiation
-test-199 = 199-version-negotiation
-test-200 = 200-version-negotiation
-test-201 = 201-version-negotiation
-test-202 = 202-version-negotiation
-test-203 = 203-version-negotiation
-test-204 = 204-version-negotiation
-test-205 = 205-version-negotiation
-test-206 = 206-version-negotiation
-test-207 = 207-version-negotiation
-test-208 = 208-version-negotiation
-test-209 = 209-version-negotiation
-test-210 = 210-version-negotiation
-test-211 = 211-version-negotiation
-test-212 = 212-version-negotiation
-test-213 = 213-version-negotiation
-test-214 = 214-version-negotiation
-test-215 = 215-version-negotiation
-test-216 = 216-version-negotiation
-test-217 = 217-version-negotiation
-test-218 = 218-version-negotiation
-test-219 = 219-version-negotiation
-test-220 = 220-version-negotiation
-test-221 = 221-version-negotiation
-test-222 = 222-version-negotiation
-test-223 = 223-version-negotiation
-test-224 = 224-version-negotiation
-test-225 = 225-version-negotiation
-test-226 = 226-version-negotiation
-test-227 = 227-version-negotiation
-test-228 = 228-version-negotiation
-test-229 = 229-version-negotiation
-test-230 = 230-version-negotiation
-test-231 = 231-version-negotiation
-test-232 = 232-version-negotiation
-test-233 = 233-version-negotiation
-test-234 = 234-version-negotiation
-test-235 = 235-version-negotiation
-test-236 = 236-version-negotiation
-test-237 = 237-version-negotiation
-test-238 = 238-version-negotiation
-test-239 = 239-version-negotiation
-test-240 = 240-version-negotiation
-test-241 = 241-version-negotiation
-test-242 = 242-version-negotiation
-test-243 = 243-version-negotiation
-test-244 = 244-version-negotiation
-test-245 = 245-version-negotiation
-test-246 = 246-version-negotiation
-test-247 = 247-version-negotiation
-test-248 = 248-version-negotiation
-test-249 = 249-version-negotiation
-test-250 = 250-version-negotiation
-test-251 = 251-version-negotiation
-test-252 = 252-version-negotiation
-test-253 = 253-version-negotiation
-test-254 = 254-version-negotiation
-test-255 = 255-version-negotiation
-test-256 = 256-version-negotiation
-test-257 = 257-version-negotiation
-test-258 = 258-version-negotiation
-test-259 = 259-version-negotiation
-test-260 = 260-version-negotiation
-test-261 = 261-version-negotiation
-test-262 = 262-version-negotiation
-test-263 = 263-version-negotiation
-test-264 = 264-version-negotiation
-test-265 = 265-version-negotiation
-test-266 = 266-version-negotiation
-test-267 = 267-version-negotiation
-test-268 = 268-version-negotiation
-test-269 = 269-version-negotiation
-test-270 = 270-version-negotiation
-test-271 = 271-version-negotiation
-test-272 = 272-version-negotiation
-test-273 = 273-version-negotiation
-test-274 = 274-version-negotiation
-test-275 = 275-version-negotiation
-test-276 = 276-version-negotiation
-test-277 = 277-version-negotiation
-test-278 = 278-version-negotiation
-test-279 = 279-version-negotiation
-test-280 = 280-version-negotiation
-test-281 = 281-version-negotiation
-test-282 = 282-version-negotiation
-test-283 = 283-version-negotiation
-test-284 = 284-version-negotiation
-test-285 = 285-version-negotiation
-test-286 = 286-version-negotiation
-test-287 = 287-version-negotiation
-test-288 = 288-version-negotiation
-test-289 = 289-version-negotiation
-test-290 = 290-version-negotiation
-test-291 = 291-version-negotiation
-test-292 = 292-version-negotiation
-test-293 = 293-version-negotiation
-test-294 = 294-version-negotiation
-test-295 = 295-version-negotiation
-test-296 = 296-version-negotiation
-test-297 = 297-version-negotiation
-test-298 = 298-version-negotiation
-test-299 = 299-version-negotiation
-test-300 = 300-version-negotiation
-test-301 = 301-version-negotiation
-test-302 = 302-version-negotiation
-test-303 = 303-version-negotiation
-test-304 = 304-version-negotiation
-test-305 = 305-version-negotiation
-test-306 = 306-version-negotiation
-test-307 = 307-version-negotiation
-test-308 = 308-version-negotiation
-test-309 = 309-version-negotiation
-test-310 = 310-version-negotiation
-test-311 = 311-version-negotiation
-test-312 = 312-version-negotiation
-test-313 = 313-version-negotiation
-test-314 = 314-version-negotiation
-test-315 = 315-version-negotiation
-test-316 = 316-version-negotiation
-test-317 = 317-version-negotiation
-test-318 = 318-version-negotiation
-test-319 = 319-version-negotiation
-test-320 = 320-version-negotiation
-test-321 = 321-version-negotiation
-test-322 = 322-version-negotiation
-test-323 = 323-version-negotiation
-test-324 = 324-version-negotiation
-test-325 = 325-version-negotiation
-test-326 = 326-version-negotiation
-test-327 = 327-version-negotiation
-test-328 = 328-version-negotiation
-test-329 = 329-version-negotiation
-test-330 = 330-version-negotiation
-test-331 = 331-version-negotiation
-test-332 = 332-version-negotiation
-test-333 = 333-version-negotiation
-test-334 = 334-version-negotiation
-test-335 = 335-version-negotiation
-test-336 = 336-version-negotiation
-test-337 = 337-version-negotiation
-test-338 = 338-version-negotiation
-test-339 = 339-version-negotiation
-test-340 = 340-version-negotiation
-test-341 = 341-version-negotiation
-test-342 = 342-version-negotiation
-test-343 = 343-version-negotiation
-test-344 = 344-version-negotiation
-test-345 = 345-version-negotiation
-test-346 = 346-version-negotiation
-test-347 = 347-version-negotiation
-test-348 = 348-version-negotiation
-test-349 = 349-version-negotiation
-test-350 = 350-version-negotiation
-test-351 = 351-version-negotiation
-test-352 = 352-version-negotiation
-test-353 = 353-version-negotiation
-test-354 = 354-version-negotiation
-test-355 = 355-version-negotiation
-test-356 = 356-version-negotiation
-test-357 = 357-version-negotiation
-test-358 = 358-version-negotiation
-test-359 = 359-version-negotiation
-test-360 = 360-version-negotiation
-test-361 = 361-version-negotiation
-test-362 = 362-version-negotiation
-test-363 = 363-version-negotiation
-test-364 = 364-version-negotiation
-test-365 = 365-version-negotiation
-test-366 = 366-version-negotiation
-test-367 = 367-version-negotiation
-test-368 = 368-version-negotiation
-test-369 = 369-version-negotiation
-test-370 = 370-version-negotiation
-test-371 = 371-version-negotiation
-test-372 = 372-version-negotiation
-test-373 = 373-version-negotiation
-test-374 = 374-version-negotiation
-test-375 = 375-version-negotiation
-test-376 = 376-version-negotiation
-test-377 = 377-version-negotiation
-test-378 = 378-version-negotiation
-test-379 = 379-version-negotiation
-test-380 = 380-version-negotiation
-test-381 = 381-version-negotiation
-test-382 = 382-version-negotiation
-test-383 = 383-version-negotiation
-test-384 = 384-version-negotiation
-test-385 = 385-version-negotiation
-test-386 = 386-version-negotiation
-test-387 = 387-version-negotiation
-test-388 = 388-version-negotiation
-test-389 = 389-version-negotiation
-test-390 = 390-version-negotiation
-test-391 = 391-version-negotiation
-test-392 = 392-version-negotiation
-test-393 = 393-version-negotiation
-test-394 = 394-version-negotiation
-test-395 = 395-version-negotiation
-test-396 = 396-version-negotiation
-test-397 = 397-version-negotiation
-test-398 = 398-version-negotiation
-test-399 = 399-version-negotiation
-test-400 = 400-version-negotiation
-test-401 = 401-version-negotiation
-test-402 = 402-version-negotiation
-test-403 = 403-version-negotiation
-test-404 = 404-version-negotiation
-test-405 = 405-version-negotiation
-test-406 = 406-version-negotiation
-test-407 = 407-version-negotiation
-test-408 = 408-version-negotiation
-test-409 = 409-version-negotiation
-test-410 = 410-version-negotiation
-test-411 = 411-version-negotiation
-test-412 = 412-version-negotiation
-test-413 = 413-version-negotiation
-test-414 = 414-version-negotiation
-test-415 = 415-version-negotiation
-test-416 = 416-version-negotiation
-test-417 = 417-version-negotiation
-test-418 = 418-version-negotiation
-test-419 = 419-version-negotiation
-test-420 = 420-version-negotiation
-test-421 = 421-version-negotiation
-test-422 = 422-version-negotiation
-test-423 = 423-version-negotiation
-test-424 = 424-version-negotiation
-test-425 = 425-version-negotiation
-test-426 = 426-version-negotiation
-test-427 = 427-version-negotiation
-test-428 = 428-version-negotiation
-test-429 = 429-version-negotiation
-test-430 = 430-version-negotiation
-test-431 = 431-version-negotiation
-test-432 = 432-version-negotiation
-test-433 = 433-version-negotiation
-test-434 = 434-version-negotiation
-test-435 = 435-version-negotiation
-test-436 = 436-version-negotiation
-test-437 = 437-version-negotiation
-test-438 = 438-version-negotiation
-test-439 = 439-version-negotiation
-test-440 = 440-version-negotiation
-test-441 = 441-version-negotiation
-test-442 = 442-version-negotiation
-test-443 = 443-version-negotiation
-test-444 = 444-version-negotiation
-test-445 = 445-version-negotiation
-test-446 = 446-version-negotiation
-test-447 = 447-version-negotiation
-test-448 = 448-version-negotiation
-test-449 = 449-version-negotiation
-test-450 = 450-version-negotiation
-test-451 = 451-version-negotiation
-test-452 = 452-version-negotiation
-test-453 = 453-version-negotiation
-test-454 = 454-version-negotiation
-test-455 = 455-version-negotiation
-test-456 = 456-version-negotiation
-test-457 = 457-version-negotiation
-test-458 = 458-version-negotiation
-test-459 = 459-version-negotiation
-test-460 = 460-version-negotiation
-test-461 = 461-version-negotiation
-test-462 = 462-version-negotiation
-test-463 = 463-version-negotiation
-test-464 = 464-version-negotiation
-test-465 = 465-version-negotiation
-test-466 = 466-version-negotiation
-test-467 = 467-version-negotiation
-test-468 = 468-version-negotiation
-test-469 = 469-version-negotiation
-test-470 = 470-version-negotiation
-test-471 = 471-version-negotiation
-test-472 = 472-version-negotiation
-test-473 = 473-version-negotiation
-test-474 = 474-version-negotiation
-test-475 = 475-version-negotiation
-test-476 = 476-version-negotiation
-test-477 = 477-version-negotiation
-test-478 = 478-version-negotiation
-test-479 = 479-version-negotiation
-test-480 = 480-version-negotiation
-test-481 = 481-version-negotiation
-test-482 = 482-version-negotiation
-test-483 = 483-version-negotiation
-test-484 = 484-version-negotiation
-test-485 = 485-version-negotiation
-test-486 = 486-version-negotiation
-test-487 = 487-version-negotiation
-test-488 = 488-version-negotiation
-test-489 = 489-version-negotiation
-test-490 = 490-version-negotiation
-test-491 = 491-version-negotiation
-test-492 = 492-version-negotiation
-test-493 = 493-version-negotiation
-test-494 = 494-version-negotiation
-test-495 = 495-version-negotiation
-test-496 = 496-version-negotiation
-test-497 = 497-version-negotiation
-test-498 = 498-version-negotiation
-test-499 = 499-version-negotiation
-test-500 = 500-version-negotiation
-test-501 = 501-version-negotiation
-test-502 = 502-version-negotiation
-test-503 = 503-version-negotiation
-test-504 = 504-version-negotiation
-test-505 = 505-version-negotiation
-test-506 = 506-version-negotiation
-test-507 = 507-version-negotiation
-test-508 = 508-version-negotiation
-test-509 = 509-version-negotiation
-test-510 = 510-version-negotiation
-test-511 = 511-version-negotiation
-test-512 = 512-version-negotiation
-test-513 = 513-version-negotiation
-test-514 = 514-version-negotiation
-test-515 = 515-version-negotiation
-test-516 = 516-version-negotiation
-test-517 = 517-version-negotiation
-test-518 = 518-version-negotiation
-test-519 = 519-version-negotiation
-test-520 = 520-version-negotiation
-test-521 = 521-version-negotiation
-test-522 = 522-version-negotiation
-test-523 = 523-version-negotiation
-test-524 = 524-version-negotiation
-test-525 = 525-version-negotiation
-test-526 = 526-version-negotiation
-test-527 = 527-version-negotiation
-test-528 = 528-version-negotiation
-test-529 = 529-version-negotiation
-test-530 = 530-version-negotiation
-test-531 = 531-version-negotiation
-test-532 = 532-version-negotiation
-test-533 = 533-version-negotiation
-test-534 = 534-version-negotiation
-test-535 = 535-version-negotiation
-test-536 = 536-version-negotiation
-test-537 = 537-version-negotiation
-test-538 = 538-version-negotiation
-test-539 = 539-version-negotiation
-test-540 = 540-version-negotiation
-test-541 = 541-version-negotiation
-test-542 = 542-version-negotiation
-test-543 = 543-version-negotiation
-test-544 = 544-version-negotiation
-test-545 = 545-version-negotiation
-test-546 = 546-version-negotiation
-test-547 = 547-version-negotiation
-test-548 = 548-version-negotiation
-test-549 = 549-version-negotiation
-test-550 = 550-version-negotiation
-test-551 = 551-version-negotiation
-test-552 = 552-version-negotiation
-test-553 = 553-version-negotiation
-test-554 = 554-version-negotiation
-test-555 = 555-version-negotiation
-test-556 = 556-version-negotiation
-test-557 = 557-version-negotiation
-test-558 = 558-version-negotiation
-test-559 = 559-version-negotiation
-test-560 = 560-version-negotiation
-test-561 = 561-version-negotiation
-test-562 = 562-version-negotiation
-test-563 = 563-version-negotiation
-test-564 = 564-version-negotiation
-test-565 = 565-version-negotiation
-test-566 = 566-version-negotiation
-test-567 = 567-version-negotiation
-test-568 = 568-version-negotiation
-test-569 = 569-version-negotiation
-test-570 = 570-version-negotiation
-test-571 = 571-version-negotiation
-test-572 = 572-version-negotiation
-test-573 = 573-version-negotiation
-test-574 = 574-version-negotiation
-test-575 = 575-version-negotiation
-test-576 = 576-version-negotiation
-test-577 = 577-version-negotiation
-test-578 = 578-version-negotiation
-test-579 = 579-version-negotiation
-test-580 = 580-version-negotiation
-test-581 = 581-version-negotiation
-test-582 = 582-version-negotiation
-test-583 = 583-version-negotiation
-test-584 = 584-version-negotiation
-test-585 = 585-version-negotiation
-test-586 = 586-version-negotiation
-test-587 = 587-version-negotiation
-test-588 = 588-version-negotiation
-test-589 = 589-version-negotiation
-test-590 = 590-version-negotiation
-test-591 = 591-version-negotiation
-test-592 = 592-version-negotiation
-test-593 = 593-version-negotiation
-test-594 = 594-version-negotiation
-test-595 = 595-version-negotiation
-test-596 = 596-version-negotiation
-test-597 = 597-version-negotiation
-test-598 = 598-version-negotiation
-test-599 = 599-version-negotiation
-test-600 = 600-version-negotiation
-test-601 = 601-version-negotiation
-test-602 = 602-version-negotiation
-test-603 = 603-version-negotiation
-test-604 = 604-version-negotiation
-test-605 = 605-version-negotiation
-test-606 = 606-version-negotiation
-test-607 = 607-version-negotiation
-test-608 = 608-version-negotiation
-test-609 = 609-version-negotiation
-test-610 = 610-version-negotiation
-test-611 = 611-version-negotiation
-test-612 = 612-version-negotiation
-test-613 = 613-version-negotiation
-test-614 = 614-version-negotiation
-test-615 = 615-version-negotiation
-test-616 = 616-version-negotiation
-test-617 = 617-version-negotiation
-test-618 = 618-version-negotiation
-test-619 = 619-version-negotiation
-test-620 = 620-version-negotiation
-test-621 = 621-version-negotiation
-test-622 = 622-version-negotiation
-test-623 = 623-version-negotiation
-test-624 = 624-version-negotiation
-test-625 = 625-version-negotiation
-test-626 = 626-version-negotiation
-test-627 = 627-version-negotiation
-test-628 = 628-version-negotiation
-test-629 = 629-version-negotiation
-test-630 = 630-version-negotiation
-test-631 = 631-version-negotiation
-test-632 = 632-version-negotiation
-test-633 = 633-version-negotiation
-test-634 = 634-version-negotiation
-test-635 = 635-version-negotiation
-test-636 = 636-version-negotiation
-test-637 = 637-version-negotiation
-test-638 = 638-version-negotiation
-test-639 = 639-version-negotiation
-test-640 = 640-version-negotiation
-test-641 = 641-version-negotiation
-test-642 = 642-version-negotiation
-test-643 = 643-version-negotiation
-test-644 = 644-version-negotiation
-test-645 = 645-version-negotiation
-test-646 = 646-version-negotiation
-test-647 = 647-version-negotiation
-test-648 = 648-version-negotiation
-test-649 = 649-version-negotiation
-test-650 = 650-version-negotiation
-test-651 = 651-version-negotiation
-test-652 = 652-version-negotiation
-test-653 = 653-version-negotiation
-test-654 = 654-version-negotiation
-test-655 = 655-version-negotiation
-test-656 = 656-version-negotiation
-test-657 = 657-version-negotiation
-test-658 = 658-version-negotiation
-test-659 = 659-version-negotiation
-test-660 = 660-version-negotiation
-test-661 = 661-version-negotiation
-test-662 = 662-version-negotiation
-test-663 = 663-version-negotiation
-test-664 = 664-version-negotiation
-test-665 = 665-version-negotiation
-test-666 = 666-version-negotiation
-test-667 = 667-version-negotiation
-test-668 = 668-version-negotiation
-test-669 = 669-version-negotiation
-test-670 = 670-version-negotiation
-test-671 = 671-version-negotiation
-test-672 = 672-version-negotiation
-test-673 = 673-version-negotiation
-test-674 = 674-version-negotiation
-test-675 = 675-version-negotiation
-test-676 = 676-ciphersuite-sanity-check-client
-test-677 = 677-ciphersuite-sanity-check-server
-# ===========================================================
-
-[0-version-negotiation]
-ssl_conf = 0-version-negotiation-ssl
-
-[0-version-negotiation-ssl]
-server = 0-version-negotiation-server
-client = 0-version-negotiation-client
-
-[0-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[1-version-negotiation]
-ssl_conf = 1-version-negotiation-ssl
-
-[1-version-negotiation-ssl]
-server = 1-version-negotiation-server
-client = 1-version-negotiation-client
-
-[1-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[2-version-negotiation]
-ssl_conf = 2-version-negotiation-ssl
-
-[2-version-negotiation-ssl]
-server = 2-version-negotiation-server
-client = 2-version-negotiation-client
-
-[2-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[3-version-negotiation]
-ssl_conf = 3-version-negotiation-ssl
-
-[3-version-negotiation-ssl]
-server = 3-version-negotiation-server
-client = 3-version-negotiation-client
-
-[3-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[4-version-negotiation]
-ssl_conf = 4-version-negotiation-ssl
-
-[4-version-negotiation-ssl]
-server = 4-version-negotiation-server
-client = 4-version-negotiation-client
-
-[4-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[5-version-negotiation]
-ssl_conf = 5-version-negotiation-ssl
-
-[5-version-negotiation-ssl]
-server = 5-version-negotiation-server
-client = 5-version-negotiation-client
-
-[5-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[6-version-negotiation]
-ssl_conf = 6-version-negotiation-ssl
-
-[6-version-negotiation-ssl]
-server = 6-version-negotiation-server
-client = 6-version-negotiation-client
-
-[6-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[7-version-negotiation]
-ssl_conf = 7-version-negotiation-ssl
-
-[7-version-negotiation-ssl]
-server = 7-version-negotiation-server
-client = 7-version-negotiation-client
-
-[7-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[8-version-negotiation]
-ssl_conf = 8-version-negotiation-ssl
-
-[8-version-negotiation-ssl]
-server = 8-version-negotiation-server
-client = 8-version-negotiation-client
-
-[8-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-8]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[9-version-negotiation]
-ssl_conf = 9-version-negotiation-ssl
-
-[9-version-negotiation-ssl]
-server = 9-version-negotiation-server
-client = 9-version-negotiation-client
-
-[9-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[9-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-9]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[10-version-negotiation]
-ssl_conf = 10-version-negotiation-ssl
-
-[10-version-negotiation-ssl]
-server = 10-version-negotiation-server
-client = 10-version-negotiation-client
-
-[10-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[10-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-10]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[11-version-negotiation]
-ssl_conf = 11-version-negotiation-ssl
-
-[11-version-negotiation-ssl]
-server = 11-version-negotiation-server
-client = 11-version-negotiation-client
-
-[11-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[11-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-11]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[12-version-negotiation]
-ssl_conf = 12-version-negotiation-ssl
-
-[12-version-negotiation-ssl]
-server = 12-version-negotiation-server
-client = 12-version-negotiation-client
-
-[12-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[12-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-12]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[13-version-negotiation]
-ssl_conf = 13-version-negotiation-ssl
-
-[13-version-negotiation-ssl]
-server = 13-version-negotiation-server
-client = 13-version-negotiation-client
-
-[13-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[13-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-13]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[14-version-negotiation]
-ssl_conf = 14-version-negotiation-ssl
-
-[14-version-negotiation-ssl]
-server = 14-version-negotiation-server
-client = 14-version-negotiation-client
-
-[14-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[14-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-14]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[15-version-negotiation]
-ssl_conf = 15-version-negotiation-ssl
-
-[15-version-negotiation-ssl]
-server = 15-version-negotiation-server
-client = 15-version-negotiation-client
-
-[15-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[15-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-15]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[16-version-negotiation]
-ssl_conf = 16-version-negotiation-ssl
-
-[16-version-negotiation-ssl]
-server = 16-version-negotiation-server
-client = 16-version-negotiation-client
-
-[16-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[16-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-16]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[17-version-negotiation]
-ssl_conf = 17-version-negotiation-ssl
-
-[17-version-negotiation-ssl]
-server = 17-version-negotiation-server
-client = 17-version-negotiation-client
-
-[17-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[17-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-17]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[18-version-negotiation]
-ssl_conf = 18-version-negotiation-ssl
-
-[18-version-negotiation-ssl]
-server = 18-version-negotiation-server
-client = 18-version-negotiation-client
-
-[18-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[18-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-18]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[19-version-negotiation]
-ssl_conf = 19-version-negotiation-ssl
-
-[19-version-negotiation-ssl]
-server = 19-version-negotiation-server
-client = 19-version-negotiation-client
-
-[19-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[19-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-19]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[20-version-negotiation]
-ssl_conf = 20-version-negotiation-ssl
-
-[20-version-negotiation-ssl]
-server = 20-version-negotiation-server
-client = 20-version-negotiation-client
-
-[20-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[20-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-20]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[21-version-negotiation]
-ssl_conf = 21-version-negotiation-ssl
-
-[21-version-negotiation-ssl]
-server = 21-version-negotiation-server
-client = 21-version-negotiation-client
-
-[21-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[21-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-21]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[22-version-negotiation]
-ssl_conf = 22-version-negotiation-ssl
-
-[22-version-negotiation-ssl]
-server = 22-version-negotiation-server
-client = 22-version-negotiation-client
-
-[22-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[22-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-22]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[23-version-negotiation]
-ssl_conf = 23-version-negotiation-ssl
-
-[23-version-negotiation-ssl]
-server = 23-version-negotiation-server
-client = 23-version-negotiation-client
-
-[23-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[23-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-23]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[24-version-negotiation]
-ssl_conf = 24-version-negotiation-ssl
-
-[24-version-negotiation-ssl]
-server = 24-version-negotiation-server
-client = 24-version-negotiation-client
-
-[24-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[24-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-24]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[25-version-negotiation]
-ssl_conf = 25-version-negotiation-ssl
-
-[25-version-negotiation-ssl]
-server = 25-version-negotiation-server
-client = 25-version-negotiation-client
-
-[25-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[25-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-25]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[26-version-negotiation]
-ssl_conf = 26-version-negotiation-ssl
-
-[26-version-negotiation-ssl]
-server = 26-version-negotiation-server
-client = 26-version-negotiation-client
-
-[26-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[26-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-26]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[27-version-negotiation]
-ssl_conf = 27-version-negotiation-ssl
-
-[27-version-negotiation-ssl]
-server = 27-version-negotiation-server
-client = 27-version-negotiation-client
-
-[27-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[27-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-27]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[28-version-negotiation]
-ssl_conf = 28-version-negotiation-ssl
-
-[28-version-negotiation-ssl]
-server = 28-version-negotiation-server
-client = 28-version-negotiation-client
-
-[28-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[28-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-28]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[29-version-negotiation]
-ssl_conf = 29-version-negotiation-ssl
-
-[29-version-negotiation-ssl]
-server = 29-version-negotiation-server
-client = 29-version-negotiation-client
-
-[29-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[29-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-29]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[30-version-negotiation]
-ssl_conf = 30-version-negotiation-ssl
-
-[30-version-negotiation-ssl]
-server = 30-version-negotiation-server
-client = 30-version-negotiation-client
-
-[30-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[30-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-30]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[31-version-negotiation]
-ssl_conf = 31-version-negotiation-ssl
-
-[31-version-negotiation-ssl]
-server = 31-version-negotiation-server
-client = 31-version-negotiation-client
-
-[31-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[31-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-31]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[32-version-negotiation]
-ssl_conf = 32-version-negotiation-ssl
-
-[32-version-negotiation-ssl]
-server = 32-version-negotiation-server
-client = 32-version-negotiation-client
-
-[32-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[32-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-32]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[33-version-negotiation]
-ssl_conf = 33-version-negotiation-ssl
-
-[33-version-negotiation-ssl]
-server = 33-version-negotiation-server
-client = 33-version-negotiation-client
-
-[33-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[33-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-33]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[34-version-negotiation]
-ssl_conf = 34-version-negotiation-ssl
-
-[34-version-negotiation-ssl]
-server = 34-version-negotiation-server
-client = 34-version-negotiation-client
-
-[34-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[34-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-34]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[35-version-negotiation]
-ssl_conf = 35-version-negotiation-ssl
-
-[35-version-negotiation-ssl]
-server = 35-version-negotiation-server
-client = 35-version-negotiation-client
-
-[35-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[35-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-35]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[36-version-negotiation]
-ssl_conf = 36-version-negotiation-ssl
-
-[36-version-negotiation-ssl]
-server = 36-version-negotiation-server
-client = 36-version-negotiation-client
-
-[36-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[36-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-36]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[37-version-negotiation]
-ssl_conf = 37-version-negotiation-ssl
-
-[37-version-negotiation-ssl]
-server = 37-version-negotiation-server
-client = 37-version-negotiation-client
-
-[37-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[37-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-37]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[38-version-negotiation]
-ssl_conf = 38-version-negotiation-ssl
-
-[38-version-negotiation-ssl]
-server = 38-version-negotiation-server
-client = 38-version-negotiation-client
-
-[38-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[38-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-38]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[39-version-negotiation]
-ssl_conf = 39-version-negotiation-ssl
-
-[39-version-negotiation-ssl]
-server = 39-version-negotiation-server
-client = 39-version-negotiation-client
-
-[39-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[39-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-39]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[40-version-negotiation]
-ssl_conf = 40-version-negotiation-ssl
-
-[40-version-negotiation-ssl]
-server = 40-version-negotiation-server
-client = 40-version-negotiation-client
-
-[40-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[40-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-40]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[41-version-negotiation]
-ssl_conf = 41-version-negotiation-ssl
-
-[41-version-negotiation-ssl]
-server = 41-version-negotiation-server
-client = 41-version-negotiation-client
-
-[41-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[41-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-41]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[42-version-negotiation]
-ssl_conf = 42-version-negotiation-ssl
-
-[42-version-negotiation-ssl]
-server = 42-version-negotiation-server
-client = 42-version-negotiation-client
-
-[42-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[42-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-42]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[43-version-negotiation]
-ssl_conf = 43-version-negotiation-ssl
-
-[43-version-negotiation-ssl]
-server = 43-version-negotiation-server
-client = 43-version-negotiation-client
-
-[43-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[43-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-43]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[44-version-negotiation]
-ssl_conf = 44-version-negotiation-ssl
-
-[44-version-negotiation-ssl]
-server = 44-version-negotiation-server
-client = 44-version-negotiation-client
-
-[44-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[44-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-44]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[45-version-negotiation]
-ssl_conf = 45-version-negotiation-ssl
-
-[45-version-negotiation-ssl]
-server = 45-version-negotiation-server
-client = 45-version-negotiation-client
-
-[45-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[45-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-45]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[46-version-negotiation]
-ssl_conf = 46-version-negotiation-ssl
-
-[46-version-negotiation-ssl]
-server = 46-version-negotiation-server
-client = 46-version-negotiation-client
-
-[46-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[46-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-46]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[47-version-negotiation]
-ssl_conf = 47-version-negotiation-ssl
-
-[47-version-negotiation-ssl]
-server = 47-version-negotiation-server
-client = 47-version-negotiation-client
-
-[47-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[47-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-47]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[48-version-negotiation]
-ssl_conf = 48-version-negotiation-ssl
-
-[48-version-negotiation-ssl]
-server = 48-version-negotiation-server
-client = 48-version-negotiation-client
-
-[48-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[48-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-48]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[49-version-negotiation]
-ssl_conf = 49-version-negotiation-ssl
-
-[49-version-negotiation-ssl]
-server = 49-version-negotiation-server
-client = 49-version-negotiation-client
-
-[49-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[49-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-49]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[50-version-negotiation]
-ssl_conf = 50-version-negotiation-ssl
-
-[50-version-negotiation-ssl]
-server = 50-version-negotiation-server
-client = 50-version-negotiation-client
-
-[50-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[50-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-50]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[51-version-negotiation]
-ssl_conf = 51-version-negotiation-ssl
-
-[51-version-negotiation-ssl]
-server = 51-version-negotiation-server
-client = 51-version-negotiation-client
-
-[51-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[51-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-51]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[52-version-negotiation]
-ssl_conf = 52-version-negotiation-ssl
-
-[52-version-negotiation-ssl]
-server = 52-version-negotiation-server
-client = 52-version-negotiation-client
-
-[52-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[52-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-52]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[53-version-negotiation]
-ssl_conf = 53-version-negotiation-ssl
-
-[53-version-negotiation-ssl]
-server = 53-version-negotiation-server
-client = 53-version-negotiation-client
-
-[53-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[53-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-53]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[54-version-negotiation]
-ssl_conf = 54-version-negotiation-ssl
-
-[54-version-negotiation-ssl]
-server = 54-version-negotiation-server
-client = 54-version-negotiation-client
-
-[54-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[54-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-54]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[55-version-negotiation]
-ssl_conf = 55-version-negotiation-ssl
-
-[55-version-negotiation-ssl]
-server = 55-version-negotiation-server
-client = 55-version-negotiation-client
-
-[55-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[55-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-55]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[56-version-negotiation]
-ssl_conf = 56-version-negotiation-ssl
-
-[56-version-negotiation-ssl]
-server = 56-version-negotiation-server
-client = 56-version-negotiation-client
-
-[56-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[56-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-56]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[57-version-negotiation]
-ssl_conf = 57-version-negotiation-ssl
-
-[57-version-negotiation-ssl]
-server = 57-version-negotiation-server
-client = 57-version-negotiation-client
-
-[57-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[57-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-57]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[58-version-negotiation]
-ssl_conf = 58-version-negotiation-ssl
-
-[58-version-negotiation-ssl]
-server = 58-version-negotiation-server
-client = 58-version-negotiation-client
-
-[58-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[58-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-58]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[59-version-negotiation]
-ssl_conf = 59-version-negotiation-ssl
-
-[59-version-negotiation-ssl]
-server = 59-version-negotiation-server
-client = 59-version-negotiation-client
-
-[59-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[59-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-59]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[60-version-negotiation]
-ssl_conf = 60-version-negotiation-ssl
-
-[60-version-negotiation-ssl]
-server = 60-version-negotiation-server
-client = 60-version-negotiation-client
-
-[60-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[60-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-60]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[61-version-negotiation]
-ssl_conf = 61-version-negotiation-ssl
-
-[61-version-negotiation-ssl]
-server = 61-version-negotiation-server
-client = 61-version-negotiation-client
-
-[61-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[61-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-61]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[62-version-negotiation]
-ssl_conf = 62-version-negotiation-ssl
-
-[62-version-negotiation-ssl]
-server = 62-version-negotiation-server
-client = 62-version-negotiation-client
-
-[62-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[62-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-62]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[63-version-negotiation]
-ssl_conf = 63-version-negotiation-ssl
-
-[63-version-negotiation-ssl]
-server = 63-version-negotiation-server
-client = 63-version-negotiation-client
-
-[63-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[63-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-63]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[64-version-negotiation]
-ssl_conf = 64-version-negotiation-ssl
-
-[64-version-negotiation-ssl]
-server = 64-version-negotiation-server
-client = 64-version-negotiation-client
-
-[64-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[64-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-64]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[65-version-negotiation]
-ssl_conf = 65-version-negotiation-ssl
-
-[65-version-negotiation-ssl]
-server = 65-version-negotiation-server
-client = 65-version-negotiation-client
-
-[65-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[65-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-65]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[66-version-negotiation]
-ssl_conf = 66-version-negotiation-ssl
-
-[66-version-negotiation-ssl]
-server = 66-version-negotiation-server
-client = 66-version-negotiation-client
-
-[66-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[66-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-66]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[67-version-negotiation]
-ssl_conf = 67-version-negotiation-ssl
-
-[67-version-negotiation-ssl]
-server = 67-version-negotiation-server
-client = 67-version-negotiation-client
-
-[67-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[67-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-67]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[68-version-negotiation]
-ssl_conf = 68-version-negotiation-ssl
-
-[68-version-negotiation-ssl]
-server = 68-version-negotiation-server
-client = 68-version-negotiation-client
-
-[68-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[68-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-68]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[69-version-negotiation]
-ssl_conf = 69-version-negotiation-ssl
-
-[69-version-negotiation-ssl]
-server = 69-version-negotiation-server
-client = 69-version-negotiation-client
-
-[69-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[69-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-69]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[70-version-negotiation]
-ssl_conf = 70-version-negotiation-ssl
-
-[70-version-negotiation-ssl]
-server = 70-version-negotiation-server
-client = 70-version-negotiation-client
-
-[70-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[70-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-70]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[71-version-negotiation]
-ssl_conf = 71-version-negotiation-ssl
-
-[71-version-negotiation-ssl]
-server = 71-version-negotiation-server
-client = 71-version-negotiation-client
-
-[71-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[71-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-71]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[72-version-negotiation]
-ssl_conf = 72-version-negotiation-ssl
-
-[72-version-negotiation-ssl]
-server = 72-version-negotiation-server
-client = 72-version-negotiation-client
-
-[72-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[72-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-72]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[73-version-negotiation]
-ssl_conf = 73-version-negotiation-ssl
-
-[73-version-negotiation-ssl]
-server = 73-version-negotiation-server
-client = 73-version-negotiation-client
-
-[73-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[73-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-73]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[74-version-negotiation]
-ssl_conf = 74-version-negotiation-ssl
-
-[74-version-negotiation-ssl]
-server = 74-version-negotiation-server
-client = 74-version-negotiation-client
-
-[74-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[74-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-74]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[75-version-negotiation]
-ssl_conf = 75-version-negotiation-ssl
-
-[75-version-negotiation-ssl]
-server = 75-version-negotiation-server
-client = 75-version-negotiation-client
-
-[75-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[75-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-75]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[76-version-negotiation]
-ssl_conf = 76-version-negotiation-ssl
-
-[76-version-negotiation-ssl]
-server = 76-version-negotiation-server
-client = 76-version-negotiation-client
-
-[76-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[76-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-76]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[77-version-negotiation]
-ssl_conf = 77-version-negotiation-ssl
-
-[77-version-negotiation-ssl]
-server = 77-version-negotiation-server
-client = 77-version-negotiation-client
-
-[77-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[77-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-77]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[78-version-negotiation]
-ssl_conf = 78-version-negotiation-ssl
-
-[78-version-negotiation-ssl]
-server = 78-version-negotiation-server
-client = 78-version-negotiation-client
-
-[78-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[78-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-78]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[79-version-negotiation]
-ssl_conf = 79-version-negotiation-ssl
-
-[79-version-negotiation-ssl]
-server = 79-version-negotiation-server
-client = 79-version-negotiation-client
-
-[79-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[79-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-79]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[80-version-negotiation]
-ssl_conf = 80-version-negotiation-ssl
-
-[80-version-negotiation-ssl]
-server = 80-version-negotiation-server
-client = 80-version-negotiation-client
-
-[80-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[80-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-80]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[81-version-negotiation]
-ssl_conf = 81-version-negotiation-ssl
-
-[81-version-negotiation-ssl]
-server = 81-version-negotiation-server
-client = 81-version-negotiation-client
-
-[81-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[81-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-81]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[82-version-negotiation]
-ssl_conf = 82-version-negotiation-ssl
-
-[82-version-negotiation-ssl]
-server = 82-version-negotiation-server
-client = 82-version-negotiation-client
-
-[82-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[82-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-82]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[83-version-negotiation]
-ssl_conf = 83-version-negotiation-ssl
-
-[83-version-negotiation-ssl]
-server = 83-version-negotiation-server
-client = 83-version-negotiation-client
-
-[83-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[83-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-83]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[84-version-negotiation]
-ssl_conf = 84-version-negotiation-ssl
-
-[84-version-negotiation-ssl]
-server = 84-version-negotiation-server
-client = 84-version-negotiation-client
-
-[84-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[84-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-84]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[85-version-negotiation]
-ssl_conf = 85-version-negotiation-ssl
-
-[85-version-negotiation-ssl]
-server = 85-version-negotiation-server
-client = 85-version-negotiation-client
-
-[85-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[85-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-85]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[86-version-negotiation]
-ssl_conf = 86-version-negotiation-ssl
-
-[86-version-negotiation-ssl]
-server = 86-version-negotiation-server
-client = 86-version-negotiation-client
-
-[86-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[86-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-86]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[87-version-negotiation]
-ssl_conf = 87-version-negotiation-ssl
-
-[87-version-negotiation-ssl]
-server = 87-version-negotiation-server
-client = 87-version-negotiation-client
-
-[87-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[87-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-87]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[88-version-negotiation]
-ssl_conf = 88-version-negotiation-ssl
-
-[88-version-negotiation-ssl]
-server = 88-version-negotiation-server
-client = 88-version-negotiation-client
-
-[88-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[88-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-88]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[89-version-negotiation]
-ssl_conf = 89-version-negotiation-ssl
-
-[89-version-negotiation-ssl]
-server = 89-version-negotiation-server
-client = 89-version-negotiation-client
-
-[89-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[89-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-89]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[90-version-negotiation]
-ssl_conf = 90-version-negotiation-ssl
-
-[90-version-negotiation-ssl]
-server = 90-version-negotiation-server
-client = 90-version-negotiation-client
-
-[90-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[90-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-90]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[91-version-negotiation]
-ssl_conf = 91-version-negotiation-ssl
-
-[91-version-negotiation-ssl]
-server = 91-version-negotiation-server
-client = 91-version-negotiation-client
-
-[91-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[91-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-91]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[92-version-negotiation]
-ssl_conf = 92-version-negotiation-ssl
-
-[92-version-negotiation-ssl]
-server = 92-version-negotiation-server
-client = 92-version-negotiation-client
-
-[92-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[92-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-92]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[93-version-negotiation]
-ssl_conf = 93-version-negotiation-ssl
-
-[93-version-negotiation-ssl]
-server = 93-version-negotiation-server
-client = 93-version-negotiation-client
-
-[93-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[93-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-93]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[94-version-negotiation]
-ssl_conf = 94-version-negotiation-ssl
-
-[94-version-negotiation-ssl]
-server = 94-version-negotiation-server
-client = 94-version-negotiation-client
-
-[94-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[94-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-94]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[95-version-negotiation]
-ssl_conf = 95-version-negotiation-ssl
-
-[95-version-negotiation-ssl]
-server = 95-version-negotiation-server
-client = 95-version-negotiation-client
-
-[95-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[95-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-95]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[96-version-negotiation]
-ssl_conf = 96-version-negotiation-ssl
-
-[96-version-negotiation-ssl]
-server = 96-version-negotiation-server
-client = 96-version-negotiation-client
-
-[96-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[96-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-96]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[97-version-negotiation]
-ssl_conf = 97-version-negotiation-ssl
-
-[97-version-negotiation-ssl]
-server = 97-version-negotiation-server
-client = 97-version-negotiation-client
-
-[97-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[97-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-97]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[98-version-negotiation]
-ssl_conf = 98-version-negotiation-ssl
-
-[98-version-negotiation-ssl]
-server = 98-version-negotiation-server
-client = 98-version-negotiation-client
-
-[98-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[98-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-98]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[99-version-negotiation]
-ssl_conf = 99-version-negotiation-ssl
-
-[99-version-negotiation-ssl]
-server = 99-version-negotiation-server
-client = 99-version-negotiation-client
-
-[99-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[99-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-99]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[100-version-negotiation]
-ssl_conf = 100-version-negotiation-ssl
-
-[100-version-negotiation-ssl]
-server = 100-version-negotiation-server
-client = 100-version-negotiation-client
-
-[100-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[100-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-100]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[101-version-negotiation]
-ssl_conf = 101-version-negotiation-ssl
-
-[101-version-negotiation-ssl]
-server = 101-version-negotiation-server
-client = 101-version-negotiation-client
-
-[101-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[101-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-101]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[102-version-negotiation]
-ssl_conf = 102-version-negotiation-ssl
-
-[102-version-negotiation-ssl]
-server = 102-version-negotiation-server
-client = 102-version-negotiation-client
-
-[102-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[102-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-102]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[103-version-negotiation]
-ssl_conf = 103-version-negotiation-ssl
-
-[103-version-negotiation-ssl]
-server = 103-version-negotiation-server
-client = 103-version-negotiation-client
-
-[103-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[103-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-103]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[104-version-negotiation]
-ssl_conf = 104-version-negotiation-ssl
-
-[104-version-negotiation-ssl]
-server = 104-version-negotiation-server
-client = 104-version-negotiation-client
-
-[104-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[104-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-104]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[105-version-negotiation]
-ssl_conf = 105-version-negotiation-ssl
-
-[105-version-negotiation-ssl]
-server = 105-version-negotiation-server
-client = 105-version-negotiation-client
-
-[105-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[105-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-105]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[106-version-negotiation]
-ssl_conf = 106-version-negotiation-ssl
-
-[106-version-negotiation-ssl]
-server = 106-version-negotiation-server
-client = 106-version-negotiation-client
-
-[106-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[106-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-106]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[107-version-negotiation]
-ssl_conf = 107-version-negotiation-ssl
-
-[107-version-negotiation-ssl]
-server = 107-version-negotiation-server
-client = 107-version-negotiation-client
-
-[107-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[107-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-107]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[108-version-negotiation]
-ssl_conf = 108-version-negotiation-ssl
-
-[108-version-negotiation-ssl]
-server = 108-version-negotiation-server
-client = 108-version-negotiation-client
-
-[108-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[108-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-108]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[109-version-negotiation]
-ssl_conf = 109-version-negotiation-ssl
-
-[109-version-negotiation-ssl]
-server = 109-version-negotiation-server
-client = 109-version-negotiation-client
-
-[109-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[109-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-109]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[110-version-negotiation]
-ssl_conf = 110-version-negotiation-ssl
-
-[110-version-negotiation-ssl]
-server = 110-version-negotiation-server
-client = 110-version-negotiation-client
-
-[110-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[110-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-110]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[111-version-negotiation]
-ssl_conf = 111-version-negotiation-ssl
-
-[111-version-negotiation-ssl]
-server = 111-version-negotiation-server
-client = 111-version-negotiation-client
-
-[111-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[111-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-111]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[112-version-negotiation]
-ssl_conf = 112-version-negotiation-ssl
-
-[112-version-negotiation-ssl]
-server = 112-version-negotiation-server
-client = 112-version-negotiation-client
-
-[112-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[112-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-112]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[113-version-negotiation]
-ssl_conf = 113-version-negotiation-ssl
-
-[113-version-negotiation-ssl]
-server = 113-version-negotiation-server
-client = 113-version-negotiation-client
-
-[113-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[113-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-113]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[114-version-negotiation]
-ssl_conf = 114-version-negotiation-ssl
-
-[114-version-negotiation-ssl]
-server = 114-version-negotiation-server
-client = 114-version-negotiation-client
-
-[114-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[114-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-114]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[115-version-negotiation]
-ssl_conf = 115-version-negotiation-ssl
-
-[115-version-negotiation-ssl]
-server = 115-version-negotiation-server
-client = 115-version-negotiation-client
-
-[115-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[115-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-115]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[116-version-negotiation]
-ssl_conf = 116-version-negotiation-ssl
-
-[116-version-negotiation-ssl]
-server = 116-version-negotiation-server
-client = 116-version-negotiation-client
-
-[116-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[116-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-116]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[117-version-negotiation]
-ssl_conf = 117-version-negotiation-ssl
-
-[117-version-negotiation-ssl]
-server = 117-version-negotiation-server
-client = 117-version-negotiation-client
-
-[117-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[117-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-117]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[118-version-negotiation]
-ssl_conf = 118-version-negotiation-ssl
-
-[118-version-negotiation-ssl]
-server = 118-version-negotiation-server
-client = 118-version-negotiation-client
-
-[118-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[118-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-118]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[119-version-negotiation]
-ssl_conf = 119-version-negotiation-ssl
-
-[119-version-negotiation-ssl]
-server = 119-version-negotiation-server
-client = 119-version-negotiation-client
-
-[119-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[119-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-119]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[120-version-negotiation]
-ssl_conf = 120-version-negotiation-ssl
-
-[120-version-negotiation-ssl]
-server = 120-version-negotiation-server
-client = 120-version-negotiation-client
-
-[120-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[120-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-120]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[121-version-negotiation]
-ssl_conf = 121-version-negotiation-ssl
-
-[121-version-negotiation-ssl]
-server = 121-version-negotiation-server
-client = 121-version-negotiation-client
-
-[121-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[121-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-121]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[122-version-negotiation]
-ssl_conf = 122-version-negotiation-ssl
-
-[122-version-negotiation-ssl]
-server = 122-version-negotiation-server
-client = 122-version-negotiation-client
-
-[122-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[122-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-122]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[123-version-negotiation]
-ssl_conf = 123-version-negotiation-ssl
-
-[123-version-negotiation-ssl]
-server = 123-version-negotiation-server
-client = 123-version-negotiation-client
-
-[123-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[123-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-123]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[124-version-negotiation]
-ssl_conf = 124-version-negotiation-ssl
-
-[124-version-negotiation-ssl]
-server = 124-version-negotiation-server
-client = 124-version-negotiation-client
-
-[124-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[124-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-124]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[125-version-negotiation]
-ssl_conf = 125-version-negotiation-ssl
-
-[125-version-negotiation-ssl]
-server = 125-version-negotiation-server
-client = 125-version-negotiation-client
-
-[125-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[125-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-125]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[126-version-negotiation]
-ssl_conf = 126-version-negotiation-ssl
-
-[126-version-negotiation-ssl]
-server = 126-version-negotiation-server
-client = 126-version-negotiation-client
-
-[126-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[126-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-126]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[127-version-negotiation]
-ssl_conf = 127-version-negotiation-ssl
-
-[127-version-negotiation-ssl]
-server = 127-version-negotiation-server
-client = 127-version-negotiation-client
-
-[127-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[127-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-127]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[128-version-negotiation]
-ssl_conf = 128-version-negotiation-ssl
-
-[128-version-negotiation-ssl]
-server = 128-version-negotiation-server
-client = 128-version-negotiation-client
-
-[128-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[128-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-128]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[129-version-negotiation]
-ssl_conf = 129-version-negotiation-ssl
-
-[129-version-negotiation-ssl]
-server = 129-version-negotiation-server
-client = 129-version-negotiation-client
-
-[129-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[129-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-129]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[130-version-negotiation]
-ssl_conf = 130-version-negotiation-ssl
-
-[130-version-negotiation-ssl]
-server = 130-version-negotiation-server
-client = 130-version-negotiation-client
-
-[130-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[130-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-130]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[131-version-negotiation]
-ssl_conf = 131-version-negotiation-ssl
-
-[131-version-negotiation-ssl]
-server = 131-version-negotiation-server
-client = 131-version-negotiation-client
-
-[131-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[131-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-131]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[132-version-negotiation]
-ssl_conf = 132-version-negotiation-ssl
-
-[132-version-negotiation-ssl]
-server = 132-version-negotiation-server
-client = 132-version-negotiation-client
-
-[132-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[132-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-132]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[133-version-negotiation]
-ssl_conf = 133-version-negotiation-ssl
-
-[133-version-negotiation-ssl]
-server = 133-version-negotiation-server
-client = 133-version-negotiation-client
-
-[133-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[133-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-133]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[134-version-negotiation]
-ssl_conf = 134-version-negotiation-ssl
-
-[134-version-negotiation-ssl]
-server = 134-version-negotiation-server
-client = 134-version-negotiation-client
-
-[134-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[134-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-134]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[135-version-negotiation]
-ssl_conf = 135-version-negotiation-ssl
-
-[135-version-negotiation-ssl]
-server = 135-version-negotiation-server
-client = 135-version-negotiation-client
-
-[135-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[135-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-135]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[136-version-negotiation]
-ssl_conf = 136-version-negotiation-ssl
-
-[136-version-negotiation-ssl]
-server = 136-version-negotiation-server
-client = 136-version-negotiation-client
-
-[136-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[136-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-136]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[137-version-negotiation]
-ssl_conf = 137-version-negotiation-ssl
-
-[137-version-negotiation-ssl]
-server = 137-version-negotiation-server
-client = 137-version-negotiation-client
-
-[137-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[137-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-137]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[138-version-negotiation]
-ssl_conf = 138-version-negotiation-ssl
-
-[138-version-negotiation-ssl]
-server = 138-version-negotiation-server
-client = 138-version-negotiation-client
-
-[138-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[138-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-138]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[139-version-negotiation]
-ssl_conf = 139-version-negotiation-ssl
-
-[139-version-negotiation-ssl]
-server = 139-version-negotiation-server
-client = 139-version-negotiation-client
-
-[139-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[139-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-139]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[140-version-negotiation]
-ssl_conf = 140-version-negotiation-ssl
-
-[140-version-negotiation-ssl]
-server = 140-version-negotiation-server
-client = 140-version-negotiation-client
-
-[140-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[140-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-140]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[141-version-negotiation]
-ssl_conf = 141-version-negotiation-ssl
-
-[141-version-negotiation-ssl]
-server = 141-version-negotiation-server
-client = 141-version-negotiation-client
-
-[141-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[141-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-141]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[142-version-negotiation]
-ssl_conf = 142-version-negotiation-ssl
-
-[142-version-negotiation-ssl]
-server = 142-version-negotiation-server
-client = 142-version-negotiation-client
-
-[142-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[142-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-142]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[143-version-negotiation]
-ssl_conf = 143-version-negotiation-ssl
-
-[143-version-negotiation-ssl]
-server = 143-version-negotiation-server
-client = 143-version-negotiation-client
-
-[143-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[143-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-143]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[144-version-negotiation]
-ssl_conf = 144-version-negotiation-ssl
-
-[144-version-negotiation-ssl]
-server = 144-version-negotiation-server
-client = 144-version-negotiation-client
-
-[144-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[144-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-144]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[145-version-negotiation]
-ssl_conf = 145-version-negotiation-ssl
-
-[145-version-negotiation-ssl]
-server = 145-version-negotiation-server
-client = 145-version-negotiation-client
-
-[145-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[145-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-145]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[146-version-negotiation]
-ssl_conf = 146-version-negotiation-ssl
-
-[146-version-negotiation-ssl]
-server = 146-version-negotiation-server
-client = 146-version-negotiation-client
-
-[146-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[146-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-146]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[147-version-negotiation]
-ssl_conf = 147-version-negotiation-ssl
-
-[147-version-negotiation-ssl]
-server = 147-version-negotiation-server
-client = 147-version-negotiation-client
-
-[147-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[147-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-147]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[148-version-negotiation]
-ssl_conf = 148-version-negotiation-ssl
-
-[148-version-negotiation-ssl]
-server = 148-version-negotiation-server
-client = 148-version-negotiation-client
-
-[148-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[148-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-148]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[149-version-negotiation]
-ssl_conf = 149-version-negotiation-ssl
-
-[149-version-negotiation-ssl]
-server = 149-version-negotiation-server
-client = 149-version-negotiation-client
-
-[149-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[149-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-149]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[150-version-negotiation]
-ssl_conf = 150-version-negotiation-ssl
-
-[150-version-negotiation-ssl]
-server = 150-version-negotiation-server
-client = 150-version-negotiation-client
-
-[150-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[150-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-150]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[151-version-negotiation]
-ssl_conf = 151-version-negotiation-ssl
-
-[151-version-negotiation-ssl]
-server = 151-version-negotiation-server
-client = 151-version-negotiation-client
-
-[151-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[151-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-151]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[152-version-negotiation]
-ssl_conf = 152-version-negotiation-ssl
-
-[152-version-negotiation-ssl]
-server = 152-version-negotiation-server
-client = 152-version-negotiation-client
-
-[152-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[152-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-152]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[153-version-negotiation]
-ssl_conf = 153-version-negotiation-ssl
-
-[153-version-negotiation-ssl]
-server = 153-version-negotiation-server
-client = 153-version-negotiation-client
-
-[153-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[153-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-153]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[154-version-negotiation]
-ssl_conf = 154-version-negotiation-ssl
-
-[154-version-negotiation-ssl]
-server = 154-version-negotiation-server
-client = 154-version-negotiation-client
-
-[154-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[154-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-154]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[155-version-negotiation]
-ssl_conf = 155-version-negotiation-ssl
-
-[155-version-negotiation-ssl]
-server = 155-version-negotiation-server
-client = 155-version-negotiation-client
-
-[155-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[155-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-155]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[156-version-negotiation]
-ssl_conf = 156-version-negotiation-ssl
-
-[156-version-negotiation-ssl]
-server = 156-version-negotiation-server
-client = 156-version-negotiation-client
-
-[156-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[156-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-156]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[157-version-negotiation]
-ssl_conf = 157-version-negotiation-ssl
-
-[157-version-negotiation-ssl]
-server = 157-version-negotiation-server
-client = 157-version-negotiation-client
-
-[157-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[157-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-157]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[158-version-negotiation]
-ssl_conf = 158-version-negotiation-ssl
-
-[158-version-negotiation-ssl]
-server = 158-version-negotiation-server
-client = 158-version-negotiation-client
-
-[158-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[158-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-158]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[159-version-negotiation]
-ssl_conf = 159-version-negotiation-ssl
-
-[159-version-negotiation-ssl]
-server = 159-version-negotiation-server
-client = 159-version-negotiation-client
-
-[159-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[159-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-159]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[160-version-negotiation]
-ssl_conf = 160-version-negotiation-ssl
-
-[160-version-negotiation-ssl]
-server = 160-version-negotiation-server
-client = 160-version-negotiation-client
-
-[160-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[160-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-160]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[161-version-negotiation]
-ssl_conf = 161-version-negotiation-ssl
-
-[161-version-negotiation-ssl]
-server = 161-version-negotiation-server
-client = 161-version-negotiation-client
-
-[161-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[161-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-161]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[162-version-negotiation]
-ssl_conf = 162-version-negotiation-ssl
-
-[162-version-negotiation-ssl]
-server = 162-version-negotiation-server
-client = 162-version-negotiation-client
-
-[162-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[162-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-162]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[163-version-negotiation]
-ssl_conf = 163-version-negotiation-ssl
-
-[163-version-negotiation-ssl]
-server = 163-version-negotiation-server
-client = 163-version-negotiation-client
-
-[163-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[163-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-163]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[164-version-negotiation]
-ssl_conf = 164-version-negotiation-ssl
-
-[164-version-negotiation-ssl]
-server = 164-version-negotiation-server
-client = 164-version-negotiation-client
-
-[164-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[164-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-164]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[165-version-negotiation]
-ssl_conf = 165-version-negotiation-ssl
-
-[165-version-negotiation-ssl]
-server = 165-version-negotiation-server
-client = 165-version-negotiation-client
-
-[165-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[165-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-165]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[166-version-negotiation]
-ssl_conf = 166-version-negotiation-ssl
-
-[166-version-negotiation-ssl]
-server = 166-version-negotiation-server
-client = 166-version-negotiation-client
-
-[166-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[166-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-166]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[167-version-negotiation]
-ssl_conf = 167-version-negotiation-ssl
-
-[167-version-negotiation-ssl]
-server = 167-version-negotiation-server
-client = 167-version-negotiation-client
-
-[167-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[167-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-167]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[168-version-negotiation]
-ssl_conf = 168-version-negotiation-ssl
-
-[168-version-negotiation-ssl]
-server = 168-version-negotiation-server
-client = 168-version-negotiation-client
-
-[168-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[168-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-168]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[169-version-negotiation]
-ssl_conf = 169-version-negotiation-ssl
-
-[169-version-negotiation-ssl]
-server = 169-version-negotiation-server
-client = 169-version-negotiation-client
-
-[169-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[169-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-169]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[170-version-negotiation]
-ssl_conf = 170-version-negotiation-ssl
-
-[170-version-negotiation-ssl]
-server = 170-version-negotiation-server
-client = 170-version-negotiation-client
-
-[170-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[170-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-170]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[171-version-negotiation]
-ssl_conf = 171-version-negotiation-ssl
-
-[171-version-negotiation-ssl]
-server = 171-version-negotiation-server
-client = 171-version-negotiation-client
-
-[171-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[171-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-171]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[172-version-negotiation]
-ssl_conf = 172-version-negotiation-ssl
-
-[172-version-negotiation-ssl]
-server = 172-version-negotiation-server
-client = 172-version-negotiation-client
-
-[172-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[172-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-172]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[173-version-negotiation]
-ssl_conf = 173-version-negotiation-ssl
-
-[173-version-negotiation-ssl]
-server = 173-version-negotiation-server
-client = 173-version-negotiation-client
-
-[173-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[173-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-173]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[174-version-negotiation]
-ssl_conf = 174-version-negotiation-ssl
-
-[174-version-negotiation-ssl]
-server = 174-version-negotiation-server
-client = 174-version-negotiation-client
-
-[174-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[174-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-174]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[175-version-negotiation]
-ssl_conf = 175-version-negotiation-ssl
-
-[175-version-negotiation-ssl]
-server = 175-version-negotiation-server
-client = 175-version-negotiation-client
-
-[175-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[175-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-175]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[176-version-negotiation]
-ssl_conf = 176-version-negotiation-ssl
-
-[176-version-negotiation-ssl]
-server = 176-version-negotiation-server
-client = 176-version-negotiation-client
-
-[176-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[176-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-176]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[177-version-negotiation]
-ssl_conf = 177-version-negotiation-ssl
-
-[177-version-negotiation-ssl]
-server = 177-version-negotiation-server
-client = 177-version-negotiation-client
-
-[177-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[177-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-177]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[178-version-negotiation]
-ssl_conf = 178-version-negotiation-ssl
-
-[178-version-negotiation-ssl]
-server = 178-version-negotiation-server
-client = 178-version-negotiation-client
-
-[178-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[178-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-178]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[179-version-negotiation]
-ssl_conf = 179-version-negotiation-ssl
-
-[179-version-negotiation-ssl]
-server = 179-version-negotiation-server
-client = 179-version-negotiation-client
-
-[179-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[179-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-179]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[180-version-negotiation]
-ssl_conf = 180-version-negotiation-ssl
-
-[180-version-negotiation-ssl]
-server = 180-version-negotiation-server
-client = 180-version-negotiation-client
-
-[180-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[180-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-180]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[181-version-negotiation]
-ssl_conf = 181-version-negotiation-ssl
-
-[181-version-negotiation-ssl]
-server = 181-version-negotiation-server
-client = 181-version-negotiation-client
-
-[181-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[181-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-181]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[182-version-negotiation]
-ssl_conf = 182-version-negotiation-ssl
-
-[182-version-negotiation-ssl]
-server = 182-version-negotiation-server
-client = 182-version-negotiation-client
-
-[182-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[182-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-182]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[183-version-negotiation]
-ssl_conf = 183-version-negotiation-ssl
-
-[183-version-negotiation-ssl]
-server = 183-version-negotiation-server
-client = 183-version-negotiation-client
-
-[183-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[183-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-183]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[184-version-negotiation]
-ssl_conf = 184-version-negotiation-ssl
-
-[184-version-negotiation-ssl]
-server = 184-version-negotiation-server
-client = 184-version-negotiation-client
-
-[184-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[184-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-184]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[185-version-negotiation]
-ssl_conf = 185-version-negotiation-ssl
-
-[185-version-negotiation-ssl]
-server = 185-version-negotiation-server
-client = 185-version-negotiation-client
-
-[185-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[185-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-185]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[186-version-negotiation]
-ssl_conf = 186-version-negotiation-ssl
-
-[186-version-negotiation-ssl]
-server = 186-version-negotiation-server
-client = 186-version-negotiation-client
-
-[186-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[186-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-186]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[187-version-negotiation]
-ssl_conf = 187-version-negotiation-ssl
-
-[187-version-negotiation-ssl]
-server = 187-version-negotiation-server
-client = 187-version-negotiation-client
-
-[187-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[187-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-187]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[188-version-negotiation]
-ssl_conf = 188-version-negotiation-ssl
-
-[188-version-negotiation-ssl]
-server = 188-version-negotiation-server
-client = 188-version-negotiation-client
-
-[188-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[188-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-188]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[189-version-negotiation]
-ssl_conf = 189-version-negotiation-ssl
-
-[189-version-negotiation-ssl]
-server = 189-version-negotiation-server
-client = 189-version-negotiation-client
-
-[189-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[189-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-189]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[190-version-negotiation]
-ssl_conf = 190-version-negotiation-ssl
-
-[190-version-negotiation-ssl]
-server = 190-version-negotiation-server
-client = 190-version-negotiation-client
-
-[190-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[190-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-190]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[191-version-negotiation]
-ssl_conf = 191-version-negotiation-ssl
-
-[191-version-negotiation-ssl]
-server = 191-version-negotiation-server
-client = 191-version-negotiation-client
-
-[191-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[191-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-191]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[192-version-negotiation]
-ssl_conf = 192-version-negotiation-ssl
-
-[192-version-negotiation-ssl]
-server = 192-version-negotiation-server
-client = 192-version-negotiation-client
-
-[192-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[192-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-192]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[193-version-negotiation]
-ssl_conf = 193-version-negotiation-ssl
-
-[193-version-negotiation-ssl]
-server = 193-version-negotiation-server
-client = 193-version-negotiation-client
-
-[193-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[193-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-193]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[194-version-negotiation]
-ssl_conf = 194-version-negotiation-ssl
-
-[194-version-negotiation-ssl]
-server = 194-version-negotiation-server
-client = 194-version-negotiation-client
-
-[194-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[194-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-194]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[195-version-negotiation]
-ssl_conf = 195-version-negotiation-ssl
-
-[195-version-negotiation-ssl]
-server = 195-version-negotiation-server
-client = 195-version-negotiation-client
-
-[195-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[195-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-195]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[196-version-negotiation]
-ssl_conf = 196-version-negotiation-ssl
-
-[196-version-negotiation-ssl]
-server = 196-version-negotiation-server
-client = 196-version-negotiation-client
-
-[196-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[196-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-196]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[197-version-negotiation]
-ssl_conf = 197-version-negotiation-ssl
-
-[197-version-negotiation-ssl]
-server = 197-version-negotiation-server
-client = 197-version-negotiation-client
-
-[197-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[197-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-197]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[198-version-negotiation]
-ssl_conf = 198-version-negotiation-ssl
-
-[198-version-negotiation-ssl]
-server = 198-version-negotiation-server
-client = 198-version-negotiation-client
-
-[198-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[198-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-198]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[199-version-negotiation]
-ssl_conf = 199-version-negotiation-ssl
-
-[199-version-negotiation-ssl]
-server = 199-version-negotiation-server
-client = 199-version-negotiation-client
-
-[199-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[199-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-199]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[200-version-negotiation]
-ssl_conf = 200-version-negotiation-ssl
-
-[200-version-negotiation-ssl]
-server = 200-version-negotiation-server
-client = 200-version-negotiation-client
-
-[200-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[200-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-200]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[201-version-negotiation]
-ssl_conf = 201-version-negotiation-ssl
-
-[201-version-negotiation-ssl]
-server = 201-version-negotiation-server
-client = 201-version-negotiation-client
-
-[201-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[201-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-201]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[202-version-negotiation]
-ssl_conf = 202-version-negotiation-ssl
-
-[202-version-negotiation-ssl]
-server = 202-version-negotiation-server
-client = 202-version-negotiation-client
-
-[202-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[202-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-202]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[203-version-negotiation]
-ssl_conf = 203-version-negotiation-ssl
-
-[203-version-negotiation-ssl]
-server = 203-version-negotiation-server
-client = 203-version-negotiation-client
-
-[203-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[203-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-203]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[204-version-negotiation]
-ssl_conf = 204-version-negotiation-ssl
-
-[204-version-negotiation-ssl]
-server = 204-version-negotiation-server
-client = 204-version-negotiation-client
-
-[204-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[204-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-204]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[205-version-negotiation]
-ssl_conf = 205-version-negotiation-ssl
-
-[205-version-negotiation-ssl]
-server = 205-version-negotiation-server
-client = 205-version-negotiation-client
-
-[205-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[205-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-205]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[206-version-negotiation]
-ssl_conf = 206-version-negotiation-ssl
-
-[206-version-negotiation-ssl]
-server = 206-version-negotiation-server
-client = 206-version-negotiation-client
-
-[206-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[206-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-206]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[207-version-negotiation]
-ssl_conf = 207-version-negotiation-ssl
-
-[207-version-negotiation-ssl]
-server = 207-version-negotiation-server
-client = 207-version-negotiation-client
-
-[207-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[207-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-207]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[208-version-negotiation]
-ssl_conf = 208-version-negotiation-ssl
-
-[208-version-negotiation-ssl]
-server = 208-version-negotiation-server
-client = 208-version-negotiation-client
-
-[208-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[208-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-208]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[209-version-negotiation]
-ssl_conf = 209-version-negotiation-ssl
-
-[209-version-negotiation-ssl]
-server = 209-version-negotiation-server
-client = 209-version-negotiation-client
-
-[209-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[209-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-209]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[210-version-negotiation]
-ssl_conf = 210-version-negotiation-ssl
-
-[210-version-negotiation-ssl]
-server = 210-version-negotiation-server
-client = 210-version-negotiation-client
-
-[210-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[210-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-210]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[211-version-negotiation]
-ssl_conf = 211-version-negotiation-ssl
-
-[211-version-negotiation-ssl]
-server = 211-version-negotiation-server
-client = 211-version-negotiation-client
-
-[211-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[211-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-211]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[212-version-negotiation]
-ssl_conf = 212-version-negotiation-ssl
-
-[212-version-negotiation-ssl]
-server = 212-version-negotiation-server
-client = 212-version-negotiation-client
-
-[212-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[212-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-212]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[213-version-negotiation]
-ssl_conf = 213-version-negotiation-ssl
-
-[213-version-negotiation-ssl]
-server = 213-version-negotiation-server
-client = 213-version-negotiation-client
-
-[213-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[213-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-213]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[214-version-negotiation]
-ssl_conf = 214-version-negotiation-ssl
-
-[214-version-negotiation-ssl]
-server = 214-version-negotiation-server
-client = 214-version-negotiation-client
-
-[214-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[214-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-214]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[215-version-negotiation]
-ssl_conf = 215-version-negotiation-ssl
-
-[215-version-negotiation-ssl]
-server = 215-version-negotiation-server
-client = 215-version-negotiation-client
-
-[215-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[215-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-215]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[216-version-negotiation]
-ssl_conf = 216-version-negotiation-ssl
-
-[216-version-negotiation-ssl]
-server = 216-version-negotiation-server
-client = 216-version-negotiation-client
-
-[216-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[216-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-216]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[217-version-negotiation]
-ssl_conf = 217-version-negotiation-ssl
-
-[217-version-negotiation-ssl]
-server = 217-version-negotiation-server
-client = 217-version-negotiation-client
-
-[217-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[217-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-217]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[218-version-negotiation]
-ssl_conf = 218-version-negotiation-ssl
-
-[218-version-negotiation-ssl]
-server = 218-version-negotiation-server
-client = 218-version-negotiation-client
-
-[218-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[218-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-218]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[219-version-negotiation]
-ssl_conf = 219-version-negotiation-ssl
-
-[219-version-negotiation-ssl]
-server = 219-version-negotiation-server
-client = 219-version-negotiation-client
-
-[219-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[219-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-219]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[220-version-negotiation]
-ssl_conf = 220-version-negotiation-ssl
-
-[220-version-negotiation-ssl]
-server = 220-version-negotiation-server
-client = 220-version-negotiation-client
-
-[220-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[220-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-220]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[221-version-negotiation]
-ssl_conf = 221-version-negotiation-ssl
-
-[221-version-negotiation-ssl]
-server = 221-version-negotiation-server
-client = 221-version-negotiation-client
-
-[221-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[221-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-221]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[222-version-negotiation]
-ssl_conf = 222-version-negotiation-ssl
-
-[222-version-negotiation-ssl]
-server = 222-version-negotiation-server
-client = 222-version-negotiation-client
-
-[222-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[222-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-222]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[223-version-negotiation]
-ssl_conf = 223-version-negotiation-ssl
-
-[223-version-negotiation-ssl]
-server = 223-version-negotiation-server
-client = 223-version-negotiation-client
-
-[223-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[223-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-223]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[224-version-negotiation]
-ssl_conf = 224-version-negotiation-ssl
-
-[224-version-negotiation-ssl]
-server = 224-version-negotiation-server
-client = 224-version-negotiation-client
-
-[224-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[224-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-224]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[225-version-negotiation]
-ssl_conf = 225-version-negotiation-ssl
-
-[225-version-negotiation-ssl]
-server = 225-version-negotiation-server
-client = 225-version-negotiation-client
-
-[225-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[225-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-225]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[226-version-negotiation]
-ssl_conf = 226-version-negotiation-ssl
-
-[226-version-negotiation-ssl]
-server = 226-version-negotiation-server
-client = 226-version-negotiation-client
-
-[226-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[226-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-226]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[227-version-negotiation]
-ssl_conf = 227-version-negotiation-ssl
-
-[227-version-negotiation-ssl]
-server = 227-version-negotiation-server
-client = 227-version-negotiation-client
-
-[227-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[227-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-227]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[228-version-negotiation]
-ssl_conf = 228-version-negotiation-ssl
-
-[228-version-negotiation-ssl]
-server = 228-version-negotiation-server
-client = 228-version-negotiation-client
-
-[228-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[228-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-228]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[229-version-negotiation]
-ssl_conf = 229-version-negotiation-ssl
-
-[229-version-negotiation-ssl]
-server = 229-version-negotiation-server
-client = 229-version-negotiation-client
-
-[229-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[229-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-229]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[230-version-negotiation]
-ssl_conf = 230-version-negotiation-ssl
-
-[230-version-negotiation-ssl]
-server = 230-version-negotiation-server
-client = 230-version-negotiation-client
-
-[230-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[230-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-230]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[231-version-negotiation]
-ssl_conf = 231-version-negotiation-ssl
-
-[231-version-negotiation-ssl]
-server = 231-version-negotiation-server
-client = 231-version-negotiation-client
-
-[231-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[231-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-231]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[232-version-negotiation]
-ssl_conf = 232-version-negotiation-ssl
-
-[232-version-negotiation-ssl]
-server = 232-version-negotiation-server
-client = 232-version-negotiation-client
-
-[232-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[232-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-232]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[233-version-negotiation]
-ssl_conf = 233-version-negotiation-ssl
-
-[233-version-negotiation-ssl]
-server = 233-version-negotiation-server
-client = 233-version-negotiation-client
-
-[233-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[233-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-233]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[234-version-negotiation]
-ssl_conf = 234-version-negotiation-ssl
-
-[234-version-negotiation-ssl]
-server = 234-version-negotiation-server
-client = 234-version-negotiation-client
-
-[234-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[234-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-234]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[235-version-negotiation]
-ssl_conf = 235-version-negotiation-ssl
-
-[235-version-negotiation-ssl]
-server = 235-version-negotiation-server
-client = 235-version-negotiation-client
-
-[235-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[235-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-235]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[236-version-negotiation]
-ssl_conf = 236-version-negotiation-ssl
-
-[236-version-negotiation-ssl]
-server = 236-version-negotiation-server
-client = 236-version-negotiation-client
-
-[236-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[236-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-236]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[237-version-negotiation]
-ssl_conf = 237-version-negotiation-ssl
-
-[237-version-negotiation-ssl]
-server = 237-version-negotiation-server
-client = 237-version-negotiation-client
-
-[237-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[237-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-237]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[238-version-negotiation]
-ssl_conf = 238-version-negotiation-ssl
-
-[238-version-negotiation-ssl]
-server = 238-version-negotiation-server
-client = 238-version-negotiation-client
-
-[238-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[238-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-238]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[239-version-negotiation]
-ssl_conf = 239-version-negotiation-ssl
-
-[239-version-negotiation-ssl]
-server = 239-version-negotiation-server
-client = 239-version-negotiation-client
-
-[239-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[239-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-239]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[240-version-negotiation]
-ssl_conf = 240-version-negotiation-ssl
-
-[240-version-negotiation-ssl]
-server = 240-version-negotiation-server
-client = 240-version-negotiation-client
-
-[240-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[240-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-240]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[241-version-negotiation]
-ssl_conf = 241-version-negotiation-ssl
-
-[241-version-negotiation-ssl]
-server = 241-version-negotiation-server
-client = 241-version-negotiation-client
-
-[241-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[241-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-241]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[242-version-negotiation]
-ssl_conf = 242-version-negotiation-ssl
-
-[242-version-negotiation-ssl]
-server = 242-version-negotiation-server
-client = 242-version-negotiation-client
-
-[242-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[242-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-242]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[243-version-negotiation]
-ssl_conf = 243-version-negotiation-ssl
-
-[243-version-negotiation-ssl]
-server = 243-version-negotiation-server
-client = 243-version-negotiation-client
-
-[243-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[243-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-243]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[244-version-negotiation]
-ssl_conf = 244-version-negotiation-ssl
-
-[244-version-negotiation-ssl]
-server = 244-version-negotiation-server
-client = 244-version-negotiation-client
-
-[244-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[244-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-244]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[245-version-negotiation]
-ssl_conf = 245-version-negotiation-ssl
-
-[245-version-negotiation-ssl]
-server = 245-version-negotiation-server
-client = 245-version-negotiation-client
-
-[245-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[245-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-245]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[246-version-negotiation]
-ssl_conf = 246-version-negotiation-ssl
-
-[246-version-negotiation-ssl]
-server = 246-version-negotiation-server
-client = 246-version-negotiation-client
-
-[246-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[246-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-246]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[247-version-negotiation]
-ssl_conf = 247-version-negotiation-ssl
-
-[247-version-negotiation-ssl]
-server = 247-version-negotiation-server
-client = 247-version-negotiation-client
-
-[247-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[247-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-247]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[248-version-negotiation]
-ssl_conf = 248-version-negotiation-ssl
-
-[248-version-negotiation-ssl]
-server = 248-version-negotiation-server
-client = 248-version-negotiation-client
-
-[248-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[248-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-248]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[249-version-negotiation]
-ssl_conf = 249-version-negotiation-ssl
-
-[249-version-negotiation-ssl]
-server = 249-version-negotiation-server
-client = 249-version-negotiation-client
-
-[249-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[249-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-249]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[250-version-negotiation]
-ssl_conf = 250-version-negotiation-ssl
-
-[250-version-negotiation-ssl]
-server = 250-version-negotiation-server
-client = 250-version-negotiation-client
-
-[250-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[250-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-250]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[251-version-negotiation]
-ssl_conf = 251-version-negotiation-ssl
-
-[251-version-negotiation-ssl]
-server = 251-version-negotiation-server
-client = 251-version-negotiation-client
-
-[251-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[251-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-251]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[252-version-negotiation]
-ssl_conf = 252-version-negotiation-ssl
-
-[252-version-negotiation-ssl]
-server = 252-version-negotiation-server
-client = 252-version-negotiation-client
-
-[252-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[252-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-252]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[253-version-negotiation]
-ssl_conf = 253-version-negotiation-ssl
-
-[253-version-negotiation-ssl]
-server = 253-version-negotiation-server
-client = 253-version-negotiation-client
-
-[253-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[253-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-253]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[254-version-negotiation]
-ssl_conf = 254-version-negotiation-ssl
-
-[254-version-negotiation-ssl]
-server = 254-version-negotiation-server
-client = 254-version-negotiation-client
-
-[254-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[254-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-254]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[255-version-negotiation]
-ssl_conf = 255-version-negotiation-ssl
-
-[255-version-negotiation-ssl]
-server = 255-version-negotiation-server
-client = 255-version-negotiation-client
-
-[255-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[255-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-255]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[256-version-negotiation]
-ssl_conf = 256-version-negotiation-ssl
-
-[256-version-negotiation-ssl]
-server = 256-version-negotiation-server
-client = 256-version-negotiation-client
-
-[256-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[256-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-256]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[257-version-negotiation]
-ssl_conf = 257-version-negotiation-ssl
-
-[257-version-negotiation-ssl]
-server = 257-version-negotiation-server
-client = 257-version-negotiation-client
-
-[257-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[257-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-257]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[258-version-negotiation]
-ssl_conf = 258-version-negotiation-ssl
-
-[258-version-negotiation-ssl]
-server = 258-version-negotiation-server
-client = 258-version-negotiation-client
-
-[258-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[258-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-258]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[259-version-negotiation]
-ssl_conf = 259-version-negotiation-ssl
-
-[259-version-negotiation-ssl]
-server = 259-version-negotiation-server
-client = 259-version-negotiation-client
-
-[259-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[259-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-259]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[260-version-negotiation]
-ssl_conf = 260-version-negotiation-ssl
-
-[260-version-negotiation-ssl]
-server = 260-version-negotiation-server
-client = 260-version-negotiation-client
-
-[260-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[260-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-260]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[261-version-negotiation]
-ssl_conf = 261-version-negotiation-ssl
-
-[261-version-negotiation-ssl]
-server = 261-version-negotiation-server
-client = 261-version-negotiation-client
-
-[261-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[261-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-261]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[262-version-negotiation]
-ssl_conf = 262-version-negotiation-ssl
-
-[262-version-negotiation-ssl]
-server = 262-version-negotiation-server
-client = 262-version-negotiation-client
-
-[262-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[262-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-262]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[263-version-negotiation]
-ssl_conf = 263-version-negotiation-ssl
-
-[263-version-negotiation-ssl]
-server = 263-version-negotiation-server
-client = 263-version-negotiation-client
-
-[263-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[263-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-263]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[264-version-negotiation]
-ssl_conf = 264-version-negotiation-ssl
-
-[264-version-negotiation-ssl]
-server = 264-version-negotiation-server
-client = 264-version-negotiation-client
-
-[264-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[264-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-264]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[265-version-negotiation]
-ssl_conf = 265-version-negotiation-ssl
-
-[265-version-negotiation-ssl]
-server = 265-version-negotiation-server
-client = 265-version-negotiation-client
-
-[265-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[265-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-265]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[266-version-negotiation]
-ssl_conf = 266-version-negotiation-ssl
-
-[266-version-negotiation-ssl]
-server = 266-version-negotiation-server
-client = 266-version-negotiation-client
-
-[266-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[266-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-266]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[267-version-negotiation]
-ssl_conf = 267-version-negotiation-ssl
-
-[267-version-negotiation-ssl]
-server = 267-version-negotiation-server
-client = 267-version-negotiation-client
-
-[267-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[267-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-267]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[268-version-negotiation]
-ssl_conf = 268-version-negotiation-ssl
-
-[268-version-negotiation-ssl]
-server = 268-version-negotiation-server
-client = 268-version-negotiation-client
-
-[268-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[268-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-268]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[269-version-negotiation]
-ssl_conf = 269-version-negotiation-ssl
-
-[269-version-negotiation-ssl]
-server = 269-version-negotiation-server
-client = 269-version-negotiation-client
-
-[269-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[269-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-269]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[270-version-negotiation]
-ssl_conf = 270-version-negotiation-ssl
-
-[270-version-negotiation-ssl]
-server = 270-version-negotiation-server
-client = 270-version-negotiation-client
-
-[270-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[270-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-270]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[271-version-negotiation]
-ssl_conf = 271-version-negotiation-ssl
-
-[271-version-negotiation-ssl]
-server = 271-version-negotiation-server
-client = 271-version-negotiation-client
-
-[271-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[271-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-271]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[272-version-negotiation]
-ssl_conf = 272-version-negotiation-ssl
-
-[272-version-negotiation-ssl]
-server = 272-version-negotiation-server
-client = 272-version-negotiation-client
-
-[272-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[272-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-272]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[273-version-negotiation]
-ssl_conf = 273-version-negotiation-ssl
-
-[273-version-negotiation-ssl]
-server = 273-version-negotiation-server
-client = 273-version-negotiation-client
-
-[273-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[273-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-273]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[274-version-negotiation]
-ssl_conf = 274-version-negotiation-ssl
-
-[274-version-negotiation-ssl]
-server = 274-version-negotiation-server
-client = 274-version-negotiation-client
-
-[274-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[274-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-274]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[275-version-negotiation]
-ssl_conf = 275-version-negotiation-ssl
-
-[275-version-negotiation-ssl]
-server = 275-version-negotiation-server
-client = 275-version-negotiation-client
-
-[275-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[275-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-275]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[276-version-negotiation]
-ssl_conf = 276-version-negotiation-ssl
-
-[276-version-negotiation-ssl]
-server = 276-version-negotiation-server
-client = 276-version-negotiation-client
-
-[276-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[276-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-276]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[277-version-negotiation]
-ssl_conf = 277-version-negotiation-ssl
-
-[277-version-negotiation-ssl]
-server = 277-version-negotiation-server
-client = 277-version-negotiation-client
-
-[277-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[277-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-277]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[278-version-negotiation]
-ssl_conf = 278-version-negotiation-ssl
-
-[278-version-negotiation-ssl]
-server = 278-version-negotiation-server
-client = 278-version-negotiation-client
-
-[278-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[278-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-278]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[279-version-negotiation]
-ssl_conf = 279-version-negotiation-ssl
-
-[279-version-negotiation-ssl]
-server = 279-version-negotiation-server
-client = 279-version-negotiation-client
-
-[279-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[279-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-279]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[280-version-negotiation]
-ssl_conf = 280-version-negotiation-ssl
-
-[280-version-negotiation-ssl]
-server = 280-version-negotiation-server
-client = 280-version-negotiation-client
-
-[280-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[280-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-280]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[281-version-negotiation]
-ssl_conf = 281-version-negotiation-ssl
-
-[281-version-negotiation-ssl]
-server = 281-version-negotiation-server
-client = 281-version-negotiation-client
-
-[281-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[281-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-281]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[282-version-negotiation]
-ssl_conf = 282-version-negotiation-ssl
-
-[282-version-negotiation-ssl]
-server = 282-version-negotiation-server
-client = 282-version-negotiation-client
-
-[282-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[282-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-282]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[283-version-negotiation]
-ssl_conf = 283-version-negotiation-ssl
-
-[283-version-negotiation-ssl]
-server = 283-version-negotiation-server
-client = 283-version-negotiation-client
-
-[283-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[283-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-283]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[284-version-negotiation]
-ssl_conf = 284-version-negotiation-ssl
-
-[284-version-negotiation-ssl]
-server = 284-version-negotiation-server
-client = 284-version-negotiation-client
-
-[284-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[284-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-284]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[285-version-negotiation]
-ssl_conf = 285-version-negotiation-ssl
-
-[285-version-negotiation-ssl]
-server = 285-version-negotiation-server
-client = 285-version-negotiation-client
-
-[285-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[285-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-285]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[286-version-negotiation]
-ssl_conf = 286-version-negotiation-ssl
-
-[286-version-negotiation-ssl]
-server = 286-version-negotiation-server
-client = 286-version-negotiation-client
-
-[286-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[286-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-286]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[287-version-negotiation]
-ssl_conf = 287-version-negotiation-ssl
-
-[287-version-negotiation-ssl]
-server = 287-version-negotiation-server
-client = 287-version-negotiation-client
-
-[287-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[287-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-287]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[288-version-negotiation]
-ssl_conf = 288-version-negotiation-ssl
-
-[288-version-negotiation-ssl]
-server = 288-version-negotiation-server
-client = 288-version-negotiation-client
-
-[288-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[288-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-288]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[289-version-negotiation]
-ssl_conf = 289-version-negotiation-ssl
-
-[289-version-negotiation-ssl]
-server = 289-version-negotiation-server
-client = 289-version-negotiation-client
-
-[289-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[289-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-289]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[290-version-negotiation]
-ssl_conf = 290-version-negotiation-ssl
-
-[290-version-negotiation-ssl]
-server = 290-version-negotiation-server
-client = 290-version-negotiation-client
-
-[290-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[290-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-290]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[291-version-negotiation]
-ssl_conf = 291-version-negotiation-ssl
-
-[291-version-negotiation-ssl]
-server = 291-version-negotiation-server
-client = 291-version-negotiation-client
-
-[291-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[291-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-291]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[292-version-negotiation]
-ssl_conf = 292-version-negotiation-ssl
-
-[292-version-negotiation-ssl]
-server = 292-version-negotiation-server
-client = 292-version-negotiation-client
-
-[292-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[292-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-292]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[293-version-negotiation]
-ssl_conf = 293-version-negotiation-ssl
-
-[293-version-negotiation-ssl]
-server = 293-version-negotiation-server
-client = 293-version-negotiation-client
-
-[293-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[293-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-293]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[294-version-negotiation]
-ssl_conf = 294-version-negotiation-ssl
-
-[294-version-negotiation-ssl]
-server = 294-version-negotiation-server
-client = 294-version-negotiation-client
-
-[294-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[294-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-294]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[295-version-negotiation]
-ssl_conf = 295-version-negotiation-ssl
-
-[295-version-negotiation-ssl]
-server = 295-version-negotiation-server
-client = 295-version-negotiation-client
-
-[295-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[295-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-295]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[296-version-negotiation]
-ssl_conf = 296-version-negotiation-ssl
-
-[296-version-negotiation-ssl]
-server = 296-version-negotiation-server
-client = 296-version-negotiation-client
-
-[296-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[296-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-296]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[297-version-negotiation]
-ssl_conf = 297-version-negotiation-ssl
-
-[297-version-negotiation-ssl]
-server = 297-version-negotiation-server
-client = 297-version-negotiation-client
-
-[297-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[297-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-297]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[298-version-negotiation]
-ssl_conf = 298-version-negotiation-ssl
-
-[298-version-negotiation-ssl]
-server = 298-version-negotiation-server
-client = 298-version-negotiation-client
-
-[298-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[298-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-298]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[299-version-negotiation]
-ssl_conf = 299-version-negotiation-ssl
-
-[299-version-negotiation-ssl]
-server = 299-version-negotiation-server
-client = 299-version-negotiation-client
-
-[299-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[299-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-299]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[300-version-negotiation]
-ssl_conf = 300-version-negotiation-ssl
-
-[300-version-negotiation-ssl]
-server = 300-version-negotiation-server
-client = 300-version-negotiation-client
-
-[300-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[300-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-300]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[301-version-negotiation]
-ssl_conf = 301-version-negotiation-ssl
-
-[301-version-negotiation-ssl]
-server = 301-version-negotiation-server
-client = 301-version-negotiation-client
-
-[301-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[301-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-301]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[302-version-negotiation]
-ssl_conf = 302-version-negotiation-ssl
-
-[302-version-negotiation-ssl]
-server = 302-version-negotiation-server
-client = 302-version-negotiation-client
-
-[302-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[302-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-302]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[303-version-negotiation]
-ssl_conf = 303-version-negotiation-ssl
-
-[303-version-negotiation-ssl]
-server = 303-version-negotiation-server
-client = 303-version-negotiation-client
-
-[303-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[303-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-303]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[304-version-negotiation]
-ssl_conf = 304-version-negotiation-ssl
-
-[304-version-negotiation-ssl]
-server = 304-version-negotiation-server
-client = 304-version-negotiation-client
-
-[304-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[304-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-304]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[305-version-negotiation]
-ssl_conf = 305-version-negotiation-ssl
-
-[305-version-negotiation-ssl]
-server = 305-version-negotiation-server
-client = 305-version-negotiation-client
-
-[305-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[305-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-305]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[306-version-negotiation]
-ssl_conf = 306-version-negotiation-ssl
-
-[306-version-negotiation-ssl]
-server = 306-version-negotiation-server
-client = 306-version-negotiation-client
-
-[306-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[306-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-306]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[307-version-negotiation]
-ssl_conf = 307-version-negotiation-ssl
-
-[307-version-negotiation-ssl]
-server = 307-version-negotiation-server
-client = 307-version-negotiation-client
-
-[307-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[307-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-307]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[308-version-negotiation]
-ssl_conf = 308-version-negotiation-ssl
-
-[308-version-negotiation-ssl]
-server = 308-version-negotiation-server
-client = 308-version-negotiation-client
-
-[308-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[308-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-308]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[309-version-negotiation]
-ssl_conf = 309-version-negotiation-ssl
-
-[309-version-negotiation-ssl]
-server = 309-version-negotiation-server
-client = 309-version-negotiation-client
-
-[309-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[309-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-309]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[310-version-negotiation]
-ssl_conf = 310-version-negotiation-ssl
-
-[310-version-negotiation-ssl]
-server = 310-version-negotiation-server
-client = 310-version-negotiation-client
-
-[310-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[310-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-310]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[311-version-negotiation]
-ssl_conf = 311-version-negotiation-ssl
-
-[311-version-negotiation-ssl]
-server = 311-version-negotiation-server
-client = 311-version-negotiation-client
-
-[311-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[311-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = SSLv3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-311]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[312-version-negotiation]
-ssl_conf = 312-version-negotiation-ssl
-
-[312-version-negotiation-ssl]
-server = 312-version-negotiation-server
-client = 312-version-negotiation-client
-
-[312-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[312-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-312]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[313-version-negotiation]
-ssl_conf = 313-version-negotiation-ssl
-
-[313-version-negotiation-ssl]
-server = 313-version-negotiation-server
-client = 313-version-negotiation-client
-
-[313-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[313-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-313]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[314-version-negotiation]
-ssl_conf = 314-version-negotiation-ssl
-
-[314-version-negotiation-ssl]
-server = 314-version-negotiation-server
-client = 314-version-negotiation-client
-
-[314-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[314-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-314]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[315-version-negotiation]
-ssl_conf = 315-version-negotiation-ssl
-
-[315-version-negotiation-ssl]
-server = 315-version-negotiation-server
-client = 315-version-negotiation-client
-
-[315-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[315-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-315]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[316-version-negotiation]
-ssl_conf = 316-version-negotiation-ssl
-
-[316-version-negotiation-ssl]
-server = 316-version-negotiation-server
-client = 316-version-negotiation-client
-
-[316-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[316-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-316]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[317-version-negotiation]
-ssl_conf = 317-version-negotiation-ssl
-
-[317-version-negotiation-ssl]
-server = 317-version-negotiation-server
-client = 317-version-negotiation-client
-
-[317-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[317-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-317]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[318-version-negotiation]
-ssl_conf = 318-version-negotiation-ssl
-
-[318-version-negotiation-ssl]
-server = 318-version-negotiation-server
-client = 318-version-negotiation-client
-
-[318-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[318-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-318]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[319-version-negotiation]
-ssl_conf = 319-version-negotiation-ssl
-
-[319-version-negotiation-ssl]
-server = 319-version-negotiation-server
-client = 319-version-negotiation-client
-
-[319-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[319-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-319]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[320-version-negotiation]
-ssl_conf = 320-version-negotiation-ssl
-
-[320-version-negotiation-ssl]
-server = 320-version-negotiation-server
-client = 320-version-negotiation-client
-
-[320-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[320-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-320]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[321-version-negotiation]
-ssl_conf = 321-version-negotiation-ssl
-
-[321-version-negotiation-ssl]
-server = 321-version-negotiation-server
-client = 321-version-negotiation-client
-
-[321-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[321-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-321]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[322-version-negotiation]
-ssl_conf = 322-version-negotiation-ssl
-
-[322-version-negotiation-ssl]
-server = 322-version-negotiation-server
-client = 322-version-negotiation-client
-
-[322-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[322-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-322]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[323-version-negotiation]
-ssl_conf = 323-version-negotiation-ssl
-
-[323-version-negotiation-ssl]
-server = 323-version-negotiation-server
-client = 323-version-negotiation-client
-
-[323-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[323-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-323]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[324-version-negotiation]
-ssl_conf = 324-version-negotiation-ssl
-
-[324-version-negotiation-ssl]
-server = 324-version-negotiation-server
-client = 324-version-negotiation-client
-
-[324-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[324-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-324]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[325-version-negotiation]
-ssl_conf = 325-version-negotiation-ssl
-
-[325-version-negotiation-ssl]
-server = 325-version-negotiation-server
-client = 325-version-negotiation-client
-
-[325-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[325-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-325]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[326-version-negotiation]
-ssl_conf = 326-version-negotiation-ssl
-
-[326-version-negotiation-ssl]
-server = 326-version-negotiation-server
-client = 326-version-negotiation-client
-
-[326-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[326-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-326]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[327-version-negotiation]
-ssl_conf = 327-version-negotiation-ssl
-
-[327-version-negotiation-ssl]
-server = 327-version-negotiation-server
-client = 327-version-negotiation-client
-
-[327-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[327-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-327]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[328-version-negotiation]
-ssl_conf = 328-version-negotiation-ssl
-
-[328-version-negotiation-ssl]
-server = 328-version-negotiation-server
-client = 328-version-negotiation-client
-
-[328-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[328-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-328]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[329-version-negotiation]
-ssl_conf = 329-version-negotiation-ssl
-
-[329-version-negotiation-ssl]
-server = 329-version-negotiation-server
-client = 329-version-negotiation-client
-
-[329-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[329-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-329]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[330-version-negotiation]
-ssl_conf = 330-version-negotiation-ssl
-
-[330-version-negotiation-ssl]
-server = 330-version-negotiation-server
-client = 330-version-negotiation-client
-
-[330-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[330-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-330]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[331-version-negotiation]
-ssl_conf = 331-version-negotiation-ssl
-
-[331-version-negotiation-ssl]
-server = 331-version-negotiation-server
-client = 331-version-negotiation-client
-
-[331-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[331-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-331]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[332-version-negotiation]
-ssl_conf = 332-version-negotiation-ssl
-
-[332-version-negotiation-ssl]
-server = 332-version-negotiation-server
-client = 332-version-negotiation-client
-
-[332-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[332-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-332]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[333-version-negotiation]
-ssl_conf = 333-version-negotiation-ssl
-
-[333-version-negotiation-ssl]
-server = 333-version-negotiation-server
-client = 333-version-negotiation-client
-
-[333-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[333-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-333]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[334-version-negotiation]
-ssl_conf = 334-version-negotiation-ssl
-
-[334-version-negotiation-ssl]
-server = 334-version-negotiation-server
-client = 334-version-negotiation-client
-
-[334-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[334-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-334]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[335-version-negotiation]
-ssl_conf = 335-version-negotiation-ssl
-
-[335-version-negotiation-ssl]
-server = 335-version-negotiation-server
-client = 335-version-negotiation-client
-
-[335-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[335-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-335]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[336-version-negotiation]
-ssl_conf = 336-version-negotiation-ssl
-
-[336-version-negotiation-ssl]
-server = 336-version-negotiation-server
-client = 336-version-negotiation-client
-
-[336-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[336-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-336]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[337-version-negotiation]
-ssl_conf = 337-version-negotiation-ssl
-
-[337-version-negotiation-ssl]
-server = 337-version-negotiation-server
-client = 337-version-negotiation-client
-
-[337-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[337-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-337]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[338-version-negotiation]
-ssl_conf = 338-version-negotiation-ssl
-
-[338-version-negotiation-ssl]
-server = 338-version-negotiation-server
-client = 338-version-negotiation-client
-
-[338-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[338-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-338]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[339-version-negotiation]
-ssl_conf = 339-version-negotiation-ssl
-
-[339-version-negotiation-ssl]
-server = 339-version-negotiation-server
-client = 339-version-negotiation-client
-
-[339-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[339-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-339]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[340-version-negotiation]
-ssl_conf = 340-version-negotiation-ssl
-
-[340-version-negotiation-ssl]
-server = 340-version-negotiation-server
-client = 340-version-negotiation-client
-
-[340-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[340-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-340]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[341-version-negotiation]
-ssl_conf = 341-version-negotiation-ssl
-
-[341-version-negotiation-ssl]
-server = 341-version-negotiation-server
-client = 341-version-negotiation-client
-
-[341-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[341-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-341]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[342-version-negotiation]
-ssl_conf = 342-version-negotiation-ssl
-
-[342-version-negotiation-ssl]
-server = 342-version-negotiation-server
-client = 342-version-negotiation-client
-
-[342-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[342-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-342]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[343-version-negotiation]
-ssl_conf = 343-version-negotiation-ssl
-
-[343-version-negotiation-ssl]
-server = 343-version-negotiation-server
-client = 343-version-negotiation-client
-
-[343-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[343-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-343]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[344-version-negotiation]
-ssl_conf = 344-version-negotiation-ssl
-
-[344-version-negotiation-ssl]
-server = 344-version-negotiation-server
-client = 344-version-negotiation-client
-
-[344-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[344-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-344]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[345-version-negotiation]
-ssl_conf = 345-version-negotiation-ssl
-
-[345-version-negotiation-ssl]
-server = 345-version-negotiation-server
-client = 345-version-negotiation-client
-
-[345-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[345-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-345]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[346-version-negotiation]
-ssl_conf = 346-version-negotiation-ssl
-
-[346-version-negotiation-ssl]
-server = 346-version-negotiation-server
-client = 346-version-negotiation-client
-
-[346-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[346-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-346]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[347-version-negotiation]
-ssl_conf = 347-version-negotiation-ssl
-
-[347-version-negotiation-ssl]
-server = 347-version-negotiation-server
-client = 347-version-negotiation-client
-
-[347-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[347-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-347]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[348-version-negotiation]
-ssl_conf = 348-version-negotiation-ssl
-
-[348-version-negotiation-ssl]
-server = 348-version-negotiation-server
-client = 348-version-negotiation-client
-
-[348-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[348-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-348]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[349-version-negotiation]
-ssl_conf = 349-version-negotiation-ssl
-
-[349-version-negotiation-ssl]
-server = 349-version-negotiation-server
-client = 349-version-negotiation-client
-
-[349-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[349-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-349]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[350-version-negotiation]
-ssl_conf = 350-version-negotiation-ssl
-
-[350-version-negotiation-ssl]
-server = 350-version-negotiation-server
-client = 350-version-negotiation-client
-
-[350-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[350-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-350]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[351-version-negotiation]
-ssl_conf = 351-version-negotiation-ssl
-
-[351-version-negotiation-ssl]
-server = 351-version-negotiation-server
-client = 351-version-negotiation-client
-
-[351-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[351-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-351]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[352-version-negotiation]
-ssl_conf = 352-version-negotiation-ssl
-
-[352-version-negotiation-ssl]
-server = 352-version-negotiation-server
-client = 352-version-negotiation-client
-
-[352-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[352-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-352]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[353-version-negotiation]
-ssl_conf = 353-version-negotiation-ssl
-
-[353-version-negotiation-ssl]
-server = 353-version-negotiation-server
-client = 353-version-negotiation-client
-
-[353-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[353-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-353]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[354-version-negotiation]
-ssl_conf = 354-version-negotiation-ssl
-
-[354-version-negotiation-ssl]
-server = 354-version-negotiation-server
-client = 354-version-negotiation-client
-
-[354-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[354-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-354]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[355-version-negotiation]
-ssl_conf = 355-version-negotiation-ssl
-
-[355-version-negotiation-ssl]
-server = 355-version-negotiation-server
-client = 355-version-negotiation-client
-
-[355-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[355-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-355]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[356-version-negotiation]
-ssl_conf = 356-version-negotiation-ssl
-
-[356-version-negotiation-ssl]
-server = 356-version-negotiation-server
-client = 356-version-negotiation-client
-
-[356-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[356-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-356]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[357-version-negotiation]
-ssl_conf = 357-version-negotiation-ssl
-
-[357-version-negotiation-ssl]
-server = 357-version-negotiation-server
-client = 357-version-negotiation-client
-
-[357-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[357-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-357]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[358-version-negotiation]
-ssl_conf = 358-version-negotiation-ssl
-
-[358-version-negotiation-ssl]
-server = 358-version-negotiation-server
-client = 358-version-negotiation-client
-
-[358-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[358-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-358]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[359-version-negotiation]
-ssl_conf = 359-version-negotiation-ssl
-
-[359-version-negotiation-ssl]
-server = 359-version-negotiation-server
-client = 359-version-negotiation-client
-
-[359-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[359-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-359]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[360-version-negotiation]
-ssl_conf = 360-version-negotiation-ssl
-
-[360-version-negotiation-ssl]
-server = 360-version-negotiation-server
-client = 360-version-negotiation-client
-
-[360-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[360-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-360]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[361-version-negotiation]
-ssl_conf = 361-version-negotiation-ssl
-
-[361-version-negotiation-ssl]
-server = 361-version-negotiation-server
-client = 361-version-negotiation-client
-
-[361-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[361-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-361]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[362-version-negotiation]
-ssl_conf = 362-version-negotiation-ssl
-
-[362-version-negotiation-ssl]
-server = 362-version-negotiation-server
-client = 362-version-negotiation-client
-
-[362-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[362-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-362]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[363-version-negotiation]
-ssl_conf = 363-version-negotiation-ssl
-
-[363-version-negotiation-ssl]
-server = 363-version-negotiation-server
-client = 363-version-negotiation-client
-
-[363-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[363-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-363]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[364-version-negotiation]
-ssl_conf = 364-version-negotiation-ssl
-
-[364-version-negotiation-ssl]
-server = 364-version-negotiation-server
-client = 364-version-negotiation-client
-
-[364-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[364-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-364]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[365-version-negotiation]
-ssl_conf = 365-version-negotiation-ssl
-
-[365-version-negotiation-ssl]
-server = 365-version-negotiation-server
-client = 365-version-negotiation-client
-
-[365-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[365-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-365]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[366-version-negotiation]
-ssl_conf = 366-version-negotiation-ssl
-
-[366-version-negotiation-ssl]
-server = 366-version-negotiation-server
-client = 366-version-negotiation-client
-
-[366-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[366-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-366]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[367-version-negotiation]
-ssl_conf = 367-version-negotiation-ssl
-
-[367-version-negotiation-ssl]
-server = 367-version-negotiation-server
-client = 367-version-negotiation-client
-
-[367-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[367-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-367]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[368-version-negotiation]
-ssl_conf = 368-version-negotiation-ssl
-
-[368-version-negotiation-ssl]
-server = 368-version-negotiation-server
-client = 368-version-negotiation-client
-
-[368-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[368-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-368]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[369-version-negotiation]
-ssl_conf = 369-version-negotiation-ssl
-
-[369-version-negotiation-ssl]
-server = 369-version-negotiation-server
-client = 369-version-negotiation-client
-
-[369-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[369-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-369]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[370-version-negotiation]
-ssl_conf = 370-version-negotiation-ssl
-
-[370-version-negotiation-ssl]
-server = 370-version-negotiation-server
-client = 370-version-negotiation-client
-
-[370-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[370-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-370]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[371-version-negotiation]
-ssl_conf = 371-version-negotiation-ssl
-
-[371-version-negotiation-ssl]
-server = 371-version-negotiation-server
-client = 371-version-negotiation-client
-
-[371-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[371-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-371]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[372-version-negotiation]
-ssl_conf = 372-version-negotiation-ssl
-
-[372-version-negotiation-ssl]
-server = 372-version-negotiation-server
-client = 372-version-negotiation-client
-
-[372-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[372-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-372]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[373-version-negotiation]
-ssl_conf = 373-version-negotiation-ssl
-
-[373-version-negotiation-ssl]
-server = 373-version-negotiation-server
-client = 373-version-negotiation-client
-
-[373-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[373-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-373]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[374-version-negotiation]
-ssl_conf = 374-version-negotiation-ssl
-
-[374-version-negotiation-ssl]
-server = 374-version-negotiation-server
-client = 374-version-negotiation-client
-
-[374-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[374-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-374]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[375-version-negotiation]
-ssl_conf = 375-version-negotiation-ssl
-
-[375-version-negotiation-ssl]
-server = 375-version-negotiation-server
-client = 375-version-negotiation-client
-
-[375-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[375-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-375]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[376-version-negotiation]
-ssl_conf = 376-version-negotiation-ssl
-
-[376-version-negotiation-ssl]
-server = 376-version-negotiation-server
-client = 376-version-negotiation-client
-
-[376-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[376-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-376]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[377-version-negotiation]
-ssl_conf = 377-version-negotiation-ssl
-
-[377-version-negotiation-ssl]
-server = 377-version-negotiation-server
-client = 377-version-negotiation-client
-
-[377-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[377-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-377]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[378-version-negotiation]
-ssl_conf = 378-version-negotiation-ssl
-
-[378-version-negotiation-ssl]
-server = 378-version-negotiation-server
-client = 378-version-negotiation-client
-
-[378-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[378-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-378]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[379-version-negotiation]
-ssl_conf = 379-version-negotiation-ssl
-
-[379-version-negotiation-ssl]
-server = 379-version-negotiation-server
-client = 379-version-negotiation-client
-
-[379-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[379-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-379]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[380-version-negotiation]
-ssl_conf = 380-version-negotiation-ssl
-
-[380-version-negotiation-ssl]
-server = 380-version-negotiation-server
-client = 380-version-negotiation-client
-
-[380-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[380-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-380]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[381-version-negotiation]
-ssl_conf = 381-version-negotiation-ssl
-
-[381-version-negotiation-ssl]
-server = 381-version-negotiation-server
-client = 381-version-negotiation-client
-
-[381-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[381-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-381]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[382-version-negotiation]
-ssl_conf = 382-version-negotiation-ssl
-
-[382-version-negotiation-ssl]
-server = 382-version-negotiation-server
-client = 382-version-negotiation-client
-
-[382-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[382-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-382]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[383-version-negotiation]
-ssl_conf = 383-version-negotiation-ssl
-
-[383-version-negotiation-ssl]
-server = 383-version-negotiation-server
-client = 383-version-negotiation-client
-
-[383-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[383-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-383]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[384-version-negotiation]
-ssl_conf = 384-version-negotiation-ssl
-
-[384-version-negotiation-ssl]
-server = 384-version-negotiation-server
-client = 384-version-negotiation-client
-
-[384-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[384-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-384]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[385-version-negotiation]
-ssl_conf = 385-version-negotiation-ssl
-
-[385-version-negotiation-ssl]
-server = 385-version-negotiation-server
-client = 385-version-negotiation-client
-
-[385-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[385-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-385]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[386-version-negotiation]
-ssl_conf = 386-version-negotiation-ssl
-
-[386-version-negotiation-ssl]
-server = 386-version-negotiation-server
-client = 386-version-negotiation-client
-
-[386-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[386-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-386]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[387-version-negotiation]
-ssl_conf = 387-version-negotiation-ssl
-
-[387-version-negotiation-ssl]
-server = 387-version-negotiation-server
-client = 387-version-negotiation-client
-
-[387-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[387-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-387]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[388-version-negotiation]
-ssl_conf = 388-version-negotiation-ssl
-
-[388-version-negotiation-ssl]
-server = 388-version-negotiation-server
-client = 388-version-negotiation-client
-
-[388-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[388-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-388]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[389-version-negotiation]
-ssl_conf = 389-version-negotiation-ssl
-
-[389-version-negotiation-ssl]
-server = 389-version-negotiation-server
-client = 389-version-negotiation-client
-
-[389-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[389-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-389]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[390-version-negotiation]
-ssl_conf = 390-version-negotiation-ssl
-
-[390-version-negotiation-ssl]
-server = 390-version-negotiation-server
-client = 390-version-negotiation-client
-
-[390-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[390-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-390]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[391-version-negotiation]
-ssl_conf = 391-version-negotiation-ssl
-
-[391-version-negotiation-ssl]
-server = 391-version-negotiation-server
-client = 391-version-negotiation-client
-
-[391-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[391-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-391]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[392-version-negotiation]
-ssl_conf = 392-version-negotiation-ssl
-
-[392-version-negotiation-ssl]
-server = 392-version-negotiation-server
-client = 392-version-negotiation-client
-
-[392-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[392-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-392]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[393-version-negotiation]
-ssl_conf = 393-version-negotiation-ssl
-
-[393-version-negotiation-ssl]
-server = 393-version-negotiation-server
-client = 393-version-negotiation-client
-
-[393-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[393-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-393]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[394-version-negotiation]
-ssl_conf = 394-version-negotiation-ssl
-
-[394-version-negotiation-ssl]
-server = 394-version-negotiation-server
-client = 394-version-negotiation-client
-
-[394-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[394-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-394]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[395-version-negotiation]
-ssl_conf = 395-version-negotiation-ssl
-
-[395-version-negotiation-ssl]
-server = 395-version-negotiation-server
-client = 395-version-negotiation-client
-
-[395-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[395-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-395]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[396-version-negotiation]
-ssl_conf = 396-version-negotiation-ssl
-
-[396-version-negotiation-ssl]
-server = 396-version-negotiation-server
-client = 396-version-negotiation-client
-
-[396-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[396-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-396]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[397-version-negotiation]
-ssl_conf = 397-version-negotiation-ssl
-
-[397-version-negotiation-ssl]
-server = 397-version-negotiation-server
-client = 397-version-negotiation-client
-
-[397-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[397-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-397]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[398-version-negotiation]
-ssl_conf = 398-version-negotiation-ssl
-
-[398-version-negotiation-ssl]
-server = 398-version-negotiation-server
-client = 398-version-negotiation-client
-
-[398-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[398-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-398]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[399-version-negotiation]
-ssl_conf = 399-version-negotiation-ssl
-
-[399-version-negotiation-ssl]
-server = 399-version-negotiation-server
-client = 399-version-negotiation-client
-
-[399-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[399-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-399]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[400-version-negotiation]
-ssl_conf = 400-version-negotiation-ssl
-
-[400-version-negotiation-ssl]
-server = 400-version-negotiation-server
-client = 400-version-negotiation-client
-
-[400-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[400-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-400]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[401-version-negotiation]
-ssl_conf = 401-version-negotiation-ssl
-
-[401-version-negotiation-ssl]
-server = 401-version-negotiation-server
-client = 401-version-negotiation-client
-
-[401-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[401-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-401]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[402-version-negotiation]
-ssl_conf = 402-version-negotiation-ssl
-
-[402-version-negotiation-ssl]
-server = 402-version-negotiation-server
-client = 402-version-negotiation-client
-
-[402-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[402-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-402]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[403-version-negotiation]
-ssl_conf = 403-version-negotiation-ssl
-
-[403-version-negotiation-ssl]
-server = 403-version-negotiation-server
-client = 403-version-negotiation-client
-
-[403-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[403-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-403]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[404-version-negotiation]
-ssl_conf = 404-version-negotiation-ssl
-
-[404-version-negotiation-ssl]
-server = 404-version-negotiation-server
-client = 404-version-negotiation-client
-
-[404-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[404-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-404]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[405-version-negotiation]
-ssl_conf = 405-version-negotiation-ssl
-
-[405-version-negotiation-ssl]
-server = 405-version-negotiation-server
-client = 405-version-negotiation-client
-
-[405-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[405-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-405]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[406-version-negotiation]
-ssl_conf = 406-version-negotiation-ssl
-
-[406-version-negotiation-ssl]
-server = 406-version-negotiation-server
-client = 406-version-negotiation-client
-
-[406-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[406-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-406]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[407-version-negotiation]
-ssl_conf = 407-version-negotiation-ssl
-
-[407-version-negotiation-ssl]
-server = 407-version-negotiation-server
-client = 407-version-negotiation-client
-
-[407-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[407-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-407]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[408-version-negotiation]
-ssl_conf = 408-version-negotiation-ssl
-
-[408-version-negotiation-ssl]
-server = 408-version-negotiation-server
-client = 408-version-negotiation-client
-
-[408-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[408-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-408]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[409-version-negotiation]
-ssl_conf = 409-version-negotiation-ssl
-
-[409-version-negotiation-ssl]
-server = 409-version-negotiation-server
-client = 409-version-negotiation-client
-
-[409-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[409-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-409]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[410-version-negotiation]
-ssl_conf = 410-version-negotiation-ssl
-
-[410-version-negotiation-ssl]
-server = 410-version-negotiation-server
-client = 410-version-negotiation-client
-
-[410-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[410-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-410]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[411-version-negotiation]
-ssl_conf = 411-version-negotiation-ssl
-
-[411-version-negotiation-ssl]
-server = 411-version-negotiation-server
-client = 411-version-negotiation-client
-
-[411-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[411-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-411]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[412-version-negotiation]
-ssl_conf = 412-version-negotiation-ssl
-
-[412-version-negotiation-ssl]
-server = 412-version-negotiation-server
-client = 412-version-negotiation-client
-
-[412-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[412-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-412]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[413-version-negotiation]
-ssl_conf = 413-version-negotiation-ssl
-
-[413-version-negotiation-ssl]
-server = 413-version-negotiation-server
-client = 413-version-negotiation-client
-
-[413-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[413-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-413]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[414-version-negotiation]
-ssl_conf = 414-version-negotiation-ssl
-
-[414-version-negotiation-ssl]
-server = 414-version-negotiation-server
-client = 414-version-negotiation-client
-
-[414-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[414-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-414]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[415-version-negotiation]
-ssl_conf = 415-version-negotiation-ssl
-
-[415-version-negotiation-ssl]
-server = 415-version-negotiation-server
-client = 415-version-negotiation-client
-
-[415-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[415-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-415]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[416-version-negotiation]
-ssl_conf = 416-version-negotiation-ssl
-
-[416-version-negotiation-ssl]
-server = 416-version-negotiation-server
-client = 416-version-negotiation-client
-
-[416-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[416-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-416]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[417-version-negotiation]
-ssl_conf = 417-version-negotiation-ssl
-
-[417-version-negotiation-ssl]
-server = 417-version-negotiation-server
-client = 417-version-negotiation-client
-
-[417-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[417-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-417]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[418-version-negotiation]
-ssl_conf = 418-version-negotiation-ssl
-
-[418-version-negotiation-ssl]
-server = 418-version-negotiation-server
-client = 418-version-negotiation-client
-
-[418-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[418-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-418]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[419-version-negotiation]
-ssl_conf = 419-version-negotiation-ssl
-
-[419-version-negotiation-ssl]
-server = 419-version-negotiation-server
-client = 419-version-negotiation-client
-
-[419-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[419-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-419]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[420-version-negotiation]
-ssl_conf = 420-version-negotiation-ssl
-
-[420-version-negotiation-ssl]
-server = 420-version-negotiation-server
-client = 420-version-negotiation-client
-
-[420-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[420-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-420]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[421-version-negotiation]
-ssl_conf = 421-version-negotiation-ssl
-
-[421-version-negotiation-ssl]
-server = 421-version-negotiation-server
-client = 421-version-negotiation-client
-
-[421-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[421-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-421]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[422-version-negotiation]
-ssl_conf = 422-version-negotiation-ssl
-
-[422-version-negotiation-ssl]
-server = 422-version-negotiation-server
-client = 422-version-negotiation-client
-
-[422-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[422-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-422]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[423-version-negotiation]
-ssl_conf = 423-version-negotiation-ssl
-
-[423-version-negotiation-ssl]
-server = 423-version-negotiation-server
-client = 423-version-negotiation-client
-
-[423-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[423-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-423]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[424-version-negotiation]
-ssl_conf = 424-version-negotiation-ssl
-
-[424-version-negotiation-ssl]
-server = 424-version-negotiation-server
-client = 424-version-negotiation-client
-
-[424-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[424-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-424]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[425-version-negotiation]
-ssl_conf = 425-version-negotiation-ssl
-
-[425-version-negotiation-ssl]
-server = 425-version-negotiation-server
-client = 425-version-negotiation-client
-
-[425-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[425-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-425]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[426-version-negotiation]
-ssl_conf = 426-version-negotiation-ssl
-
-[426-version-negotiation-ssl]
-server = 426-version-negotiation-server
-client = 426-version-negotiation-client
-
-[426-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[426-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-426]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[427-version-negotiation]
-ssl_conf = 427-version-negotiation-ssl
-
-[427-version-negotiation-ssl]
-server = 427-version-negotiation-server
-client = 427-version-negotiation-client
-
-[427-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[427-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-427]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[428-version-negotiation]
-ssl_conf = 428-version-negotiation-ssl
-
-[428-version-negotiation-ssl]
-server = 428-version-negotiation-server
-client = 428-version-negotiation-client
-
-[428-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[428-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-428]
-ExpectedProtocol = TLSv1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[429-version-negotiation]
-ssl_conf = 429-version-negotiation-ssl
-
-[429-version-negotiation-ssl]
-server = 429-version-negotiation-server
-client = 429-version-negotiation-client
-
-[429-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[429-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-429]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[430-version-negotiation]
-ssl_conf = 430-version-negotiation-ssl
-
-[430-version-negotiation-ssl]
-server = 430-version-negotiation-server
-client = 430-version-negotiation-client
-
-[430-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[430-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-430]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[431-version-negotiation]
-ssl_conf = 431-version-negotiation-ssl
-
-[431-version-negotiation-ssl]
-server = 431-version-negotiation-server
-client = 431-version-negotiation-client
-
-[431-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[431-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-431]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[432-version-negotiation]
-ssl_conf = 432-version-negotiation-ssl
-
-[432-version-negotiation-ssl]
-server = 432-version-negotiation-server
-client = 432-version-negotiation-client
-
-[432-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[432-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-432]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[433-version-negotiation]
-ssl_conf = 433-version-negotiation-ssl
-
-[433-version-negotiation-ssl]
-server = 433-version-negotiation-server
-client = 433-version-negotiation-client
-
-[433-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[433-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-433]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[434-version-negotiation]
-ssl_conf = 434-version-negotiation-ssl
-
-[434-version-negotiation-ssl]
-server = 434-version-negotiation-server
-client = 434-version-negotiation-client
-
-[434-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[434-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-434]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[435-version-negotiation]
-ssl_conf = 435-version-negotiation-ssl
-
-[435-version-negotiation-ssl]
-server = 435-version-negotiation-server
-client = 435-version-negotiation-client
-
-[435-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[435-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-435]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[436-version-negotiation]
-ssl_conf = 436-version-negotiation-ssl
-
-[436-version-negotiation-ssl]
-server = 436-version-negotiation-server
-client = 436-version-negotiation-client
-
-[436-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[436-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-436]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[437-version-negotiation]
-ssl_conf = 437-version-negotiation-ssl
-
-[437-version-negotiation-ssl]
-server = 437-version-negotiation-server
-client = 437-version-negotiation-client
-
-[437-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[437-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-437]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[438-version-negotiation]
-ssl_conf = 438-version-negotiation-ssl
-
-[438-version-negotiation-ssl]
-server = 438-version-negotiation-server
-client = 438-version-negotiation-client
-
-[438-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[438-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-438]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[439-version-negotiation]
-ssl_conf = 439-version-negotiation-ssl
-
-[439-version-negotiation-ssl]
-server = 439-version-negotiation-server
-client = 439-version-negotiation-client
-
-[439-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[439-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-439]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[440-version-negotiation]
-ssl_conf = 440-version-negotiation-ssl
-
-[440-version-negotiation-ssl]
-server = 440-version-negotiation-server
-client = 440-version-negotiation-client
-
-[440-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[440-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-440]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[441-version-negotiation]
-ssl_conf = 441-version-negotiation-ssl
-
-[441-version-negotiation-ssl]
-server = 441-version-negotiation-server
-client = 441-version-negotiation-client
-
-[441-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[441-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-441]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[442-version-negotiation]
-ssl_conf = 442-version-negotiation-ssl
-
-[442-version-negotiation-ssl]
-server = 442-version-negotiation-server
-client = 442-version-negotiation-client
-
-[442-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[442-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-442]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[443-version-negotiation]
-ssl_conf = 443-version-negotiation-ssl
-
-[443-version-negotiation-ssl]
-server = 443-version-negotiation-server
-client = 443-version-negotiation-client
-
-[443-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[443-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-443]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[444-version-negotiation]
-ssl_conf = 444-version-negotiation-ssl
-
-[444-version-negotiation-ssl]
-server = 444-version-negotiation-server
-client = 444-version-negotiation-client
-
-[444-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[444-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-444]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[445-version-negotiation]
-ssl_conf = 445-version-negotiation-ssl
-
-[445-version-negotiation-ssl]
-server = 445-version-negotiation-server
-client = 445-version-negotiation-client
-
-[445-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[445-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-445]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[446-version-negotiation]
-ssl_conf = 446-version-negotiation-ssl
-
-[446-version-negotiation-ssl]
-server = 446-version-negotiation-server
-client = 446-version-negotiation-client
-
-[446-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[446-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-446]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[447-version-negotiation]
-ssl_conf = 447-version-negotiation-ssl
-
-[447-version-negotiation-ssl]
-server = 447-version-negotiation-server
-client = 447-version-negotiation-client
-
-[447-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[447-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-447]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[448-version-negotiation]
-ssl_conf = 448-version-negotiation-ssl
-
-[448-version-negotiation-ssl]
-server = 448-version-negotiation-server
-client = 448-version-negotiation-client
-
-[448-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[448-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-448]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[449-version-negotiation]
-ssl_conf = 449-version-negotiation-ssl
-
-[449-version-negotiation-ssl]
-server = 449-version-negotiation-server
-client = 449-version-negotiation-client
-
-[449-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[449-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-449]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[450-version-negotiation]
-ssl_conf = 450-version-negotiation-ssl
-
-[450-version-negotiation-ssl]
-server = 450-version-negotiation-server
-client = 450-version-negotiation-client
-
-[450-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[450-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-450]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[451-version-negotiation]
-ssl_conf = 451-version-negotiation-ssl
-
-[451-version-negotiation-ssl]
-server = 451-version-negotiation-server
-client = 451-version-negotiation-client
-
-[451-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[451-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-451]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[452-version-negotiation]
-ssl_conf = 452-version-negotiation-ssl
-
-[452-version-negotiation-ssl]
-server = 452-version-negotiation-server
-client = 452-version-negotiation-client
-
-[452-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[452-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-452]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[453-version-negotiation]
-ssl_conf = 453-version-negotiation-ssl
-
-[453-version-negotiation-ssl]
-server = 453-version-negotiation-server
-client = 453-version-negotiation-client
-
-[453-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[453-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-453]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[454-version-negotiation]
-ssl_conf = 454-version-negotiation-ssl
-
-[454-version-negotiation-ssl]
-server = 454-version-negotiation-server
-client = 454-version-negotiation-client
-
-[454-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[454-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-454]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[455-version-negotiation]
-ssl_conf = 455-version-negotiation-ssl
-
-[455-version-negotiation-ssl]
-server = 455-version-negotiation-server
-client = 455-version-negotiation-client
-
-[455-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[455-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-455]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[456-version-negotiation]
-ssl_conf = 456-version-negotiation-ssl
-
-[456-version-negotiation-ssl]
-server = 456-version-negotiation-server
-client = 456-version-negotiation-client
-
-[456-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[456-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-456]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[457-version-negotiation]
-ssl_conf = 457-version-negotiation-ssl
-
-[457-version-negotiation-ssl]
-server = 457-version-negotiation-server
-client = 457-version-negotiation-client
-
-[457-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[457-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-457]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[458-version-negotiation]
-ssl_conf = 458-version-negotiation-ssl
-
-[458-version-negotiation-ssl]
-server = 458-version-negotiation-server
-client = 458-version-negotiation-client
-
-[458-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[458-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-458]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[459-version-negotiation]
-ssl_conf = 459-version-negotiation-ssl
-
-[459-version-negotiation-ssl]
-server = 459-version-negotiation-server
-client = 459-version-negotiation-client
-
-[459-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[459-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-459]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[460-version-negotiation]
-ssl_conf = 460-version-negotiation-ssl
-
-[460-version-negotiation-ssl]
-server = 460-version-negotiation-server
-client = 460-version-negotiation-client
-
-[460-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[460-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-460]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[461-version-negotiation]
-ssl_conf = 461-version-negotiation-ssl
-
-[461-version-negotiation-ssl]
-server = 461-version-negotiation-server
-client = 461-version-negotiation-client
-
-[461-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[461-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-461]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[462-version-negotiation]
-ssl_conf = 462-version-negotiation-ssl
-
-[462-version-negotiation-ssl]
-server = 462-version-negotiation-server
-client = 462-version-negotiation-client
-
-[462-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[462-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-462]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[463-version-negotiation]
-ssl_conf = 463-version-negotiation-ssl
-
-[463-version-negotiation-ssl]
-server = 463-version-negotiation-server
-client = 463-version-negotiation-client
-
-[463-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[463-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-463]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[464-version-negotiation]
-ssl_conf = 464-version-negotiation-ssl
-
-[464-version-negotiation-ssl]
-server = 464-version-negotiation-server
-client = 464-version-negotiation-client
-
-[464-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[464-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-464]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[465-version-negotiation]
-ssl_conf = 465-version-negotiation-ssl
-
-[465-version-negotiation-ssl]
-server = 465-version-negotiation-server
-client = 465-version-negotiation-client
-
-[465-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[465-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-465]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[466-version-negotiation]
-ssl_conf = 466-version-negotiation-ssl
-
-[466-version-negotiation-ssl]
-server = 466-version-negotiation-server
-client = 466-version-negotiation-client
-
-[466-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[466-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-466]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[467-version-negotiation]
-ssl_conf = 467-version-negotiation-ssl
-
-[467-version-negotiation-ssl]
-server = 467-version-negotiation-server
-client = 467-version-negotiation-client
-
-[467-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[467-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-467]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[468-version-negotiation]
-ssl_conf = 468-version-negotiation-ssl
-
-[468-version-negotiation-ssl]
-server = 468-version-negotiation-server
-client = 468-version-negotiation-client
-
-[468-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[468-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-468]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[469-version-negotiation]
-ssl_conf = 469-version-negotiation-ssl
-
-[469-version-negotiation-ssl]
-server = 469-version-negotiation-server
-client = 469-version-negotiation-client
-
-[469-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[469-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-469]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[470-version-negotiation]
-ssl_conf = 470-version-negotiation-ssl
-
-[470-version-negotiation-ssl]
-server = 470-version-negotiation-server
-client = 470-version-negotiation-client
-
-[470-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[470-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-470]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[471-version-negotiation]
-ssl_conf = 471-version-negotiation-ssl
-
-[471-version-negotiation-ssl]
-server = 471-version-negotiation-server
-client = 471-version-negotiation-client
-
-[471-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[471-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-471]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[472-version-negotiation]
-ssl_conf = 472-version-negotiation-ssl
-
-[472-version-negotiation-ssl]
-server = 472-version-negotiation-server
-client = 472-version-negotiation-client
-
-[472-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[472-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-472]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[473-version-negotiation]
-ssl_conf = 473-version-negotiation-ssl
-
-[473-version-negotiation-ssl]
-server = 473-version-negotiation-server
-client = 473-version-negotiation-client
-
-[473-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[473-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-473]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[474-version-negotiation]
-ssl_conf = 474-version-negotiation-ssl
-
-[474-version-negotiation-ssl]
-server = 474-version-negotiation-server
-client = 474-version-negotiation-client
-
-[474-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[474-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-474]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[475-version-negotiation]
-ssl_conf = 475-version-negotiation-ssl
-
-[475-version-negotiation-ssl]
-server = 475-version-negotiation-server
-client = 475-version-negotiation-client
-
-[475-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[475-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-475]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[476-version-negotiation]
-ssl_conf = 476-version-negotiation-ssl
-
-[476-version-negotiation-ssl]
-server = 476-version-negotiation-server
-client = 476-version-negotiation-client
-
-[476-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[476-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-476]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[477-version-negotiation]
-ssl_conf = 477-version-negotiation-ssl
-
-[477-version-negotiation-ssl]
-server = 477-version-negotiation-server
-client = 477-version-negotiation-client
-
-[477-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[477-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-477]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[478-version-negotiation]
-ssl_conf = 478-version-negotiation-ssl
-
-[478-version-negotiation-ssl]
-server = 478-version-negotiation-server
-client = 478-version-negotiation-client
-
-[478-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[478-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-478]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[479-version-negotiation]
-ssl_conf = 479-version-negotiation-ssl
-
-[479-version-negotiation-ssl]
-server = 479-version-negotiation-server
-client = 479-version-negotiation-client
-
-[479-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[479-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-479]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[480-version-negotiation]
-ssl_conf = 480-version-negotiation-ssl
-
-[480-version-negotiation-ssl]
-server = 480-version-negotiation-server
-client = 480-version-negotiation-client
-
-[480-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[480-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-480]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[481-version-negotiation]
-ssl_conf = 481-version-negotiation-ssl
-
-[481-version-negotiation-ssl]
-server = 481-version-negotiation-server
-client = 481-version-negotiation-client
-
-[481-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[481-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-481]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[482-version-negotiation]
-ssl_conf = 482-version-negotiation-ssl
-
-[482-version-negotiation-ssl]
-server = 482-version-negotiation-server
-client = 482-version-negotiation-client
-
-[482-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[482-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-482]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[483-version-negotiation]
-ssl_conf = 483-version-negotiation-ssl
-
-[483-version-negotiation-ssl]
-server = 483-version-negotiation-server
-client = 483-version-negotiation-client
-
-[483-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[483-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-483]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[484-version-negotiation]
-ssl_conf = 484-version-negotiation-ssl
-
-[484-version-negotiation-ssl]
-server = 484-version-negotiation-server
-client = 484-version-negotiation-client
-
-[484-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[484-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-484]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[485-version-negotiation]
-ssl_conf = 485-version-negotiation-ssl
-
-[485-version-negotiation-ssl]
-server = 485-version-negotiation-server
-client = 485-version-negotiation-client
-
-[485-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[485-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-485]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[486-version-negotiation]
-ssl_conf = 486-version-negotiation-ssl
-
-[486-version-negotiation-ssl]
-server = 486-version-negotiation-server
-client = 486-version-negotiation-client
-
-[486-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[486-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-486]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[487-version-negotiation]
-ssl_conf = 487-version-negotiation-ssl
-
-[487-version-negotiation-ssl]
-server = 487-version-negotiation-server
-client = 487-version-negotiation-client
-
-[487-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[487-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-487]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[488-version-negotiation]
-ssl_conf = 488-version-negotiation-ssl
-
-[488-version-negotiation-ssl]
-server = 488-version-negotiation-server
-client = 488-version-negotiation-client
-
-[488-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[488-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-488]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[489-version-negotiation]
-ssl_conf = 489-version-negotiation-ssl
-
-[489-version-negotiation-ssl]
-server = 489-version-negotiation-server
-client = 489-version-negotiation-client
-
-[489-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[489-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-489]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[490-version-negotiation]
-ssl_conf = 490-version-negotiation-ssl
-
-[490-version-negotiation-ssl]
-server = 490-version-negotiation-server
-client = 490-version-negotiation-client
-
-[490-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[490-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-490]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[491-version-negotiation]
-ssl_conf = 491-version-negotiation-ssl
-
-[491-version-negotiation-ssl]
-server = 491-version-negotiation-server
-client = 491-version-negotiation-client
-
-[491-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[491-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-491]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[492-version-negotiation]
-ssl_conf = 492-version-negotiation-ssl
-
-[492-version-negotiation-ssl]
-server = 492-version-negotiation-server
-client = 492-version-negotiation-client
-
-[492-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[492-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-492]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[493-version-negotiation]
-ssl_conf = 493-version-negotiation-ssl
-
-[493-version-negotiation-ssl]
-server = 493-version-negotiation-server
-client = 493-version-negotiation-client
-
-[493-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[493-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-493]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[494-version-negotiation]
-ssl_conf = 494-version-negotiation-ssl
-
-[494-version-negotiation-ssl]
-server = 494-version-negotiation-server
-client = 494-version-negotiation-client
-
-[494-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[494-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-494]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[495-version-negotiation]
-ssl_conf = 495-version-negotiation-ssl
-
-[495-version-negotiation-ssl]
-server = 495-version-negotiation-server
-client = 495-version-negotiation-client
-
-[495-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[495-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-495]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[496-version-negotiation]
-ssl_conf = 496-version-negotiation-ssl
-
-[496-version-negotiation-ssl]
-server = 496-version-negotiation-server
-client = 496-version-negotiation-client
-
-[496-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[496-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-496]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[497-version-negotiation]
-ssl_conf = 497-version-negotiation-ssl
-
-[497-version-negotiation-ssl]
-server = 497-version-negotiation-server
-client = 497-version-negotiation-client
-
-[497-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[497-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-497]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[498-version-negotiation]
-ssl_conf = 498-version-negotiation-ssl
-
-[498-version-negotiation-ssl]
-server = 498-version-negotiation-server
-client = 498-version-negotiation-client
-
-[498-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[498-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-498]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[499-version-negotiation]
-ssl_conf = 499-version-negotiation-ssl
-
-[499-version-negotiation-ssl]
-server = 499-version-negotiation-server
-client = 499-version-negotiation-client
-
-[499-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[499-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-499]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[500-version-negotiation]
-ssl_conf = 500-version-negotiation-ssl
-
-[500-version-negotiation-ssl]
-server = 500-version-negotiation-server
-client = 500-version-negotiation-client
-
-[500-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[500-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-500]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[501-version-negotiation]
-ssl_conf = 501-version-negotiation-ssl
-
-[501-version-negotiation-ssl]
-server = 501-version-negotiation-server
-client = 501-version-negotiation-client
-
-[501-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[501-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-501]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[502-version-negotiation]
-ssl_conf = 502-version-negotiation-ssl
-
-[502-version-negotiation-ssl]
-server = 502-version-negotiation-server
-client = 502-version-negotiation-client
-
-[502-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[502-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-502]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[503-version-negotiation]
-ssl_conf = 503-version-negotiation-ssl
-
-[503-version-negotiation-ssl]
-server = 503-version-negotiation-server
-client = 503-version-negotiation-client
-
-[503-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[503-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-503]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[504-version-negotiation]
-ssl_conf = 504-version-negotiation-ssl
-
-[504-version-negotiation-ssl]
-server = 504-version-negotiation-server
-client = 504-version-negotiation-client
-
-[504-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[504-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-504]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[505-version-negotiation]
-ssl_conf = 505-version-negotiation-ssl
-
-[505-version-negotiation-ssl]
-server = 505-version-negotiation-server
-client = 505-version-negotiation-client
-
-[505-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[505-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-505]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[506-version-negotiation]
-ssl_conf = 506-version-negotiation-ssl
-
-[506-version-negotiation-ssl]
-server = 506-version-negotiation-server
-client = 506-version-negotiation-client
-
-[506-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[506-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-506]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[507-version-negotiation]
-ssl_conf = 507-version-negotiation-ssl
-
-[507-version-negotiation-ssl]
-server = 507-version-negotiation-server
-client = 507-version-negotiation-client
-
-[507-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[507-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-507]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[508-version-negotiation]
-ssl_conf = 508-version-negotiation-ssl
-
-[508-version-negotiation-ssl]
-server = 508-version-negotiation-server
-client = 508-version-negotiation-client
-
-[508-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[508-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-508]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[509-version-negotiation]
-ssl_conf = 509-version-negotiation-ssl
-
-[509-version-negotiation-ssl]
-server = 509-version-negotiation-server
-client = 509-version-negotiation-client
-
-[509-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[509-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-509]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[510-version-negotiation]
-ssl_conf = 510-version-negotiation-ssl
-
-[510-version-negotiation-ssl]
-server = 510-version-negotiation-server
-client = 510-version-negotiation-client
-
-[510-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[510-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-510]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[511-version-negotiation]
-ssl_conf = 511-version-negotiation-ssl
-
-[511-version-negotiation-ssl]
-server = 511-version-negotiation-server
-client = 511-version-negotiation-client
-
-[511-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[511-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-511]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[512-version-negotiation]
-ssl_conf = 512-version-negotiation-ssl
-
-[512-version-negotiation-ssl]
-server = 512-version-negotiation-server
-client = 512-version-negotiation-client
-
-[512-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[512-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-512]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[513-version-negotiation]
-ssl_conf = 513-version-negotiation-ssl
-
-[513-version-negotiation-ssl]
-server = 513-version-negotiation-server
-client = 513-version-negotiation-client
-
-[513-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[513-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-513]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[514-version-negotiation]
-ssl_conf = 514-version-negotiation-ssl
-
-[514-version-negotiation-ssl]
-server = 514-version-negotiation-server
-client = 514-version-negotiation-client
-
-[514-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[514-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-514]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[515-version-negotiation]
-ssl_conf = 515-version-negotiation-ssl
-
-[515-version-negotiation-ssl]
-server = 515-version-negotiation-server
-client = 515-version-negotiation-client
-
-[515-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[515-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-515]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[516-version-negotiation]
-ssl_conf = 516-version-negotiation-ssl
-
-[516-version-negotiation-ssl]
-server = 516-version-negotiation-server
-client = 516-version-negotiation-client
-
-[516-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[516-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-516]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[517-version-negotiation]
-ssl_conf = 517-version-negotiation-ssl
-
-[517-version-negotiation-ssl]
-server = 517-version-negotiation-server
-client = 517-version-negotiation-client
-
-[517-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[517-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-517]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[518-version-negotiation]
-ssl_conf = 518-version-negotiation-ssl
-
-[518-version-negotiation-ssl]
-server = 518-version-negotiation-server
-client = 518-version-negotiation-client
-
-[518-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[518-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-518]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[519-version-negotiation]
-ssl_conf = 519-version-negotiation-ssl
-
-[519-version-negotiation-ssl]
-server = 519-version-negotiation-server
-client = 519-version-negotiation-client
-
-[519-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[519-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-519]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[520-version-negotiation]
-ssl_conf = 520-version-negotiation-ssl
-
-[520-version-negotiation-ssl]
-server = 520-version-negotiation-server
-client = 520-version-negotiation-client
-
-[520-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[520-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-520]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[521-version-negotiation]
-ssl_conf = 521-version-negotiation-ssl
-
-[521-version-negotiation-ssl]
-server = 521-version-negotiation-server
-client = 521-version-negotiation-client
-
-[521-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[521-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-521]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[522-version-negotiation]
-ssl_conf = 522-version-negotiation-ssl
-
-[522-version-negotiation-ssl]
-server = 522-version-negotiation-server
-client = 522-version-negotiation-client
-
-[522-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[522-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-522]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[523-version-negotiation]
-ssl_conf = 523-version-negotiation-ssl
-
-[523-version-negotiation-ssl]
-server = 523-version-negotiation-server
-client = 523-version-negotiation-client
-
-[523-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[523-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-523]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[524-version-negotiation]
-ssl_conf = 524-version-negotiation-ssl
-
-[524-version-negotiation-ssl]
-server = 524-version-negotiation-server
-client = 524-version-negotiation-client
-
-[524-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[524-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-524]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[525-version-negotiation]
-ssl_conf = 525-version-negotiation-ssl
-
-[525-version-negotiation-ssl]
-server = 525-version-negotiation-server
-client = 525-version-negotiation-client
-
-[525-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[525-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-525]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[526-version-negotiation]
-ssl_conf = 526-version-negotiation-ssl
-
-[526-version-negotiation-ssl]
-server = 526-version-negotiation-server
-client = 526-version-negotiation-client
-
-[526-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[526-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-526]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[527-version-negotiation]
-ssl_conf = 527-version-negotiation-ssl
-
-[527-version-negotiation-ssl]
-server = 527-version-negotiation-server
-client = 527-version-negotiation-client
-
-[527-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[527-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-527]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[528-version-negotiation]
-ssl_conf = 528-version-negotiation-ssl
-
-[528-version-negotiation-ssl]
-server = 528-version-negotiation-server
-client = 528-version-negotiation-client
-
-[528-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[528-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-528]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[529-version-negotiation]
-ssl_conf = 529-version-negotiation-ssl
-
-[529-version-negotiation-ssl]
-server = 529-version-negotiation-server
-client = 529-version-negotiation-client
-
-[529-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[529-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-529]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[530-version-negotiation]
-ssl_conf = 530-version-negotiation-ssl
-
-[530-version-negotiation-ssl]
-server = 530-version-negotiation-server
-client = 530-version-negotiation-client
-
-[530-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[530-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-530]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[531-version-negotiation]
-ssl_conf = 531-version-negotiation-ssl
-
-[531-version-negotiation-ssl]
-server = 531-version-negotiation-server
-client = 531-version-negotiation-client
-
-[531-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[531-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-531]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[532-version-negotiation]
-ssl_conf = 532-version-negotiation-ssl
-
-[532-version-negotiation-ssl]
-server = 532-version-negotiation-server
-client = 532-version-negotiation-client
-
-[532-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[532-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-532]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[533-version-negotiation]
-ssl_conf = 533-version-negotiation-ssl
-
-[533-version-negotiation-ssl]
-server = 533-version-negotiation-server
-client = 533-version-negotiation-client
-
-[533-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[533-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-533]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[534-version-negotiation]
-ssl_conf = 534-version-negotiation-ssl
-
-[534-version-negotiation-ssl]
-server = 534-version-negotiation-server
-client = 534-version-negotiation-client
-
-[534-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[534-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-534]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[535-version-negotiation]
-ssl_conf = 535-version-negotiation-ssl
-
-[535-version-negotiation-ssl]
-server = 535-version-negotiation-server
-client = 535-version-negotiation-client
-
-[535-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[535-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-535]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[536-version-negotiation]
-ssl_conf = 536-version-negotiation-ssl
-
-[536-version-negotiation-ssl]
-server = 536-version-negotiation-server
-client = 536-version-negotiation-client
-
-[536-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[536-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-536]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[537-version-negotiation]
-ssl_conf = 537-version-negotiation-ssl
-
-[537-version-negotiation-ssl]
-server = 537-version-negotiation-server
-client = 537-version-negotiation-client
-
-[537-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[537-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-537]
-ExpectedProtocol = TLSv1.1
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[538-version-negotiation]
-ssl_conf = 538-version-negotiation-ssl
-
-[538-version-negotiation-ssl]
-server = 538-version-negotiation-server
-client = 538-version-negotiation-client
-
-[538-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[538-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-538]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[539-version-negotiation]
-ssl_conf = 539-version-negotiation-ssl
-
-[539-version-negotiation-ssl]
-server = 539-version-negotiation-server
-client = 539-version-negotiation-client
-
-[539-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[539-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-539]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[540-version-negotiation]
-ssl_conf = 540-version-negotiation-ssl
-
-[540-version-negotiation-ssl]
-server = 540-version-negotiation-server
-client = 540-version-negotiation-client
-
-[540-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[540-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-540]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[541-version-negotiation]
-ssl_conf = 541-version-negotiation-ssl
-
-[541-version-negotiation-ssl]
-server = 541-version-negotiation-server
-client = 541-version-negotiation-client
-
-[541-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[541-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-541]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[542-version-negotiation]
-ssl_conf = 542-version-negotiation-ssl
-
-[542-version-negotiation-ssl]
-server = 542-version-negotiation-server
-client = 542-version-negotiation-client
-
-[542-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[542-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-542]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[543-version-negotiation]
-ssl_conf = 543-version-negotiation-ssl
-
-[543-version-negotiation-ssl]
-server = 543-version-negotiation-server
-client = 543-version-negotiation-client
-
-[543-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[543-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-543]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[544-version-negotiation]
-ssl_conf = 544-version-negotiation-ssl
-
-[544-version-negotiation-ssl]
-server = 544-version-negotiation-server
-client = 544-version-negotiation-client
-
-[544-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[544-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-544]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[545-version-negotiation]
-ssl_conf = 545-version-negotiation-ssl
-
-[545-version-negotiation-ssl]
-server = 545-version-negotiation-server
-client = 545-version-negotiation-client
-
-[545-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[545-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-545]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[546-version-negotiation]
-ssl_conf = 546-version-negotiation-ssl
-
-[546-version-negotiation-ssl]
-server = 546-version-negotiation-server
-client = 546-version-negotiation-client
-
-[546-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[546-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-546]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[547-version-negotiation]
-ssl_conf = 547-version-negotiation-ssl
-
-[547-version-negotiation-ssl]
-server = 547-version-negotiation-server
-client = 547-version-negotiation-client
-
-[547-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[547-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-547]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[548-version-negotiation]
-ssl_conf = 548-version-negotiation-ssl
-
-[548-version-negotiation-ssl]
-server = 548-version-negotiation-server
-client = 548-version-negotiation-client
-
-[548-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[548-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-548]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[549-version-negotiation]
-ssl_conf = 549-version-negotiation-ssl
-
-[549-version-negotiation-ssl]
-server = 549-version-negotiation-server
-client = 549-version-negotiation-client
-
-[549-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[549-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-549]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[550-version-negotiation]
-ssl_conf = 550-version-negotiation-ssl
-
-[550-version-negotiation-ssl]
-server = 550-version-negotiation-server
-client = 550-version-negotiation-client
-
-[550-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[550-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-550]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[551-version-negotiation]
-ssl_conf = 551-version-negotiation-ssl
-
-[551-version-negotiation-ssl]
-server = 551-version-negotiation-server
-client = 551-version-negotiation-client
-
-[551-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[551-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-551]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[552-version-negotiation]
-ssl_conf = 552-version-negotiation-ssl
-
-[552-version-negotiation-ssl]
-server = 552-version-negotiation-server
-client = 552-version-negotiation-client
-
-[552-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[552-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-552]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[553-version-negotiation]
-ssl_conf = 553-version-negotiation-ssl
-
-[553-version-negotiation-ssl]
-server = 553-version-negotiation-server
-client = 553-version-negotiation-client
-
-[553-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[553-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-553]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[554-version-negotiation]
-ssl_conf = 554-version-negotiation-ssl
-
-[554-version-negotiation-ssl]
-server = 554-version-negotiation-server
-client = 554-version-negotiation-client
-
-[554-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[554-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-554]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[555-version-negotiation]
-ssl_conf = 555-version-negotiation-ssl
-
-[555-version-negotiation-ssl]
-server = 555-version-negotiation-server
-client = 555-version-negotiation-client
-
-[555-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[555-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-555]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[556-version-negotiation]
-ssl_conf = 556-version-negotiation-ssl
-
-[556-version-negotiation-ssl]
-server = 556-version-negotiation-server
-client = 556-version-negotiation-client
-
-[556-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[556-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-556]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[557-version-negotiation]
-ssl_conf = 557-version-negotiation-ssl
-
-[557-version-negotiation-ssl]
-server = 557-version-negotiation-server
-client = 557-version-negotiation-client
-
-[557-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[557-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-557]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[558-version-negotiation]
-ssl_conf = 558-version-negotiation-ssl
-
-[558-version-negotiation-ssl]
-server = 558-version-negotiation-server
-client = 558-version-negotiation-client
-
-[558-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[558-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-558]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[559-version-negotiation]
-ssl_conf = 559-version-negotiation-ssl
-
-[559-version-negotiation-ssl]
-server = 559-version-negotiation-server
-client = 559-version-negotiation-client
-
-[559-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[559-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-559]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[560-version-negotiation]
-ssl_conf = 560-version-negotiation-ssl
-
-[560-version-negotiation-ssl]
-server = 560-version-negotiation-server
-client = 560-version-negotiation-client
-
-[560-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[560-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-560]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[561-version-negotiation]
-ssl_conf = 561-version-negotiation-ssl
-
-[561-version-negotiation-ssl]
-server = 561-version-negotiation-server
-client = 561-version-negotiation-client
-
-[561-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[561-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-561]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[562-version-negotiation]
-ssl_conf = 562-version-negotiation-ssl
-
-[562-version-negotiation-ssl]
-server = 562-version-negotiation-server
-client = 562-version-negotiation-client
-
-[562-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[562-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-562]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[563-version-negotiation]
-ssl_conf = 563-version-negotiation-ssl
-
-[563-version-negotiation-ssl]
-server = 563-version-negotiation-server
-client = 563-version-negotiation-client
-
-[563-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[563-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-563]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[564-version-negotiation]
-ssl_conf = 564-version-negotiation-ssl
-
-[564-version-negotiation-ssl]
-server = 564-version-negotiation-server
-client = 564-version-negotiation-client
-
-[564-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[564-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-564]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[565-version-negotiation]
-ssl_conf = 565-version-negotiation-ssl
-
-[565-version-negotiation-ssl]
-server = 565-version-negotiation-server
-client = 565-version-negotiation-client
-
-[565-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[565-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-565]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[566-version-negotiation]
-ssl_conf = 566-version-negotiation-ssl
-
-[566-version-negotiation-ssl]
-server = 566-version-negotiation-server
-client = 566-version-negotiation-client
-
-[566-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[566-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-566]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[567-version-negotiation]
-ssl_conf = 567-version-negotiation-ssl
-
-[567-version-negotiation-ssl]
-server = 567-version-negotiation-server
-client = 567-version-negotiation-client
-
-[567-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[567-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-567]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[568-version-negotiation]
-ssl_conf = 568-version-negotiation-ssl
-
-[568-version-negotiation-ssl]
-server = 568-version-negotiation-server
-client = 568-version-negotiation-client
-
-[568-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[568-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-568]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[569-version-negotiation]
-ssl_conf = 569-version-negotiation-ssl
-
-[569-version-negotiation-ssl]
-server = 569-version-negotiation-server
-client = 569-version-negotiation-client
-
-[569-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[569-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-569]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[570-version-negotiation]
-ssl_conf = 570-version-negotiation-ssl
-
-[570-version-negotiation-ssl]
-server = 570-version-negotiation-server
-client = 570-version-negotiation-client
-
-[570-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[570-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-570]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[571-version-negotiation]
-ssl_conf = 571-version-negotiation-ssl
-
-[571-version-negotiation-ssl]
-server = 571-version-negotiation-server
-client = 571-version-negotiation-client
-
-[571-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[571-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-571]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[572-version-negotiation]
-ssl_conf = 572-version-negotiation-ssl
-
-[572-version-negotiation-ssl]
-server = 572-version-negotiation-server
-client = 572-version-negotiation-client
-
-[572-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[572-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-572]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[573-version-negotiation]
-ssl_conf = 573-version-negotiation-ssl
-
-[573-version-negotiation-ssl]
-server = 573-version-negotiation-server
-client = 573-version-negotiation-client
-
-[573-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[573-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-573]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[574-version-negotiation]
-ssl_conf = 574-version-negotiation-ssl
-
-[574-version-negotiation-ssl]
-server = 574-version-negotiation-server
-client = 574-version-negotiation-client
-
-[574-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[574-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-574]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[575-version-negotiation]
-ssl_conf = 575-version-negotiation-ssl
-
-[575-version-negotiation-ssl]
-server = 575-version-negotiation-server
-client = 575-version-negotiation-client
-
-[575-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[575-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-575]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[576-version-negotiation]
-ssl_conf = 576-version-negotiation-ssl
-
-[576-version-negotiation-ssl]
-server = 576-version-negotiation-server
-client = 576-version-negotiation-client
-
-[576-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[576-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-576]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[577-version-negotiation]
-ssl_conf = 577-version-negotiation-ssl
-
-[577-version-negotiation-ssl]
-server = 577-version-negotiation-server
-client = 577-version-negotiation-client
-
-[577-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[577-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-577]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[578-version-negotiation]
-ssl_conf = 578-version-negotiation-ssl
-
-[578-version-negotiation-ssl]
-server = 578-version-negotiation-server
-client = 578-version-negotiation-client
-
-[578-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[578-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-578]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[579-version-negotiation]
-ssl_conf = 579-version-negotiation-ssl
-
-[579-version-negotiation-ssl]
-server = 579-version-negotiation-server
-client = 579-version-negotiation-client
-
-[579-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[579-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-579]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[580-version-negotiation]
-ssl_conf = 580-version-negotiation-ssl
-
-[580-version-negotiation-ssl]
-server = 580-version-negotiation-server
-client = 580-version-negotiation-client
-
-[580-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[580-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-580]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[581-version-negotiation]
-ssl_conf = 581-version-negotiation-ssl
-
-[581-version-negotiation-ssl]
-server = 581-version-negotiation-server
-client = 581-version-negotiation-client
-
-[581-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[581-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-581]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[582-version-negotiation]
-ssl_conf = 582-version-negotiation-ssl
-
-[582-version-negotiation-ssl]
-server = 582-version-negotiation-server
-client = 582-version-negotiation-client
-
-[582-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[582-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-582]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[583-version-negotiation]
-ssl_conf = 583-version-negotiation-ssl
-
-[583-version-negotiation-ssl]
-server = 583-version-negotiation-server
-client = 583-version-negotiation-client
-
-[583-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[583-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-583]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[584-version-negotiation]
-ssl_conf = 584-version-negotiation-ssl
-
-[584-version-negotiation-ssl]
-server = 584-version-negotiation-server
-client = 584-version-negotiation-client
-
-[584-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[584-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-584]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[585-version-negotiation]
-ssl_conf = 585-version-negotiation-ssl
-
-[585-version-negotiation-ssl]
-server = 585-version-negotiation-server
-client = 585-version-negotiation-client
-
-[585-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[585-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-585]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[586-version-negotiation]
-ssl_conf = 586-version-negotiation-ssl
-
-[586-version-negotiation-ssl]
-server = 586-version-negotiation-server
-client = 586-version-negotiation-client
-
-[586-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[586-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-586]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[587-version-negotiation]
-ssl_conf = 587-version-negotiation-ssl
-
-[587-version-negotiation-ssl]
-server = 587-version-negotiation-server
-client = 587-version-negotiation-client
-
-[587-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[587-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-587]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[588-version-negotiation]
-ssl_conf = 588-version-negotiation-ssl
-
-[588-version-negotiation-ssl]
-server = 588-version-negotiation-server
-client = 588-version-negotiation-client
-
-[588-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[588-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-588]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[589-version-negotiation]
-ssl_conf = 589-version-negotiation-ssl
-
-[589-version-negotiation-ssl]
-server = 589-version-negotiation-server
-client = 589-version-negotiation-client
-
-[589-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[589-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-589]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[590-version-negotiation]
-ssl_conf = 590-version-negotiation-ssl
-
-[590-version-negotiation-ssl]
-server = 590-version-negotiation-server
-client = 590-version-negotiation-client
-
-[590-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[590-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-590]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[591-version-negotiation]
-ssl_conf = 591-version-negotiation-ssl
-
-[591-version-negotiation-ssl]
-server = 591-version-negotiation-server
-client = 591-version-negotiation-client
-
-[591-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[591-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-591]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[592-version-negotiation]
-ssl_conf = 592-version-negotiation-ssl
-
-[592-version-negotiation-ssl]
-server = 592-version-negotiation-server
-client = 592-version-negotiation-client
-
-[592-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[592-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-592]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[593-version-negotiation]
-ssl_conf = 593-version-negotiation-ssl
-
-[593-version-negotiation-ssl]
-server = 593-version-negotiation-server
-client = 593-version-negotiation-client
-
-[593-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[593-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-593]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[594-version-negotiation]
-ssl_conf = 594-version-negotiation-ssl
-
-[594-version-negotiation-ssl]
-server = 594-version-negotiation-server
-client = 594-version-negotiation-client
-
-[594-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[594-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-594]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[595-version-negotiation]
-ssl_conf = 595-version-negotiation-ssl
-
-[595-version-negotiation-ssl]
-server = 595-version-negotiation-server
-client = 595-version-negotiation-client
-
-[595-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[595-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-595]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[596-version-negotiation]
-ssl_conf = 596-version-negotiation-ssl
-
-[596-version-negotiation-ssl]
-server = 596-version-negotiation-server
-client = 596-version-negotiation-client
-
-[596-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[596-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-596]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[597-version-negotiation]
-ssl_conf = 597-version-negotiation-ssl
-
-[597-version-negotiation-ssl]
-server = 597-version-negotiation-server
-client = 597-version-negotiation-client
-
-[597-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[597-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-597]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[598-version-negotiation]
-ssl_conf = 598-version-negotiation-ssl
-
-[598-version-negotiation-ssl]
-server = 598-version-negotiation-server
-client = 598-version-negotiation-client
-
-[598-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[598-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-598]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[599-version-negotiation]
-ssl_conf = 599-version-negotiation-ssl
-
-[599-version-negotiation-ssl]
-server = 599-version-negotiation-server
-client = 599-version-negotiation-client
-
-[599-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[599-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-599]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[600-version-negotiation]
-ssl_conf = 600-version-negotiation-ssl
-
-[600-version-negotiation-ssl]
-server = 600-version-negotiation-server
-client = 600-version-negotiation-client
-
-[600-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[600-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-600]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[601-version-negotiation]
-ssl_conf = 601-version-negotiation-ssl
-
-[601-version-negotiation-ssl]
-server = 601-version-negotiation-server
-client = 601-version-negotiation-client
-
-[601-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[601-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-601]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[602-version-negotiation]
-ssl_conf = 602-version-negotiation-ssl
-
-[602-version-negotiation-ssl]
-server = 602-version-negotiation-server
-client = 602-version-negotiation-client
-
-[602-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[602-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-602]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[603-version-negotiation]
-ssl_conf = 603-version-negotiation-ssl
-
-[603-version-negotiation-ssl]
-server = 603-version-negotiation-server
-client = 603-version-negotiation-client
-
-[603-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[603-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-603]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[604-version-negotiation]
-ssl_conf = 604-version-negotiation-ssl
-
-[604-version-negotiation-ssl]
-server = 604-version-negotiation-server
-client = 604-version-negotiation-client
-
-[604-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[604-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-604]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[605-version-negotiation]
-ssl_conf = 605-version-negotiation-ssl
-
-[605-version-negotiation-ssl]
-server = 605-version-negotiation-server
-client = 605-version-negotiation-client
-
-[605-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[605-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-605]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[606-version-negotiation]
-ssl_conf = 606-version-negotiation-ssl
-
-[606-version-negotiation-ssl]
-server = 606-version-negotiation-server
-client = 606-version-negotiation-client
-
-[606-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[606-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-606]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[607-version-negotiation]
-ssl_conf = 607-version-negotiation-ssl
-
-[607-version-negotiation-ssl]
-server = 607-version-negotiation-server
-client = 607-version-negotiation-client
-
-[607-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[607-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-607]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[608-version-negotiation]
-ssl_conf = 608-version-negotiation-ssl
-
-[608-version-negotiation-ssl]
-server = 608-version-negotiation-server
-client = 608-version-negotiation-client
-
-[608-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[608-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-608]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[609-version-negotiation]
-ssl_conf = 609-version-negotiation-ssl
-
-[609-version-negotiation-ssl]
-server = 609-version-negotiation-server
-client = 609-version-negotiation-client
-
-[609-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[609-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-609]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[610-version-negotiation]
-ssl_conf = 610-version-negotiation-ssl
-
-[610-version-negotiation-ssl]
-server = 610-version-negotiation-server
-client = 610-version-negotiation-client
-
-[610-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[610-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-610]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[611-version-negotiation]
-ssl_conf = 611-version-negotiation-ssl
-
-[611-version-negotiation-ssl]
-server = 611-version-negotiation-server
-client = 611-version-negotiation-client
-
-[611-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[611-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-611]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[612-version-negotiation]
-ssl_conf = 612-version-negotiation-ssl
-
-[612-version-negotiation-ssl]
-server = 612-version-negotiation-server
-client = 612-version-negotiation-client
-
-[612-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[612-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-612]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[613-version-negotiation]
-ssl_conf = 613-version-negotiation-ssl
-
-[613-version-negotiation-ssl]
-server = 613-version-negotiation-server
-client = 613-version-negotiation-client
-
-[613-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[613-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-613]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[614-version-negotiation]
-ssl_conf = 614-version-negotiation-ssl
-
-[614-version-negotiation-ssl]
-server = 614-version-negotiation-server
-client = 614-version-negotiation-client
-
-[614-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[614-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-614]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[615-version-negotiation]
-ssl_conf = 615-version-negotiation-ssl
-
-[615-version-negotiation-ssl]
-server = 615-version-negotiation-server
-client = 615-version-negotiation-client
-
-[615-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[615-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-615]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[616-version-negotiation]
-ssl_conf = 616-version-negotiation-ssl
-
-[616-version-negotiation-ssl]
-server = 616-version-negotiation-server
-client = 616-version-negotiation-client
-
-[616-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[616-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-616]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[617-version-negotiation]
-ssl_conf = 617-version-negotiation-ssl
-
-[617-version-negotiation-ssl]
-server = 617-version-negotiation-server
-client = 617-version-negotiation-client
-
-[617-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[617-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-617]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[618-version-negotiation]
-ssl_conf = 618-version-negotiation-ssl
-
-[618-version-negotiation-ssl]
-server = 618-version-negotiation-server
-client = 618-version-negotiation-client
-
-[618-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[618-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-618]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[619-version-negotiation]
-ssl_conf = 619-version-negotiation-ssl
-
-[619-version-negotiation-ssl]
-server = 619-version-negotiation-server
-client = 619-version-negotiation-client
-
-[619-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[619-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-619]
-ExpectedProtocol = TLSv1.2
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[620-version-negotiation]
-ssl_conf = 620-version-negotiation-ssl
-
-[620-version-negotiation-ssl]
-server = 620-version-negotiation-server
-client = 620-version-negotiation-client
-
-[620-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[620-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-620]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[621-version-negotiation]
-ssl_conf = 621-version-negotiation-ssl
-
-[621-version-negotiation-ssl]
-server = 621-version-negotiation-server
-client = 621-version-negotiation-client
-
-[621-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[621-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-621]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[622-version-negotiation]
-ssl_conf = 622-version-negotiation-ssl
-
-[622-version-negotiation-ssl]
-server = 622-version-negotiation-server
-client = 622-version-negotiation-client
-
-[622-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[622-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-622]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[623-version-negotiation]
-ssl_conf = 623-version-negotiation-ssl
-
-[623-version-negotiation-ssl]
-server = 623-version-negotiation-server
-client = 623-version-negotiation-client
-
-[623-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[623-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-623]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[624-version-negotiation]
-ssl_conf = 624-version-negotiation-ssl
-
-[624-version-negotiation-ssl]
-server = 624-version-negotiation-server
-client = 624-version-negotiation-client
-
-[624-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[624-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-624]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[625-version-negotiation]
-ssl_conf = 625-version-negotiation-ssl
-
-[625-version-negotiation-ssl]
-server = 625-version-negotiation-server
-client = 625-version-negotiation-client
-
-[625-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[625-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-625]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[626-version-negotiation]
-ssl_conf = 626-version-negotiation-ssl
-
-[626-version-negotiation-ssl]
-server = 626-version-negotiation-server
-client = 626-version-negotiation-client
-
-[626-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[626-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-626]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[627-version-negotiation]
-ssl_conf = 627-version-negotiation-ssl
-
-[627-version-negotiation-ssl]
-server = 627-version-negotiation-server
-client = 627-version-negotiation-client
-
-[627-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[627-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-627]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[628-version-negotiation]
-ssl_conf = 628-version-negotiation-ssl
-
-[628-version-negotiation-ssl]
-server = 628-version-negotiation-server
-client = 628-version-negotiation-client
-
-[628-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[628-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-628]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[629-version-negotiation]
-ssl_conf = 629-version-negotiation-ssl
-
-[629-version-negotiation-ssl]
-server = 629-version-negotiation-server
-client = 629-version-negotiation-client
-
-[629-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[629-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-629]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[630-version-negotiation]
-ssl_conf = 630-version-negotiation-ssl
-
-[630-version-negotiation-ssl]
-server = 630-version-negotiation-server
-client = 630-version-negotiation-client
-
-[630-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[630-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-630]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[631-version-negotiation]
-ssl_conf = 631-version-negotiation-ssl
-
-[631-version-negotiation-ssl]
-server = 631-version-negotiation-server
-client = 631-version-negotiation-client
-
-[631-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[631-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-631]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[632-version-negotiation]
-ssl_conf = 632-version-negotiation-ssl
-
-[632-version-negotiation-ssl]
-server = 632-version-negotiation-server
-client = 632-version-negotiation-client
-
-[632-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[632-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-632]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[633-version-negotiation]
-ssl_conf = 633-version-negotiation-ssl
-
-[633-version-negotiation-ssl]
-server = 633-version-negotiation-server
-client = 633-version-negotiation-client
-
-[633-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[633-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-633]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[634-version-negotiation]
-ssl_conf = 634-version-negotiation-ssl
-
-[634-version-negotiation-ssl]
-server = 634-version-negotiation-server
-client = 634-version-negotiation-client
-
-[634-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[634-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-634]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[635-version-negotiation]
-ssl_conf = 635-version-negotiation-ssl
-
-[635-version-negotiation-ssl]
-server = 635-version-negotiation-server
-client = 635-version-negotiation-client
-
-[635-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[635-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-635]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[636-version-negotiation]
-ssl_conf = 636-version-negotiation-ssl
-
-[636-version-negotiation-ssl]
-server = 636-version-negotiation-server
-client = 636-version-negotiation-client
-
-[636-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[636-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-636]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[637-version-negotiation]
-ssl_conf = 637-version-negotiation-ssl
-
-[637-version-negotiation-ssl]
-server = 637-version-negotiation-server
-client = 637-version-negotiation-client
-
-[637-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[637-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-637]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[638-version-negotiation]
-ssl_conf = 638-version-negotiation-ssl
-
-[638-version-negotiation-ssl]
-server = 638-version-negotiation-server
-client = 638-version-negotiation-client
-
-[638-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[638-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-638]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[639-version-negotiation]
-ssl_conf = 639-version-negotiation-ssl
-
-[639-version-negotiation-ssl]
-server = 639-version-negotiation-server
-client = 639-version-negotiation-client
-
-[639-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[639-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-639]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[640-version-negotiation]
-ssl_conf = 640-version-negotiation-ssl
-
-[640-version-negotiation-ssl]
-server = 640-version-negotiation-server
-client = 640-version-negotiation-client
-
-[640-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[640-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-640]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[641-version-negotiation]
-ssl_conf = 641-version-negotiation-ssl
-
-[641-version-negotiation-ssl]
-server = 641-version-negotiation-server
-client = 641-version-negotiation-client
-
-[641-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[641-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-641]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[642-version-negotiation]
-ssl_conf = 642-version-negotiation-ssl
-
-[642-version-negotiation-ssl]
-server = 642-version-negotiation-server
-client = 642-version-negotiation-client
-
-[642-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[642-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-642]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[643-version-negotiation]
-ssl_conf = 643-version-negotiation-ssl
-
-[643-version-negotiation-ssl]
-server = 643-version-negotiation-server
-client = 643-version-negotiation-client
-
-[643-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[643-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-643]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[644-version-negotiation]
-ssl_conf = 644-version-negotiation-ssl
-
-[644-version-negotiation-ssl]
-server = 644-version-negotiation-server
-client = 644-version-negotiation-client
-
-[644-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[644-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-644]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[645-version-negotiation]
-ssl_conf = 645-version-negotiation-ssl
-
-[645-version-negotiation-ssl]
-server = 645-version-negotiation-server
-client = 645-version-negotiation-client
-
-[645-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[645-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-645]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[646-version-negotiation]
-ssl_conf = 646-version-negotiation-ssl
-
-[646-version-negotiation-ssl]
-server = 646-version-negotiation-server
-client = 646-version-negotiation-client
-
-[646-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[646-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-646]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[647-version-negotiation]
-ssl_conf = 647-version-negotiation-ssl
-
-[647-version-negotiation-ssl]
-server = 647-version-negotiation-server
-client = 647-version-negotiation-client
-
-[647-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[647-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-647]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[648-version-negotiation]
-ssl_conf = 648-version-negotiation-ssl
-
-[648-version-negotiation-ssl]
-server = 648-version-negotiation-server
-client = 648-version-negotiation-client
-
-[648-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[648-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-648]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[649-version-negotiation]
-ssl_conf = 649-version-negotiation-ssl
-
-[649-version-negotiation-ssl]
-server = 649-version-negotiation-server
-client = 649-version-negotiation-client
-
-[649-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[649-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-649]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[650-version-negotiation]
-ssl_conf = 650-version-negotiation-ssl
-
-[650-version-negotiation-ssl]
-server = 650-version-negotiation-server
-client = 650-version-negotiation-client
-
-[650-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[650-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-650]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[651-version-negotiation]
-ssl_conf = 651-version-negotiation-ssl
-
-[651-version-negotiation-ssl]
-server = 651-version-negotiation-server
-client = 651-version-negotiation-client
-
-[651-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[651-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-651]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[652-version-negotiation]
-ssl_conf = 652-version-negotiation-ssl
-
-[652-version-negotiation-ssl]
-server = 652-version-negotiation-server
-client = 652-version-negotiation-client
-
-[652-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[652-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-652]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[653-version-negotiation]
-ssl_conf = 653-version-negotiation-ssl
-
-[653-version-negotiation-ssl]
-server = 653-version-negotiation-server
-client = 653-version-negotiation-client
-
-[653-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[653-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-653]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[654-version-negotiation]
-ssl_conf = 654-version-negotiation-ssl
-
-[654-version-negotiation-ssl]
-server = 654-version-negotiation-server
-client = 654-version-negotiation-client
-
-[654-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[654-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-654]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[655-version-negotiation]
-ssl_conf = 655-version-negotiation-ssl
-
-[655-version-negotiation-ssl]
-server = 655-version-negotiation-server
-client = 655-version-negotiation-client
-
-[655-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[655-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-655]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[656-version-negotiation]
-ssl_conf = 656-version-negotiation-ssl
-
-[656-version-negotiation-ssl]
-server = 656-version-negotiation-server
-client = 656-version-negotiation-client
-
-[656-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = SSLv3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[656-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-656]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[657-version-negotiation]
-ssl_conf = 657-version-negotiation-ssl
-
-[657-version-negotiation-ssl]
-server = 657-version-negotiation-server
-client = 657-version-negotiation-client
-
-[657-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[657-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-657]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[658-version-negotiation]
-ssl_conf = 658-version-negotiation-ssl
-
-[658-version-negotiation-ssl]
-server = 658-version-negotiation-server
-client = 658-version-negotiation-client
-
-[658-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[658-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-658]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[659-version-negotiation]
-ssl_conf = 659-version-negotiation-ssl
-
-[659-version-negotiation-ssl]
-server = 659-version-negotiation-server
-client = 659-version-negotiation-client
-
-[659-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[659-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-659]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[660-version-negotiation]
-ssl_conf = 660-version-negotiation-ssl
-
-[660-version-negotiation-ssl]
-server = 660-version-negotiation-server
-client = 660-version-negotiation-client
-
-[660-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[660-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-660]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[661-version-negotiation]
-ssl_conf = 661-version-negotiation-ssl
-
-[661-version-negotiation-ssl]
-server = 661-version-negotiation-server
-client = 661-version-negotiation-client
-
-[661-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = SSLv3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[661-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-661]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[662-version-negotiation]
-ssl_conf = 662-version-negotiation-ssl
-
-[662-version-negotiation-ssl]
-server = 662-version-negotiation-server
-client = 662-version-negotiation-client
-
-[662-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[662-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-662]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[663-version-negotiation]
-ssl_conf = 663-version-negotiation-ssl
-
-[663-version-negotiation-ssl]
-server = 663-version-negotiation-server
-client = 663-version-negotiation-client
-
-[663-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[663-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-663]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[664-version-negotiation]
-ssl_conf = 664-version-negotiation-ssl
-
-[664-version-negotiation-ssl]
-server = 664-version-negotiation-server
-client = 664-version-negotiation-client
-
-[664-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[664-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-664]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[665-version-negotiation]
-ssl_conf = 665-version-negotiation-ssl
-
-[665-version-negotiation-ssl]
-server = 665-version-negotiation-server
-client = 665-version-negotiation-client
-
-[665-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[665-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-665]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[666-version-negotiation]
-ssl_conf = 666-version-negotiation-ssl
-
-[666-version-negotiation-ssl]
-server = 666-version-negotiation-server
-client = 666-version-negotiation-client
-
-[666-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[666-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-666]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[667-version-negotiation]
-ssl_conf = 667-version-negotiation-ssl
-
-[667-version-negotiation-ssl]
-server = 667-version-negotiation-server
-client = 667-version-negotiation-client
-
-[667-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[667-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-667]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[668-version-negotiation]
-ssl_conf = 668-version-negotiation-ssl
-
-[668-version-negotiation-ssl]
-server = 668-version-negotiation-server
-client = 668-version-negotiation-client
-
-[668-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[668-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-668]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[669-version-negotiation]
-ssl_conf = 669-version-negotiation-ssl
-
-[669-version-negotiation-ssl]
-server = 669-version-negotiation-server
-client = 669-version-negotiation-client
-
-[669-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[669-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-669]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[670-version-negotiation]
-ssl_conf = 670-version-negotiation-ssl
-
-[670-version-negotiation-ssl]
-server = 670-version-negotiation-server
-client = 670-version-negotiation-client
-
-[670-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[670-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-670]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[671-version-negotiation]
-ssl_conf = 671-version-negotiation-ssl
-
-[671-version-negotiation-ssl]
-server = 671-version-negotiation-server
-client = 671-version-negotiation-client
-
-[671-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[671-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-671]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[672-version-negotiation]
-ssl_conf = 672-version-negotiation-ssl
-
-[672-version-negotiation-ssl]
-server = 672-version-negotiation-server
-client = 672-version-negotiation-client
-
-[672-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[672-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-672]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[673-version-negotiation]
-ssl_conf = 673-version-negotiation-ssl
-
-[673-version-negotiation-ssl]
-server = 673-version-negotiation-server
-client = 673-version-negotiation-client
-
-[673-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[673-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-673]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[674-version-negotiation]
-ssl_conf = 674-version-negotiation-ssl
-
-[674-version-negotiation-ssl]
-server = 674-version-negotiation-server
-client = 674-version-negotiation-client
-
-[674-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[674-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-674]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[675-version-negotiation]
-ssl_conf = 675-version-negotiation-ssl
-
-[675-version-negotiation-ssl]
-server = 675-version-negotiation-server
-client = 675-version-negotiation-client
-
-[675-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[675-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-675]
-ExpectedProtocol = TLSv1.3
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[676-ciphersuite-sanity-check-client]
-ssl_conf = 676-ciphersuite-sanity-check-client-ssl
-
-[676-ciphersuite-sanity-check-client-ssl]
-server = 676-ciphersuite-sanity-check-client-server
-client = 676-ciphersuite-sanity-check-client-client
-
-[676-ciphersuite-sanity-check-client-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[676-ciphersuite-sanity-check-client-client]
-CipherString = AES128-SHA
-Ciphersuites = 
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-676]
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[677-ciphersuite-sanity-check-server]
-ssl_conf = 677-ciphersuite-sanity-check-server-ssl
-
-[677-ciphersuite-sanity-check-server-ssl]
-server = 677-ciphersuite-sanity-check-server-server
-client = 677-ciphersuite-sanity-check-server-client
-
-[677-ciphersuite-sanity-check-server-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = AES128-SHA
-Ciphersuites = 
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[677-ciphersuite-sanity-check-server-client]
-CipherString = AES128-SHA
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-677]
-ExpectedResult = ServerFail
-
-
diff --git a/test/ssl-tests/02-protocol-version.conf.in b/test/ssl-tests/02-protocol-version.conf.in

deleted file mode 100644 (file)

index a6799df..0000000
--- a/test/ssl-tests/02-protocol-version.conf.in
+++ /dev/null
@@ -1,19 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test TLS version negotiation
-
-package ssltests;
-
-use strict;
-use warnings;
-
-use protocol_version;
-
-our @tests = generate_version_tests("TLS");
diff --git a/test/ssl-tests/03-custom_verify.cnf b/test/ssl-tests/03-custom_verify.cnf

new file mode 100644 (file)

index 0000000..8dca715
--- /dev/null
+++ b/test/ssl-tests/03-custom_verify.cnf
@@ -0,0 +1,238 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 9
+
+test-0 = 0-verify-success
+test-1 = 1-verify-custom-reject
+test-2 = 2-verify-custom-allow
+test-3 = 3-noverify-success
+test-4 = 4-noverify-ignore-custom-reject
+test-5 = 5-noverify-accept-custom-allow
+test-6 = 6-verify-fail-no-root
+test-7 = 7-verify-custom-success-no-root
+test-8 = 8-verify-custom-fail-no-root
+# ===========================================================
+
+[0-verify-success]
+ssl_conf = 0-verify-success-ssl
+
+[0-verify-success-ssl]
+server = 0-verify-success-server
+client = 0-verify-success-client
+
+[0-verify-success-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-verify-success-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[1-verify-custom-reject]
+ssl_conf = 1-verify-custom-reject-ssl
+
+[1-verify-custom-reject-ssl]
+server = 1-verify-custom-reject-server
+client = 1-verify-custom-reject-client
+
+[1-verify-custom-reject-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-verify-custom-reject-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedClientAlert = HandshakeFailure
+ExpectedResult = ClientFail
+client = 1-verify-custom-reject-client-extra
+
+[1-verify-custom-reject-client-extra]
+VerifyCallback = RejectAll
+
+
+# ===========================================================
+
+[2-verify-custom-allow]
+ssl_conf = 2-verify-custom-allow-ssl
+
+[2-verify-custom-allow-ssl]
+server = 2-verify-custom-allow-server
+client = 2-verify-custom-allow-client
+
+[2-verify-custom-allow-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-verify-custom-allow-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+client = 2-verify-custom-allow-client-extra
+
+[2-verify-custom-allow-client-extra]
+VerifyCallback = AcceptAll
+
+
+# ===========================================================
+
+[3-noverify-success]
+ssl_conf = 3-noverify-success-ssl
+
+[3-noverify-success-ssl]
+server = 3-noverify-success-server
+client = 3-noverify-success-client
+
+[3-noverify-success-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-noverify-success-client]
+CipherString = DEFAULT
+
+[test-3]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[4-noverify-ignore-custom-reject]
+ssl_conf = 4-noverify-ignore-custom-reject-ssl
+
+[4-noverify-ignore-custom-reject-ssl]
+server = 4-noverify-ignore-custom-reject-server
+client = 4-noverify-ignore-custom-reject-client
+
+[4-noverify-ignore-custom-reject-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-noverify-ignore-custom-reject-client]
+CipherString = DEFAULT
+
+[test-4]
+ExpectedResult = Success
+client = 4-noverify-ignore-custom-reject-client-extra
+
+[4-noverify-ignore-custom-reject-client-extra]
+VerifyCallback = RejectAll
+
+
+# ===========================================================
+
+[5-noverify-accept-custom-allow]
+ssl_conf = 5-noverify-accept-custom-allow-ssl
+
+[5-noverify-accept-custom-allow-ssl]
+server = 5-noverify-accept-custom-allow-server
+client = 5-noverify-accept-custom-allow-client
+
+[5-noverify-accept-custom-allow-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-noverify-accept-custom-allow-client]
+CipherString = DEFAULT
+
+[test-5]
+ExpectedResult = Success
+client = 5-noverify-accept-custom-allow-client-extra
+
+[5-noverify-accept-custom-allow-client-extra]
+VerifyCallback = AcceptAll
+
+
+# ===========================================================
+
+[6-verify-fail-no-root]
+ssl_conf = 6-verify-fail-no-root-ssl
+
+[6-verify-fail-no-root-ssl]
+server = 6-verify-fail-no-root-server
+client = 6-verify-fail-no-root-client
+
+[6-verify-fail-no-root-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-verify-fail-no-root-client]
+CipherString = DEFAULT
+VerifyMode = Peer
+
+[test-6]
+ExpectedClientAlert = UnknownCA
+ExpectedResult = ClientFail
+
+
+# ===========================================================
+
+[7-verify-custom-success-no-root]
+ssl_conf = 7-verify-custom-success-no-root-ssl
+
+[7-verify-custom-success-no-root-ssl]
+server = 7-verify-custom-success-no-root-server
+client = 7-verify-custom-success-no-root-client
+
+[7-verify-custom-success-no-root-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-verify-custom-success-no-root-client]
+CipherString = DEFAULT
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = Success
+client = 7-verify-custom-success-no-root-client-extra
+
+[7-verify-custom-success-no-root-client-extra]
+VerifyCallback = AcceptAll
+
+
+# ===========================================================
+
+[8-verify-custom-fail-no-root]
+ssl_conf = 8-verify-custom-fail-no-root-ssl
+
+[8-verify-custom-fail-no-root-ssl]
+server = 8-verify-custom-fail-no-root-server
+client = 8-verify-custom-fail-no-root-client
+
+[8-verify-custom-fail-no-root-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-verify-custom-fail-no-root-client]
+CipherString = DEFAULT
+VerifyMode = Peer
+
+[test-8]
+ExpectedClientAlert = HandshakeFailure
+ExpectedResult = ClientFail
+client = 8-verify-custom-fail-no-root-client-extra
+
+[8-verify-custom-fail-no-root-client-extra]
+VerifyCallback = RejectAll
+
+
diff --git a/test/ssl-tests/03-custom_verify.cnf.in b/test/ssl-tests/03-custom_verify.cnf.in

new file mode 100644 (file)

index 0000000..b3b16c9
--- /dev/null
+++ b/test/ssl-tests/03-custom_verify.cnf.in
@@ -0,0 +1,145 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## SSL test configurations
+
+package ssltests;
+
+our @tests = (
+
+    # Sanity-check that verification indeed succeeds without the
+    # restrictive callback.
+    {
+        name => "verify-success",
+        server => { },
+        client => { },
+        test   => { "ExpectedResult" => "Success" },
+    },
+
+    # Same test as above but with a custom callback that always fails.
+    {
+        name => "verify-custom-reject",
+        server => { },
+        client => {
+            extra => {
+                "VerifyCallback" => "RejectAll",
+            },
+        },
+        test   => {
+            "ExpectedResult" => "ClientFail",
+            "ExpectedClientAlert" => "HandshakeFailure",
+        },
+    },
+
+    # Same test as above but with a custom callback that always succeeds.
+    {
+        name => "verify-custom-allow",
+        server => { },
+        client => {
+            extra => {
+                "VerifyCallback" => "AcceptAll",
+            },
+        },
+        test   => {
+            "ExpectedResult" => "Success",
+        },
+    },
+
+    # Sanity-check that verification indeed succeeds if peer verification
+    # is not requested.
+    {
+        name => "noverify-success",
+        server => { },
+        client => {
+            "VerifyMode" => undef,
+            "VerifyCAFile" => undef,
+        },
+        test   => { "ExpectedResult" => "Success" },
+    },
+
+    # Same test as above but with a custom callback that always fails.
+    # The callback return has no impact on handshake success in this mode.
+    {
+        name => "noverify-ignore-custom-reject",
+        server => { },
+        client => {
+            "VerifyMode" => undef,
+            "VerifyCAFile" => undef,
+            extra => {
+                "VerifyCallback" => "RejectAll",
+            },
+        },
+        test   => {
+            "ExpectedResult" => "Success",
+        },
+    },
+
+    # Same test as above but with a custom callback that always succeeds.
+    # The callback return has no impact on handshake success in this mode.
+    {
+        name => "noverify-accept-custom-allow",
+        server => { },
+        client => {
+            "VerifyMode" => undef,
+            "VerifyCAFile" => undef,
+            extra => {
+                "VerifyCallback" => "AcceptAll",
+            },
+        },
+        test   => {
+            "ExpectedResult" => "Success",
+        },
+    },
+
+    # Sanity-check that verification indeed fails without the
+    # permissive callback.
+    {
+        name => "verify-fail-no-root",
+        server => { },
+        client => {
+            # Don't set up the client root file.
+            "VerifyCAFile" => undef,
+        },
+        test   => {
+          "ExpectedResult" => "ClientFail",
+          "ExpectedClientAlert" => "UnknownCA",
+        },
+    },
+
+    # Same test as above but with a custom callback that always succeeds.
+    {
+        name => "verify-custom-success-no-root",
+        server => { },
+        client => {
+            "VerifyCAFile" => undef,
+            extra => {
+                "VerifyCallback" => "AcceptAll",
+            },
+        },
+        test   => {
+            "ExpectedResult" => "Success"
+        },
+    },
+
+    # Same test as above but with a custom callback that always fails.
+    {
+        name => "verify-custom-fail-no-root",
+        server => { },
+        client => {
+            "VerifyCAFile" => undef,
+            extra => {
+                "VerifyCallback" => "RejectAll",
+            },
+        },
+        test   => {
+            "ExpectedResult" => "ClientFail",
+            "ExpectedClientAlert" => "HandshakeFailure",
+        },
+    },
+);
diff --git a/test/ssl-tests/03-custom_verify.conf b/test/ssl-tests/03-custom_verify.conf

deleted file mode 100644 (file)

index 8dca715..0000000
--- a/test/ssl-tests/03-custom_verify.conf
+++ /dev/null
@@ -1,238 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 9
-
-test-0 = 0-verify-success
-test-1 = 1-verify-custom-reject
-test-2 = 2-verify-custom-allow
-test-3 = 3-noverify-success
-test-4 = 4-noverify-ignore-custom-reject
-test-5 = 5-noverify-accept-custom-allow
-test-6 = 6-verify-fail-no-root
-test-7 = 7-verify-custom-success-no-root
-test-8 = 8-verify-custom-fail-no-root
-# ===========================================================
-
-[0-verify-success]
-ssl_conf = 0-verify-success-ssl
-
-[0-verify-success-ssl]
-server = 0-verify-success-server
-client = 0-verify-success-client
-
-[0-verify-success-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-verify-success-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[1-verify-custom-reject]
-ssl_conf = 1-verify-custom-reject-ssl
-
-[1-verify-custom-reject-ssl]
-server = 1-verify-custom-reject-server
-client = 1-verify-custom-reject-client
-
-[1-verify-custom-reject-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-verify-custom-reject-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedClientAlert = HandshakeFailure
-ExpectedResult = ClientFail
-client = 1-verify-custom-reject-client-extra
-
-[1-verify-custom-reject-client-extra]
-VerifyCallback = RejectAll
-
-
-# ===========================================================
-
-[2-verify-custom-allow]
-ssl_conf = 2-verify-custom-allow-ssl
-
-[2-verify-custom-allow-ssl]
-server = 2-verify-custom-allow-server
-client = 2-verify-custom-allow-client
-
-[2-verify-custom-allow-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-verify-custom-allow-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedResult = Success
-client = 2-verify-custom-allow-client-extra
-
-[2-verify-custom-allow-client-extra]
-VerifyCallback = AcceptAll
-
-
-# ===========================================================
-
-[3-noverify-success]
-ssl_conf = 3-noverify-success-ssl
-
-[3-noverify-success-ssl]
-server = 3-noverify-success-server
-client = 3-noverify-success-client
-
-[3-noverify-success-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-noverify-success-client]
-CipherString = DEFAULT
-
-[test-3]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[4-noverify-ignore-custom-reject]
-ssl_conf = 4-noverify-ignore-custom-reject-ssl
-
-[4-noverify-ignore-custom-reject-ssl]
-server = 4-noverify-ignore-custom-reject-server
-client = 4-noverify-ignore-custom-reject-client
-
-[4-noverify-ignore-custom-reject-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-noverify-ignore-custom-reject-client]
-CipherString = DEFAULT
-
-[test-4]
-ExpectedResult = Success
-client = 4-noverify-ignore-custom-reject-client-extra
-
-[4-noverify-ignore-custom-reject-client-extra]
-VerifyCallback = RejectAll
-
-
-# ===========================================================
-
-[5-noverify-accept-custom-allow]
-ssl_conf = 5-noverify-accept-custom-allow-ssl
-
-[5-noverify-accept-custom-allow-ssl]
-server = 5-noverify-accept-custom-allow-server
-client = 5-noverify-accept-custom-allow-client
-
-[5-noverify-accept-custom-allow-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-noverify-accept-custom-allow-client]
-CipherString = DEFAULT
-
-[test-5]
-ExpectedResult = Success
-client = 5-noverify-accept-custom-allow-client-extra
-
-[5-noverify-accept-custom-allow-client-extra]
-VerifyCallback = AcceptAll
-
-
-# ===========================================================
-
-[6-verify-fail-no-root]
-ssl_conf = 6-verify-fail-no-root-ssl
-
-[6-verify-fail-no-root-ssl]
-server = 6-verify-fail-no-root-server
-client = 6-verify-fail-no-root-client
-
-[6-verify-fail-no-root-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-verify-fail-no-root-client]
-CipherString = DEFAULT
-VerifyMode = Peer
-
-[test-6]
-ExpectedClientAlert = UnknownCA
-ExpectedResult = ClientFail
-
-
-# ===========================================================
-
-[7-verify-custom-success-no-root]
-ssl_conf = 7-verify-custom-success-no-root-ssl
-
-[7-verify-custom-success-no-root-ssl]
-server = 7-verify-custom-success-no-root-server
-client = 7-verify-custom-success-no-root-client
-
-[7-verify-custom-success-no-root-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-verify-custom-success-no-root-client]
-CipherString = DEFAULT
-VerifyMode = Peer
-
-[test-7]
-ExpectedResult = Success
-client = 7-verify-custom-success-no-root-client-extra
-
-[7-verify-custom-success-no-root-client-extra]
-VerifyCallback = AcceptAll
-
-
-# ===========================================================
-
-[8-verify-custom-fail-no-root]
-ssl_conf = 8-verify-custom-fail-no-root-ssl
-
-[8-verify-custom-fail-no-root-ssl]
-server = 8-verify-custom-fail-no-root-server
-client = 8-verify-custom-fail-no-root-client
-
-[8-verify-custom-fail-no-root-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-verify-custom-fail-no-root-client]
-CipherString = DEFAULT
-VerifyMode = Peer
-
-[test-8]
-ExpectedClientAlert = HandshakeFailure
-ExpectedResult = ClientFail
-client = 8-verify-custom-fail-no-root-client-extra
-
-[8-verify-custom-fail-no-root-client-extra]
-VerifyCallback = RejectAll
-
-
diff --git a/test/ssl-tests/03-custom_verify.conf.in b/test/ssl-tests/03-custom_verify.conf.in

deleted file mode 100644 (file)

index b3b16c9..0000000
--- a/test/ssl-tests/03-custom_verify.conf.in
+++ /dev/null
@@ -1,145 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## SSL test configurations
-
-package ssltests;
-
-our @tests = (
-
-    # Sanity-check that verification indeed succeeds without the
-    # restrictive callback.
-    {
-        name => "verify-success",
-        server => { },
-        client => { },
-        test   => { "ExpectedResult" => "Success" },
-    },
-
-    # Same test as above but with a custom callback that always fails.
-    {
-        name => "verify-custom-reject",
-        server => { },
-        client => {
-            extra => {
-                "VerifyCallback" => "RejectAll",
-            },
-        },
-        test   => {
-            "ExpectedResult" => "ClientFail",
-            "ExpectedClientAlert" => "HandshakeFailure",
-        },
-    },
-
-    # Same test as above but with a custom callback that always succeeds.
-    {
-        name => "verify-custom-allow",
-        server => { },
-        client => {
-            extra => {
-                "VerifyCallback" => "AcceptAll",
-            },
-        },
-        test   => {
-            "ExpectedResult" => "Success",
-        },
-    },
-
-    # Sanity-check that verification indeed succeeds if peer verification
-    # is not requested.
-    {
-        name => "noverify-success",
-        server => { },
-        client => {
-            "VerifyMode" => undef,
-            "VerifyCAFile" => undef,
-        },
-        test   => { "ExpectedResult" => "Success" },
-    },
-
-    # Same test as above but with a custom callback that always fails.
-    # The callback return has no impact on handshake success in this mode.
-    {
-        name => "noverify-ignore-custom-reject",
-        server => { },
-        client => {
-            "VerifyMode" => undef,
-            "VerifyCAFile" => undef,
-            extra => {
-                "VerifyCallback" => "RejectAll",
-            },
-        },
-        test   => {
-            "ExpectedResult" => "Success",
-        },
-    },
-
-    # Same test as above but with a custom callback that always succeeds.
-    # The callback return has no impact on handshake success in this mode.
-    {
-        name => "noverify-accept-custom-allow",
-        server => { },
-        client => {
-            "VerifyMode" => undef,
-            "VerifyCAFile" => undef,
-            extra => {
-                "VerifyCallback" => "AcceptAll",
-            },
-        },
-        test   => {
-            "ExpectedResult" => "Success",
-        },
-    },
-
-    # Sanity-check that verification indeed fails without the
-    # permissive callback.
-    {
-        name => "verify-fail-no-root",
-        server => { },
-        client => {
-            # Don't set up the client root file.
-            "VerifyCAFile" => undef,
-        },
-        test   => {
-          "ExpectedResult" => "ClientFail",
-          "ExpectedClientAlert" => "UnknownCA",
-        },
-    },
-
-    # Same test as above but with a custom callback that always succeeds.
-    {
-        name => "verify-custom-success-no-root",
-        server => { },
-        client => {
-            "VerifyCAFile" => undef,
-            extra => {
-                "VerifyCallback" => "AcceptAll",
-            },
-        },
-        test   => {
-            "ExpectedResult" => "Success"
-        },
-    },
-
-    # Same test as above but with a custom callback that always fails.
-    {
-        name => "verify-custom-fail-no-root",
-        server => { },
-        client => {
-            "VerifyCAFile" => undef,
-            extra => {
-                "VerifyCallback" => "RejectAll",
-            },
-        },
-        test   => {
-            "ExpectedResult" => "ClientFail",
-            "ExpectedClientAlert" => "HandshakeFailure",
-        },
-    },
-);
diff --git a/test/ssl-tests/04-client_auth.cnf b/test/ssl-tests/04-client_auth.cnf

new file mode 100644 (file)

index 0000000..8debb66
--- /dev/null
+++ b/test/ssl-tests/04-client_auth.cnf
@@ -0,0 +1,1132 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 36
+
+test-0 = 0-server-auth-flex
+test-1 = 1-client-auth-flex-request
+test-2 = 2-client-auth-flex-require-fail
+test-3 = 3-client-auth-flex-require
+test-4 = 4-client-auth-flex-require-non-empty-names
+test-5 = 5-client-auth-flex-noroot
+test-6 = 6-server-auth-TLSv1
+test-7 = 7-client-auth-TLSv1-request
+test-8 = 8-client-auth-TLSv1-require-fail
+test-9 = 9-client-auth-TLSv1-require
+test-10 = 10-client-auth-TLSv1-require-non-empty-names
+test-11 = 11-client-auth-TLSv1-noroot
+test-12 = 12-server-auth-TLSv1.1
+test-13 = 13-client-auth-TLSv1.1-request
+test-14 = 14-client-auth-TLSv1.1-require-fail
+test-15 = 15-client-auth-TLSv1.1-require
+test-16 = 16-client-auth-TLSv1.1-require-non-empty-names
+test-17 = 17-client-auth-TLSv1.1-noroot
+test-18 = 18-server-auth-TLSv1.2
+test-19 = 19-client-auth-TLSv1.2-request
+test-20 = 20-client-auth-TLSv1.2-require-fail
+test-21 = 21-client-auth-TLSv1.2-require
+test-22 = 22-client-auth-TLSv1.2-require-non-empty-names
+test-23 = 23-client-auth-TLSv1.2-noroot
+test-24 = 24-server-auth-DTLSv1
+test-25 = 25-client-auth-DTLSv1-request
+test-26 = 26-client-auth-DTLSv1-require-fail
+test-27 = 27-client-auth-DTLSv1-require
+test-28 = 28-client-auth-DTLSv1-require-non-empty-names
+test-29 = 29-client-auth-DTLSv1-noroot
+test-30 = 30-server-auth-DTLSv1.2
+test-31 = 31-client-auth-DTLSv1.2-request
+test-32 = 32-client-auth-DTLSv1.2-require-fail
+test-33 = 33-client-auth-DTLSv1.2-require
+test-34 = 34-client-auth-DTLSv1.2-require-non-empty-names
+test-35 = 35-client-auth-DTLSv1.2-noroot
+# ===========================================================
+
+[0-server-auth-flex]
+ssl_conf = 0-server-auth-flex-ssl
+
+[0-server-auth-flex-ssl]
+server = 0-server-auth-flex-server
+client = 0-server-auth-flex-client
+
+[0-server-auth-flex-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-server-auth-flex-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[1-client-auth-flex-request]
+ssl_conf = 1-client-auth-flex-request-ssl
+
+[1-client-auth-flex-request-ssl]
+server = 1-client-auth-flex-request-server
+client = 1-client-auth-flex-request-client
+
+[1-client-auth-flex-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Request
+
+[1-client-auth-flex-request-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[2-client-auth-flex-require-fail]
+ssl_conf = 2-client-auth-flex-require-fail-ssl
+
+[2-client-auth-flex-require-fail-ssl]
+server = 2-client-auth-flex-require-fail-server
+client = 2-client-auth-flex-require-fail-client
+
+[2-client-auth-flex-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[2-client-auth-flex-require-fail-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = ServerFail
+ExpectedServerAlert = CertificateRequired
+
+
+# ===========================================================
+
+[3-client-auth-flex-require]
+ssl_conf = 3-client-auth-flex-require-ssl
+
+[3-client-auth-flex-require-ssl]
+server = 3-client-auth-flex-require-server
+client = 3-client-auth-flex-require-client
+
+[3-client-auth-flex-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[3-client-auth-flex-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedClientCANames = empty
+ExpectedClientCertType = RSA
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[4-client-auth-flex-require-non-empty-names]
+ssl_conf = 4-client-auth-flex-require-non-empty-names-ssl
+
+[4-client-auth-flex-require-non-empty-names-ssl]
+server = 4-client-auth-flex-require-non-empty-names-server
+client = 4-client-auth-flex-require-non-empty-names-client
+
+[4-client-auth-flex-require-non-empty-names-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[4-client-auth-flex-require-non-empty-names-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ExpectedClientCertType = RSA
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[5-client-auth-flex-noroot]
+ssl_conf = 5-client-auth-flex-noroot-ssl
+
+[5-client-auth-flex-noroot-ssl]
+server = 5-client-auth-flex-noroot-server
+client = 5-client-auth-flex-noroot-client
+
+[5-client-auth-flex-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Require
+
+[5-client-auth-flex-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = ServerFail
+ExpectedServerAlert = UnknownCA
+
+
+# ===========================================================
+
+[6-server-auth-TLSv1]
+ssl_conf = 6-server-auth-TLSv1-ssl
+
+[6-server-auth-TLSv1-ssl]
+server = 6-server-auth-TLSv1-server
+client = 6-server-auth-TLSv1-client
+
+[6-server-auth-TLSv1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-server-auth-TLSv1-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[7-client-auth-TLSv1-request]
+ssl_conf = 7-client-auth-TLSv1-request-ssl
+
+[7-client-auth-TLSv1-request-ssl]
+server = 7-client-auth-TLSv1-request-server
+client = 7-client-auth-TLSv1-request-client
+
+[7-client-auth-TLSv1-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Request
+
+[7-client-auth-TLSv1-request-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[8-client-auth-TLSv1-require-fail]
+ssl_conf = 8-client-auth-TLSv1-require-fail-ssl
+
+[8-client-auth-TLSv1-require-fail-ssl]
+server = 8-client-auth-TLSv1-require-fail-server
+client = 8-client-auth-TLSv1-require-fail-client
+
+[8-client-auth-TLSv1-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[8-client-auth-TLSv1-require-fail-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedResult = ServerFail
+ExpectedServerAlert = HandshakeFailure
+
+
+# ===========================================================
+
+[9-client-auth-TLSv1-require]
+ssl_conf = 9-client-auth-TLSv1-require-ssl
+
+[9-client-auth-TLSv1-require-ssl]
+server = 9-client-auth-TLSv1-require-server
+client = 9-client-auth-TLSv1-require-client
+
+[9-client-auth-TLSv1-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[9-client-auth-TLSv1-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedClientCANames = empty
+ExpectedClientCertType = RSA
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[10-client-auth-TLSv1-require-non-empty-names]
+ssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl
+
+[10-client-auth-TLSv1-require-non-empty-names-ssl]
+server = 10-client-auth-TLSv1-require-non-empty-names-server
+client = 10-client-auth-TLSv1-require-non-empty-names-client
+
+[10-client-auth-TLSv1-require-non-empty-names-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[10-client-auth-TLSv1-require-non-empty-names-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ExpectedClientCertType = RSA
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[11-client-auth-TLSv1-noroot]
+ssl_conf = 11-client-auth-TLSv1-noroot-ssl
+
+[11-client-auth-TLSv1-noroot-ssl]
+server = 11-client-auth-TLSv1-noroot-server
+client = 11-client-auth-TLSv1-noroot-client
+
+[11-client-auth-TLSv1-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Require
+
+[11-client-auth-TLSv1-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedResult = ServerFail
+ExpectedServerAlert = UnknownCA
+
+
+# ===========================================================
+
+[12-server-auth-TLSv1.1]
+ssl_conf = 12-server-auth-TLSv1.1-ssl
+
+[12-server-auth-TLSv1.1-ssl]
+server = 12-server-auth-TLSv1.1-server
+client = 12-server-auth-TLSv1.1-client
+
+[12-server-auth-TLSv1.1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-server-auth-TLSv1.1-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[13-client-auth-TLSv1.1-request]
+ssl_conf = 13-client-auth-TLSv1.1-request-ssl
+
+[13-client-auth-TLSv1.1-request-ssl]
+server = 13-client-auth-TLSv1.1-request-server
+client = 13-client-auth-TLSv1.1-request-client
+
+[13-client-auth-TLSv1.1-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Request
+
+[13-client-auth-TLSv1.1-request-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[14-client-auth-TLSv1.1-require-fail]
+ssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl
+
+[14-client-auth-TLSv1.1-require-fail-ssl]
+server = 14-client-auth-TLSv1.1-require-fail-server
+client = 14-client-auth-TLSv1.1-require-fail-client
+
+[14-client-auth-TLSv1.1-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[14-client-auth-TLSv1.1-require-fail-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedResult = ServerFail
+ExpectedServerAlert = HandshakeFailure
+
+
+# ===========================================================
+
+[15-client-auth-TLSv1.1-require]
+ssl_conf = 15-client-auth-TLSv1.1-require-ssl
+
+[15-client-auth-TLSv1.1-require-ssl]
+server = 15-client-auth-TLSv1.1-require-server
+client = 15-client-auth-TLSv1.1-require-client
+
+[15-client-auth-TLSv1.1-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[15-client-auth-TLSv1.1-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedClientCANames = empty
+ExpectedClientCertType = RSA
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[16-client-auth-TLSv1.1-require-non-empty-names]
+ssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl
+
+[16-client-auth-TLSv1.1-require-non-empty-names-ssl]
+server = 16-client-auth-TLSv1.1-require-non-empty-names-server
+client = 16-client-auth-TLSv1.1-require-non-empty-names-client
+
+[16-client-auth-TLSv1.1-require-non-empty-names-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[16-client-auth-TLSv1.1-require-non-empty-names-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ExpectedClientCertType = RSA
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[17-client-auth-TLSv1.1-noroot]
+ssl_conf = 17-client-auth-TLSv1.1-noroot-ssl
+
+[17-client-auth-TLSv1.1-noroot-ssl]
+server = 17-client-auth-TLSv1.1-noroot-server
+client = 17-client-auth-TLSv1.1-noroot-client
+
+[17-client-auth-TLSv1.1-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Require
+
+[17-client-auth-TLSv1.1-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+ExpectedResult = ServerFail
+ExpectedServerAlert = UnknownCA
+
+
+# ===========================================================
+
+[18-server-auth-TLSv1.2]
+ssl_conf = 18-server-auth-TLSv1.2-ssl
+
+[18-server-auth-TLSv1.2-ssl]
+server = 18-server-auth-TLSv1.2-server
+client = 18-server-auth-TLSv1.2-client
+
+[18-server-auth-TLSv1.2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-server-auth-TLSv1.2-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[19-client-auth-TLSv1.2-request]
+ssl_conf = 19-client-auth-TLSv1.2-request-ssl
+
+[19-client-auth-TLSv1.2-request-ssl]
+server = 19-client-auth-TLSv1.2-request-server
+client = 19-client-auth-TLSv1.2-request-client
+
+[19-client-auth-TLSv1.2-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Request
+
+[19-client-auth-TLSv1.2-request-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[20-client-auth-TLSv1.2-require-fail]
+ssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl
+
+[20-client-auth-TLSv1.2-require-fail-ssl]
+server = 20-client-auth-TLSv1.2-require-fail-server
+client = 20-client-auth-TLSv1.2-require-fail-client
+
+[20-client-auth-TLSv1.2-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[20-client-auth-TLSv1.2-require-fail-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-20]
+ExpectedResult = ServerFail
+ExpectedServerAlert = HandshakeFailure
+
+
+# ===========================================================
+
+[21-client-auth-TLSv1.2-require]
+ssl_conf = 21-client-auth-TLSv1.2-require-ssl
+
+[21-client-auth-TLSv1.2-require-ssl]
+server = 21-client-auth-TLSv1.2-require-server
+client = 21-client-auth-TLSv1.2-require-client
+
+[21-client-auth-TLSv1.2-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = SHA256+RSA
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[21-client-auth-TLSv1.2-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-21]
+ExpectedClientCANames = empty
+ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
+ExpectedClientSignType = RSA
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[22-client-auth-TLSv1.2-require-non-empty-names]
+ssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl
+
+[22-client-auth-TLSv1.2-require-non-empty-names-ssl]
+server = 22-client-auth-TLSv1.2-require-non-empty-names-server
+client = 22-client-auth-TLSv1.2-require-non-empty-names-client
+
+[22-client-auth-TLSv1.2-require-non-empty-names-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ClientSignatureAlgorithms = SHA256+RSA
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[22-client-auth-TLSv1.2-require-non-empty-names-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-22]
+ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
+ExpectedClientSignType = RSA
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[23-client-auth-TLSv1.2-noroot]
+ssl_conf = 23-client-auth-TLSv1.2-noroot-ssl
+
+[23-client-auth-TLSv1.2-noroot-ssl]
+server = 23-client-auth-TLSv1.2-noroot-server
+client = 23-client-auth-TLSv1.2-noroot-client
+
+[23-client-auth-TLSv1.2-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Require
+
+[23-client-auth-TLSv1.2-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-23]
+ExpectedResult = ServerFail
+ExpectedServerAlert = UnknownCA
+
+
+# ===========================================================
+
+[24-server-auth-DTLSv1]
+ssl_conf = 24-server-auth-DTLSv1-ssl
+
+[24-server-auth-DTLSv1-ssl]
+server = 24-server-auth-DTLSv1-server
+client = 24-server-auth-DTLSv1-client
+
+[24-server-auth-DTLSv1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[24-server-auth-DTLSv1-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-24]
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[25-client-auth-DTLSv1-request]
+ssl_conf = 25-client-auth-DTLSv1-request-ssl
+
+[25-client-auth-DTLSv1-request-ssl]
+server = 25-client-auth-DTLSv1-request-server
+client = 25-client-auth-DTLSv1-request-client
+
+[25-client-auth-DTLSv1-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Request
+
+[25-client-auth-DTLSv1-request-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-25]
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[26-client-auth-DTLSv1-require-fail]
+ssl_conf = 26-client-auth-DTLSv1-require-fail-ssl
+
+[26-client-auth-DTLSv1-require-fail-ssl]
+server = 26-client-auth-DTLSv1-require-fail-server
+client = 26-client-auth-DTLSv1-require-fail-client
+
+[26-client-auth-DTLSv1-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[26-client-auth-DTLSv1-require-fail-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-26]
+ExpectedResult = ServerFail
+ExpectedServerAlert = HandshakeFailure
+Method = DTLS
+
+
+# ===========================================================
+
+[27-client-auth-DTLSv1-require]
+ssl_conf = 27-client-auth-DTLSv1-require-ssl
+
+[27-client-auth-DTLSv1-require-ssl]
+server = 27-client-auth-DTLSv1-require-server
+client = 27-client-auth-DTLSv1-require-client
+
+[27-client-auth-DTLSv1-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[27-client-auth-DTLSv1-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-27]
+ExpectedClientCANames = empty
+ExpectedClientCertType = RSA
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[28-client-auth-DTLSv1-require-non-empty-names]
+ssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl
+
+[28-client-auth-DTLSv1-require-non-empty-names-ssl]
+server = 28-client-auth-DTLSv1-require-non-empty-names-server
+client = 28-client-auth-DTLSv1-require-non-empty-names-client
+
+[28-client-auth-DTLSv1-require-non-empty-names-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[28-client-auth-DTLSv1-require-non-empty-names-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-28]
+ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ExpectedClientCertType = RSA
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[29-client-auth-DTLSv1-noroot]
+ssl_conf = 29-client-auth-DTLSv1-noroot-ssl
+
+[29-client-auth-DTLSv1-noroot-ssl]
+server = 29-client-auth-DTLSv1-noroot-server
+client = 29-client-auth-DTLSv1-noroot-client
+
+[29-client-auth-DTLSv1-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Require
+
+[29-client-auth-DTLSv1-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-29]
+ExpectedResult = ServerFail
+ExpectedServerAlert = UnknownCA
+Method = DTLS
+
+
+# ===========================================================
+
+[30-server-auth-DTLSv1.2]
+ssl_conf = 30-server-auth-DTLSv1.2-ssl
+
+[30-server-auth-DTLSv1.2-ssl]
+server = 30-server-auth-DTLSv1.2-server
+client = 30-server-auth-DTLSv1.2-client
+
+[30-server-auth-DTLSv1.2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[30-server-auth-DTLSv1.2-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-30]
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[31-client-auth-DTLSv1.2-request]
+ssl_conf = 31-client-auth-DTLSv1.2-request-ssl
+
+[31-client-auth-DTLSv1.2-request-ssl]
+server = 31-client-auth-DTLSv1.2-request-server
+client = 31-client-auth-DTLSv1.2-request-client
+
+[31-client-auth-DTLSv1.2-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Request
+
+[31-client-auth-DTLSv1.2-request-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-31]
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[32-client-auth-DTLSv1.2-require-fail]
+ssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl
+
+[32-client-auth-DTLSv1.2-require-fail-ssl]
+server = 32-client-auth-DTLSv1.2-require-fail-server
+client = 32-client-auth-DTLSv1.2-require-fail-client
+
+[32-client-auth-DTLSv1.2-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[32-client-auth-DTLSv1.2-require-fail-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-32]
+ExpectedResult = ServerFail
+ExpectedServerAlert = HandshakeFailure
+Method = DTLS
+
+
+# ===========================================================
+
+[33-client-auth-DTLSv1.2-require]
+ssl_conf = 33-client-auth-DTLSv1.2-require-ssl
+
+[33-client-auth-DTLSv1.2-require-ssl]
+server = 33-client-auth-DTLSv1.2-require-server
+client = 33-client-auth-DTLSv1.2-require-client
+
+[33-client-auth-DTLSv1.2-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[33-client-auth-DTLSv1.2-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-33]
+ExpectedClientCANames = empty
+ExpectedClientCertType = RSA
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[34-client-auth-DTLSv1.2-require-non-empty-names]
+ssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl
+
+[34-client-auth-DTLSv1.2-require-non-empty-names-ssl]
+server = 34-client-auth-DTLSv1.2-require-non-empty-names-server
+client = 34-client-auth-DTLSv1.2-require-non-empty-names-client
+
+[34-client-auth-DTLSv1.2-require-non-empty-names-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[34-client-auth-DTLSv1.2-require-non-empty-names-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-34]
+ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ExpectedClientCertType = RSA
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[35-client-auth-DTLSv1.2-noroot]
+ssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl
+
+[35-client-auth-DTLSv1.2-noroot-ssl]
+server = 35-client-auth-DTLSv1.2-noroot-server
+client = 35-client-auth-DTLSv1.2-noroot-client
+
+[35-client-auth-DTLSv1.2-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Require
+
+[35-client-auth-DTLSv1.2-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-35]
+ExpectedResult = ServerFail
+ExpectedServerAlert = UnknownCA
+Method = DTLS
+
+
diff --git a/test/ssl-tests/04-client_auth.cnf.in b/test/ssl-tests/04-client_auth.cnf.in

new file mode 100644 (file)

index 0000000..b9c014d
--- /dev/null
+++ b/test/ssl-tests/04-client_auth.cnf.in
@@ -0,0 +1,196 @@
+# -*- mode: perl; -*-
+
+## SSL test configurations
+
+package ssltests;
+
+use strict;
+use warnings;
+
+use OpenSSL::Test;
+use OpenSSL::Test::Utils qw(anydisabled disabled);
+setup("no_test_here");
+
+# We test version-flexible negotiation (undef) and each protocol version.
+my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1", "DTLSv1.2");
+
+my @is_disabled = (0);
+push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "dtls1", "dtls1_2");
+
+our @tests = ();
+
+sub generate_tests() {
+    foreach (0..$#protocols) {
+        my $protocol = $protocols[$_];
+        my $protocol_name = $protocol || "flex";
+        my $caalert;
+        my $method;
+        my $sctpenabled = 0;
+        if (!$is_disabled[$_]) {
+            if ($protocol_name eq "SSLv3") {
+                $caalert = "BadCertificate";
+            } else {
+                $caalert = "UnknownCA";
+            }
+            if ($protocol_name =~ m/^DTLS/) {
+                $method = "DTLS";
+                $sctpenabled = 1 if !disabled("sctp");
+            }
+            my $clihash;
+            my $clisigtype;
+            my $clisigalgs;
+            # TODO(TLS1.3) add TLSv1.3 versions
+            if ($protocol_name eq "TLSv1.2") {
+                $clihash = "SHA256";
+                $clisigtype = "RSA";
+                $clisigalgs = "SHA256+RSA";
+            }
+            for (my $sctp = 0; $sctp <= $sctpenabled; $sctp++) {
+                # Sanity-check simple handshake.
+                push @tests, {
+                    name => "server-auth-${protocol_name}"
+                            .($sctp ? "-sctp" : ""),
+                    server => {
+                        "MinProtocol" => $protocol,
+                        "MaxProtocol" => $protocol
+                    },
+                    client => {
+                        "MinProtocol" => $protocol,
+                        "MaxProtocol" => $protocol
+                    },
+                    test   => {
+                        "ExpectedResult" => "Success",
+                        "Method" => $method,
+                    },
+                };
+                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
+
+                # Handshake with client cert requested but not required or received.
+                push @tests, {
+                    name => "client-auth-${protocol_name}-request"
+                            .($sctp ? "-sctp" : ""),
+                    server => {
+                        "MinProtocol" => $protocol,
+                        "MaxProtocol" => $protocol,
+                        "VerifyMode" => "Request"
+                    },
+                    client => {
+                        "MinProtocol" => $protocol,
+                        "MaxProtocol" => $protocol
+                    },
+                    test   => {
+                        "ExpectedResult" => "Success",
+                        "Method" => $method,
+                    },
+                };
+                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
+
+                # Handshake with client cert required but not present.
+                push @tests, {
+                    name => "client-auth-${protocol_name}-require-fail"
+                            .($sctp ? "-sctp" : ""),
+                    server => {
+                        "MinProtocol" => $protocol,
+                        "MaxProtocol" => $protocol,
+                        "VerifyCAFile" => test_pem("root-cert.pem"),
+                        "VerifyMode" => "Require",
+                    },
+                    client => {
+                        "MinProtocol" => $protocol,
+                        "MaxProtocol" => $protocol
+                    },
+                    test   => {
+                        "ExpectedResult" => "ServerFail",
+                        "ExpectedServerAlert" =>
+                        ($protocol_name eq "flex" && !disabled("tls1_3"))
+                        ? "CertificateRequired" : "HandshakeFailure",
+                        "Method" => $method,
+                    },
+                };
+                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
+
+                # Successful handshake with client authentication.
+                push @tests, {
+                    name => "client-auth-${protocol_name}-require"
+                             .($sctp ? "-sctp" : ""),
+                    server => {
+                        "MinProtocol" => $protocol,
+                        "MaxProtocol" => $protocol,
+                        "ClientSignatureAlgorithms" => $clisigalgs,
+                        "VerifyCAFile" => test_pem("root-cert.pem"),
+                        "VerifyMode" => "Request",
+                    },
+                    client => {
+                        "MinProtocol" => $protocol,
+                        "MaxProtocol" => $protocol,
+                        "Certificate" => test_pem("ee-client-chain.pem"),
+                        "PrivateKey"  => test_pem("ee-key.pem"),
+                    },
+                    test   => {
+                        "ExpectedResult" => "Success",
+                        "ExpectedClientCertType" => "RSA",
+                        "ExpectedClientSignType" => $clisigtype,
+                        "ExpectedClientSignHash" => $clihash,
+                        "ExpectedClientCANames" => "empty",
+                        "Method" => $method,
+                    },
+                };
+                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
+
+                # Successful handshake with client authentication non-empty names
+                push @tests, {
+                    name => "client-auth-${protocol_name}-require-non-empty-names"
+                            .($sctp ? "-sctp" : ""),
+                    server => {
+                        "MinProtocol" => $protocol,
+                        "MaxProtocol" => $protocol,
+                        "ClientSignatureAlgorithms" => $clisigalgs,
+                        "ClientCAFile" => test_pem("root-cert.pem"),
+                        "VerifyCAFile" => test_pem("root-cert.pem"),
+                        "VerifyMode" => "Request",
+                    },
+                    client => {
+                        "MinProtocol" => $protocol,
+                        "MaxProtocol" => $protocol,
+                        "Certificate" => test_pem("ee-client-chain.pem"),
+                        "PrivateKey"  => test_pem("ee-key.pem"),
+                    },
+                    test   => {
+                        "ExpectedResult" => "Success",
+                        "ExpectedClientCertType" => "RSA",
+                        "ExpectedClientSignType" => $clisigtype,
+                        "ExpectedClientSignHash" => $clihash,
+                        "ExpectedClientCANames" => test_pem("root-cert.pem"),
+                        "Method" => $method,
+                    },
+                };
+                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
+
+                # Handshake with client authentication but without the root certificate.
+                push @tests, {
+                    name => "client-auth-${protocol_name}-noroot"
+                            .($sctp ? "-sctp" : ""),
+                    server => {
+                        "MinProtocol" => $protocol,
+                        "MaxProtocol" => $protocol,
+                        "VerifyMode" => "Require",
+                    },
+                    client => {
+                        "MinProtocol" => $protocol,
+                        "MaxProtocol" => $protocol,
+                        "Certificate" => test_pem("ee-client-chain.pem"),
+                        "PrivateKey"  => test_pem("ee-key.pem"),
+                    },
+                    test   => {
+                        "ExpectedResult" => "ServerFail",
+                        "ExpectedServerAlert" => $caalert,
+                        "Method" => $method,
+                    },
+                };
+                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
+            }
+        }
+    }
+}
+
+generate_tests();
diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf

deleted file mode 100644 (file)

index 8debb66..0000000
--- a/test/ssl-tests/04-client_auth.conf
+++ /dev/null
@@ -1,1132 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 36
-
-test-0 = 0-server-auth-flex
-test-1 = 1-client-auth-flex-request
-test-2 = 2-client-auth-flex-require-fail
-test-3 = 3-client-auth-flex-require
-test-4 = 4-client-auth-flex-require-non-empty-names
-test-5 = 5-client-auth-flex-noroot
-test-6 = 6-server-auth-TLSv1
-test-7 = 7-client-auth-TLSv1-request
-test-8 = 8-client-auth-TLSv1-require-fail
-test-9 = 9-client-auth-TLSv1-require
-test-10 = 10-client-auth-TLSv1-require-non-empty-names
-test-11 = 11-client-auth-TLSv1-noroot
-test-12 = 12-server-auth-TLSv1.1
-test-13 = 13-client-auth-TLSv1.1-request
-test-14 = 14-client-auth-TLSv1.1-require-fail
-test-15 = 15-client-auth-TLSv1.1-require
-test-16 = 16-client-auth-TLSv1.1-require-non-empty-names
-test-17 = 17-client-auth-TLSv1.1-noroot
-test-18 = 18-server-auth-TLSv1.2
-test-19 = 19-client-auth-TLSv1.2-request
-test-20 = 20-client-auth-TLSv1.2-require-fail
-test-21 = 21-client-auth-TLSv1.2-require
-test-22 = 22-client-auth-TLSv1.2-require-non-empty-names
-test-23 = 23-client-auth-TLSv1.2-noroot
-test-24 = 24-server-auth-DTLSv1
-test-25 = 25-client-auth-DTLSv1-request
-test-26 = 26-client-auth-DTLSv1-require-fail
-test-27 = 27-client-auth-DTLSv1-require
-test-28 = 28-client-auth-DTLSv1-require-non-empty-names
-test-29 = 29-client-auth-DTLSv1-noroot
-test-30 = 30-server-auth-DTLSv1.2
-test-31 = 31-client-auth-DTLSv1.2-request
-test-32 = 32-client-auth-DTLSv1.2-require-fail
-test-33 = 33-client-auth-DTLSv1.2-require
-test-34 = 34-client-auth-DTLSv1.2-require-non-empty-names
-test-35 = 35-client-auth-DTLSv1.2-noroot
-# ===========================================================
-
-[0-server-auth-flex]
-ssl_conf = 0-server-auth-flex-ssl
-
-[0-server-auth-flex-ssl]
-server = 0-server-auth-flex-server
-client = 0-server-auth-flex-client
-
-[0-server-auth-flex-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-server-auth-flex-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[1-client-auth-flex-request]
-ssl_conf = 1-client-auth-flex-request-ssl
-
-[1-client-auth-flex-request-ssl]
-server = 1-client-auth-flex-request-server
-client = 1-client-auth-flex-request-client
-
-[1-client-auth-flex-request-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Request
-
-[1-client-auth-flex-request-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[2-client-auth-flex-require-fail]
-ssl_conf = 2-client-auth-flex-require-fail-ssl
-
-[2-client-auth-flex-require-fail-ssl]
-server = 2-client-auth-flex-require-fail-server
-client = 2-client-auth-flex-require-fail-client
-
-[2-client-auth-flex-require-fail-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-[2-client-auth-flex-require-fail-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedResult = ServerFail
-ExpectedServerAlert = CertificateRequired
-
-
-# ===========================================================
-
-[3-client-auth-flex-require]
-ssl_conf = 3-client-auth-flex-require-ssl
-
-[3-client-auth-flex-require-ssl]
-server = 3-client-auth-flex-require-server
-client = 3-client-auth-flex-require-client
-
-[3-client-auth-flex-require-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-[3-client-auth-flex-require-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedClientCANames = empty
-ExpectedClientCertType = RSA
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[4-client-auth-flex-require-non-empty-names]
-ssl_conf = 4-client-auth-flex-require-non-empty-names-ssl
-
-[4-client-auth-flex-require-non-empty-names-ssl]
-server = 4-client-auth-flex-require-non-empty-names-server
-client = 4-client-auth-flex-require-non-empty-names-client
-
-[4-client-auth-flex-require-non-empty-names-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-[4-client-auth-flex-require-non-empty-names-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-ExpectedClientCertType = RSA
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[5-client-auth-flex-noroot]
-ssl_conf = 5-client-auth-flex-noroot-ssl
-
-[5-client-auth-flex-noroot-ssl]
-server = 5-client-auth-flex-noroot-server
-client = 5-client-auth-flex-noroot-client
-
-[5-client-auth-flex-noroot-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Require
-
-[5-client-auth-flex-noroot-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedResult = ServerFail
-ExpectedServerAlert = UnknownCA
-
-
-# ===========================================================
-
-[6-server-auth-TLSv1]
-ssl_conf = 6-server-auth-TLSv1-ssl
-
-[6-server-auth-TLSv1-ssl]
-server = 6-server-auth-TLSv1-server
-client = 6-server-auth-TLSv1-client
-
-[6-server-auth-TLSv1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-server-auth-TLSv1-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[7-client-auth-TLSv1-request]
-ssl_conf = 7-client-auth-TLSv1-request-ssl
-
-[7-client-auth-TLSv1-request-ssl]
-server = 7-client-auth-TLSv1-request-server
-client = 7-client-auth-TLSv1-request-client
-
-[7-client-auth-TLSv1-request-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Request
-
-[7-client-auth-TLSv1-request-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[8-client-auth-TLSv1-require-fail]
-ssl_conf = 8-client-auth-TLSv1-require-fail-ssl
-
-[8-client-auth-TLSv1-require-fail-ssl]
-server = 8-client-auth-TLSv1-require-fail-server
-client = 8-client-auth-TLSv1-require-fail-client
-
-[8-client-auth-TLSv1-require-fail-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-[8-client-auth-TLSv1-require-fail-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-8]
-ExpectedResult = ServerFail
-ExpectedServerAlert = HandshakeFailure
-
-
-# ===========================================================
-
-[9-client-auth-TLSv1-require]
-ssl_conf = 9-client-auth-TLSv1-require-ssl
-
-[9-client-auth-TLSv1-require-ssl]
-server = 9-client-auth-TLSv1-require-server
-client = 9-client-auth-TLSv1-require-client
-
-[9-client-auth-TLSv1-require-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-[9-client-auth-TLSv1-require-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-9]
-ExpectedClientCANames = empty
-ExpectedClientCertType = RSA
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[10-client-auth-TLSv1-require-non-empty-names]
-ssl_conf = 10-client-auth-TLSv1-require-non-empty-names-ssl
-
-[10-client-auth-TLSv1-require-non-empty-names-ssl]
-server = 10-client-auth-TLSv1-require-non-empty-names-server
-client = 10-client-auth-TLSv1-require-non-empty-names-client
-
-[10-client-auth-TLSv1-require-non-empty-names-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-[10-client-auth-TLSv1-require-non-empty-names-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-10]
-ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-ExpectedClientCertType = RSA
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[11-client-auth-TLSv1-noroot]
-ssl_conf = 11-client-auth-TLSv1-noroot-ssl
-
-[11-client-auth-TLSv1-noroot-ssl]
-server = 11-client-auth-TLSv1-noroot-server
-client = 11-client-auth-TLSv1-noroot-client
-
-[11-client-auth-TLSv1-noroot-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Require
-
-[11-client-auth-TLSv1-noroot-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-11]
-ExpectedResult = ServerFail
-ExpectedServerAlert = UnknownCA
-
-
-# ===========================================================
-
-[12-server-auth-TLSv1.1]
-ssl_conf = 12-server-auth-TLSv1.1-ssl
-
-[12-server-auth-TLSv1.1-ssl]
-server = 12-server-auth-TLSv1.1-server
-client = 12-server-auth-TLSv1.1-client
-
-[12-server-auth-TLSv1.1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[12-server-auth-TLSv1.1-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-12]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[13-client-auth-TLSv1.1-request]
-ssl_conf = 13-client-auth-TLSv1.1-request-ssl
-
-[13-client-auth-TLSv1.1-request-ssl]
-server = 13-client-auth-TLSv1.1-request-server
-client = 13-client-auth-TLSv1.1-request-client
-
-[13-client-auth-TLSv1.1-request-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Request
-
-[13-client-auth-TLSv1.1-request-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-13]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[14-client-auth-TLSv1.1-require-fail]
-ssl_conf = 14-client-auth-TLSv1.1-require-fail-ssl
-
-[14-client-auth-TLSv1.1-require-fail-ssl]
-server = 14-client-auth-TLSv1.1-require-fail-server
-client = 14-client-auth-TLSv1.1-require-fail-client
-
-[14-client-auth-TLSv1.1-require-fail-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-[14-client-auth-TLSv1.1-require-fail-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-14]
-ExpectedResult = ServerFail
-ExpectedServerAlert = HandshakeFailure
-
-
-# ===========================================================
-
-[15-client-auth-TLSv1.1-require]
-ssl_conf = 15-client-auth-TLSv1.1-require-ssl
-
-[15-client-auth-TLSv1.1-require-ssl]
-server = 15-client-auth-TLSv1.1-require-server
-client = 15-client-auth-TLSv1.1-require-client
-
-[15-client-auth-TLSv1.1-require-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-[15-client-auth-TLSv1.1-require-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-15]
-ExpectedClientCANames = empty
-ExpectedClientCertType = RSA
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[16-client-auth-TLSv1.1-require-non-empty-names]
-ssl_conf = 16-client-auth-TLSv1.1-require-non-empty-names-ssl
-
-[16-client-auth-TLSv1.1-require-non-empty-names-ssl]
-server = 16-client-auth-TLSv1.1-require-non-empty-names-server
-client = 16-client-auth-TLSv1.1-require-non-empty-names-client
-
-[16-client-auth-TLSv1.1-require-non-empty-names-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-[16-client-auth-TLSv1.1-require-non-empty-names-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-16]
-ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-ExpectedClientCertType = RSA
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[17-client-auth-TLSv1.1-noroot]
-ssl_conf = 17-client-auth-TLSv1.1-noroot-ssl
-
-[17-client-auth-TLSv1.1-noroot-ssl]
-server = 17-client-auth-TLSv1.1-noroot-server
-client = 17-client-auth-TLSv1.1-noroot-client
-
-[17-client-auth-TLSv1.1-noroot-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Require
-
-[17-client-auth-TLSv1.1-noroot-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-17]
-ExpectedResult = ServerFail
-ExpectedServerAlert = UnknownCA
-
-
-# ===========================================================
-
-[18-server-auth-TLSv1.2]
-ssl_conf = 18-server-auth-TLSv1.2-ssl
-
-[18-server-auth-TLSv1.2-ssl]
-server = 18-server-auth-TLSv1.2-server
-client = 18-server-auth-TLSv1.2-client
-
-[18-server-auth-TLSv1.2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[18-server-auth-TLSv1.2-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-18]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[19-client-auth-TLSv1.2-request]
-ssl_conf = 19-client-auth-TLSv1.2-request-ssl
-
-[19-client-auth-TLSv1.2-request-ssl]
-server = 19-client-auth-TLSv1.2-request-server
-client = 19-client-auth-TLSv1.2-request-client
-
-[19-client-auth-TLSv1.2-request-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Request
-
-[19-client-auth-TLSv1.2-request-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-19]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[20-client-auth-TLSv1.2-require-fail]
-ssl_conf = 20-client-auth-TLSv1.2-require-fail-ssl
-
-[20-client-auth-TLSv1.2-require-fail-ssl]
-server = 20-client-auth-TLSv1.2-require-fail-server
-client = 20-client-auth-TLSv1.2-require-fail-client
-
-[20-client-auth-TLSv1.2-require-fail-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-[20-client-auth-TLSv1.2-require-fail-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-20]
-ExpectedResult = ServerFail
-ExpectedServerAlert = HandshakeFailure
-
-
-# ===========================================================
-
-[21-client-auth-TLSv1.2-require]
-ssl_conf = 21-client-auth-TLSv1.2-require-ssl
-
-[21-client-auth-TLSv1.2-require-ssl]
-server = 21-client-auth-TLSv1.2-require-server
-client = 21-client-auth-TLSv1.2-require-client
-
-[21-client-auth-TLSv1.2-require-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ClientSignatureAlgorithms = SHA256+RSA
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-[21-client-auth-TLSv1.2-require-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-21]
-ExpectedClientCANames = empty
-ExpectedClientCertType = RSA
-ExpectedClientSignHash = SHA256
-ExpectedClientSignType = RSA
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[22-client-auth-TLSv1.2-require-non-empty-names]
-ssl_conf = 22-client-auth-TLSv1.2-require-non-empty-names-ssl
-
-[22-client-auth-TLSv1.2-require-non-empty-names-ssl]
-server = 22-client-auth-TLSv1.2-require-non-empty-names-server
-client = 22-client-auth-TLSv1.2-require-non-empty-names-client
-
-[22-client-auth-TLSv1.2-require-non-empty-names-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-ClientSignatureAlgorithms = SHA256+RSA
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-[22-client-auth-TLSv1.2-require-non-empty-names-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-22]
-ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-ExpectedClientCertType = RSA
-ExpectedClientSignHash = SHA256
-ExpectedClientSignType = RSA
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[23-client-auth-TLSv1.2-noroot]
-ssl_conf = 23-client-auth-TLSv1.2-noroot-ssl
-
-[23-client-auth-TLSv1.2-noroot-ssl]
-server = 23-client-auth-TLSv1.2-noroot-server
-client = 23-client-auth-TLSv1.2-noroot-client
-
-[23-client-auth-TLSv1.2-noroot-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Require
-
-[23-client-auth-TLSv1.2-noroot-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-23]
-ExpectedResult = ServerFail
-ExpectedServerAlert = UnknownCA
-
-
-# ===========================================================
-
-[24-server-auth-DTLSv1]
-ssl_conf = 24-server-auth-DTLSv1-ssl
-
-[24-server-auth-DTLSv1-ssl]
-server = 24-server-auth-DTLSv1-server
-client = 24-server-auth-DTLSv1-client
-
-[24-server-auth-DTLSv1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[24-server-auth-DTLSv1-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-24]
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[25-client-auth-DTLSv1-request]
-ssl_conf = 25-client-auth-DTLSv1-request-ssl
-
-[25-client-auth-DTLSv1-request-ssl]
-server = 25-client-auth-DTLSv1-request-server
-client = 25-client-auth-DTLSv1-request-client
-
-[25-client-auth-DTLSv1-request-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Request
-
-[25-client-auth-DTLSv1-request-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-25]
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[26-client-auth-DTLSv1-require-fail]
-ssl_conf = 26-client-auth-DTLSv1-require-fail-ssl
-
-[26-client-auth-DTLSv1-require-fail-ssl]
-server = 26-client-auth-DTLSv1-require-fail-server
-client = 26-client-auth-DTLSv1-require-fail-client
-
-[26-client-auth-DTLSv1-require-fail-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-[26-client-auth-DTLSv1-require-fail-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-26]
-ExpectedResult = ServerFail
-ExpectedServerAlert = HandshakeFailure
-Method = DTLS
-
-
-# ===========================================================
-
-[27-client-auth-DTLSv1-require]
-ssl_conf = 27-client-auth-DTLSv1-require-ssl
-
-[27-client-auth-DTLSv1-require-ssl]
-server = 27-client-auth-DTLSv1-require-server
-client = 27-client-auth-DTLSv1-require-client
-
-[27-client-auth-DTLSv1-require-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-[27-client-auth-DTLSv1-require-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-27]
-ExpectedClientCANames = empty
-ExpectedClientCertType = RSA
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[28-client-auth-DTLSv1-require-non-empty-names]
-ssl_conf = 28-client-auth-DTLSv1-require-non-empty-names-ssl
-
-[28-client-auth-DTLSv1-require-non-empty-names-ssl]
-server = 28-client-auth-DTLSv1-require-non-empty-names-server
-client = 28-client-auth-DTLSv1-require-non-empty-names-client
-
-[28-client-auth-DTLSv1-require-non-empty-names-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-[28-client-auth-DTLSv1-require-non-empty-names-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-28]
-ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-ExpectedClientCertType = RSA
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[29-client-auth-DTLSv1-noroot]
-ssl_conf = 29-client-auth-DTLSv1-noroot-ssl
-
-[29-client-auth-DTLSv1-noroot-ssl]
-server = 29-client-auth-DTLSv1-noroot-server
-client = 29-client-auth-DTLSv1-noroot-client
-
-[29-client-auth-DTLSv1-noroot-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Require
-
-[29-client-auth-DTLSv1-noroot-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-29]
-ExpectedResult = ServerFail
-ExpectedServerAlert = UnknownCA
-Method = DTLS
-
-
-# ===========================================================
-
-[30-server-auth-DTLSv1.2]
-ssl_conf = 30-server-auth-DTLSv1.2-ssl
-
-[30-server-auth-DTLSv1.2-ssl]
-server = 30-server-auth-DTLSv1.2-server
-client = 30-server-auth-DTLSv1.2-client
-
-[30-server-auth-DTLSv1.2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[30-server-auth-DTLSv1.2-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-30]
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[31-client-auth-DTLSv1.2-request]
-ssl_conf = 31-client-auth-DTLSv1.2-request-ssl
-
-[31-client-auth-DTLSv1.2-request-ssl]
-server = 31-client-auth-DTLSv1.2-request-server
-client = 31-client-auth-DTLSv1.2-request-client
-
-[31-client-auth-DTLSv1.2-request-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Request
-
-[31-client-auth-DTLSv1.2-request-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-31]
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[32-client-auth-DTLSv1.2-require-fail]
-ssl_conf = 32-client-auth-DTLSv1.2-require-fail-ssl
-
-[32-client-auth-DTLSv1.2-require-fail-ssl]
-server = 32-client-auth-DTLSv1.2-require-fail-server
-client = 32-client-auth-DTLSv1.2-require-fail-client
-
-[32-client-auth-DTLSv1.2-require-fail-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-[32-client-auth-DTLSv1.2-require-fail-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-32]
-ExpectedResult = ServerFail
-ExpectedServerAlert = HandshakeFailure
-Method = DTLS
-
-
-# ===========================================================
-
-[33-client-auth-DTLSv1.2-require]
-ssl_conf = 33-client-auth-DTLSv1.2-require-ssl
-
-[33-client-auth-DTLSv1.2-require-ssl]
-server = 33-client-auth-DTLSv1.2-require-server
-client = 33-client-auth-DTLSv1.2-require-client
-
-[33-client-auth-DTLSv1.2-require-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-[33-client-auth-DTLSv1.2-require-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-33]
-ExpectedClientCANames = empty
-ExpectedClientCertType = RSA
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[34-client-auth-DTLSv1.2-require-non-empty-names]
-ssl_conf = 34-client-auth-DTLSv1.2-require-non-empty-names-ssl
-
-[34-client-auth-DTLSv1.2-require-non-empty-names-ssl]
-server = 34-client-auth-DTLSv1.2-require-non-empty-names-server
-client = 34-client-auth-DTLSv1.2-require-non-empty-names-client
-
-[34-client-auth-DTLSv1.2-require-non-empty-names-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-[34-client-auth-DTLSv1.2-require-non-empty-names-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-34]
-ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-ExpectedClientCertType = RSA
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[35-client-auth-DTLSv1.2-noroot]
-ssl_conf = 35-client-auth-DTLSv1.2-noroot-ssl
-
-[35-client-auth-DTLSv1.2-noroot-ssl]
-server = 35-client-auth-DTLSv1.2-noroot-server
-client = 35-client-auth-DTLSv1.2-noroot-client
-
-[35-client-auth-DTLSv1.2-noroot-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Require
-
-[35-client-auth-DTLSv1.2-noroot-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-35]
-ExpectedResult = ServerFail
-ExpectedServerAlert = UnknownCA
-Method = DTLS
-
-
diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in

deleted file mode 100644 (file)

index b9c014d..0000000
--- a/test/ssl-tests/04-client_auth.conf.in
+++ /dev/null
@@ -1,196 +0,0 @@
-# -*- mode: perl; -*-
-
-## SSL test configurations
-
-package ssltests;
-
-use strict;
-use warnings;
-
-use OpenSSL::Test;
-use OpenSSL::Test::Utils qw(anydisabled disabled);
-setup("no_test_here");
-
-# We test version-flexible negotiation (undef) and each protocol version.
-my @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1", "DTLSv1.2");
-
-my @is_disabled = (0);
-push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "dtls1", "dtls1_2");
-
-our @tests = ();
-
-sub generate_tests() {
-    foreach (0..$#protocols) {
-        my $protocol = $protocols[$_];
-        my $protocol_name = $protocol || "flex";
-        my $caalert;
-        my $method;
-        my $sctpenabled = 0;
-        if (!$is_disabled[$_]) {
-            if ($protocol_name eq "SSLv3") {
-                $caalert = "BadCertificate";
-            } else {
-                $caalert = "UnknownCA";
-            }
-            if ($protocol_name =~ m/^DTLS/) {
-                $method = "DTLS";
-                $sctpenabled = 1 if !disabled("sctp");
-            }
-            my $clihash;
-            my $clisigtype;
-            my $clisigalgs;
-            # TODO(TLS1.3) add TLSv1.3 versions
-            if ($protocol_name eq "TLSv1.2") {
-                $clihash = "SHA256";
-                $clisigtype = "RSA";
-                $clisigalgs = "SHA256+RSA";
-            }
-            for (my $sctp = 0; $sctp <= $sctpenabled; $sctp++) {
-                # Sanity-check simple handshake.
-                push @tests, {
-                    name => "server-auth-${protocol_name}"
-                            .($sctp ? "-sctp" : ""),
-                    server => {
-                        "MinProtocol" => $protocol,
-                        "MaxProtocol" => $protocol
-                    },
-                    client => {
-                        "MinProtocol" => $protocol,
-                        "MaxProtocol" => $protocol
-                    },
-                    test   => {
-                        "ExpectedResult" => "Success",
-                        "Method" => $method,
-                    },
-                };
-                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
-
-                # Handshake with client cert requested but not required or received.
-                push @tests, {
-                    name => "client-auth-${protocol_name}-request"
-                            .($sctp ? "-sctp" : ""),
-                    server => {
-                        "MinProtocol" => $protocol,
-                        "MaxProtocol" => $protocol,
-                        "VerifyMode" => "Request"
-                    },
-                    client => {
-                        "MinProtocol" => $protocol,
-                        "MaxProtocol" => $protocol
-                    },
-                    test   => {
-                        "ExpectedResult" => "Success",
-                        "Method" => $method,
-                    },
-                };
-                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
-
-                # Handshake with client cert required but not present.
-                push @tests, {
-                    name => "client-auth-${protocol_name}-require-fail"
-                            .($sctp ? "-sctp" : ""),
-                    server => {
-                        "MinProtocol" => $protocol,
-                        "MaxProtocol" => $protocol,
-                        "VerifyCAFile" => test_pem("root-cert.pem"),
-                        "VerifyMode" => "Require",
-                    },
-                    client => {
-                        "MinProtocol" => $protocol,
-                        "MaxProtocol" => $protocol
-                    },
-                    test   => {
-                        "ExpectedResult" => "ServerFail",
-                        "ExpectedServerAlert" =>
-                        ($protocol_name eq "flex" && !disabled("tls1_3"))
-                        ? "CertificateRequired" : "HandshakeFailure",
-                        "Method" => $method,
-                    },
-                };
-                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
-
-                # Successful handshake with client authentication.
-                push @tests, {
-                    name => "client-auth-${protocol_name}-require"
-                             .($sctp ? "-sctp" : ""),
-                    server => {
-                        "MinProtocol" => $protocol,
-                        "MaxProtocol" => $protocol,
-                        "ClientSignatureAlgorithms" => $clisigalgs,
-                        "VerifyCAFile" => test_pem("root-cert.pem"),
-                        "VerifyMode" => "Request",
-                    },
-                    client => {
-                        "MinProtocol" => $protocol,
-                        "MaxProtocol" => $protocol,
-                        "Certificate" => test_pem("ee-client-chain.pem"),
-                        "PrivateKey"  => test_pem("ee-key.pem"),
-                    },
-                    test   => {
-                        "ExpectedResult" => "Success",
-                        "ExpectedClientCertType" => "RSA",
-                        "ExpectedClientSignType" => $clisigtype,
-                        "ExpectedClientSignHash" => $clihash,
-                        "ExpectedClientCANames" => "empty",
-                        "Method" => $method,
-                    },
-                };
-                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
-
-                # Successful handshake with client authentication non-empty names
-                push @tests, {
-                    name => "client-auth-${protocol_name}-require-non-empty-names"
-                            .($sctp ? "-sctp" : ""),
-                    server => {
-                        "MinProtocol" => $protocol,
-                        "MaxProtocol" => $protocol,
-                        "ClientSignatureAlgorithms" => $clisigalgs,
-                        "ClientCAFile" => test_pem("root-cert.pem"),
-                        "VerifyCAFile" => test_pem("root-cert.pem"),
-                        "VerifyMode" => "Request",
-                    },
-                    client => {
-                        "MinProtocol" => $protocol,
-                        "MaxProtocol" => $protocol,
-                        "Certificate" => test_pem("ee-client-chain.pem"),
-                        "PrivateKey"  => test_pem("ee-key.pem"),
-                    },
-                    test   => {
-                        "ExpectedResult" => "Success",
-                        "ExpectedClientCertType" => "RSA",
-                        "ExpectedClientSignType" => $clisigtype,
-                        "ExpectedClientSignHash" => $clihash,
-                        "ExpectedClientCANames" => test_pem("root-cert.pem"),
-                        "Method" => $method,
-                    },
-                };
-                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
-
-                # Handshake with client authentication but without the root certificate.
-                push @tests, {
-                    name => "client-auth-${protocol_name}-noroot"
-                            .($sctp ? "-sctp" : ""),
-                    server => {
-                        "MinProtocol" => $protocol,
-                        "MaxProtocol" => $protocol,
-                        "VerifyMode" => "Require",
-                    },
-                    client => {
-                        "MinProtocol" => $protocol,
-                        "MaxProtocol" => $protocol,
-                        "Certificate" => test_pem("ee-client-chain.pem"),
-                        "PrivateKey"  => test_pem("ee-key.pem"),
-                    },
-                    test   => {
-                        "ExpectedResult" => "ServerFail",
-                        "ExpectedServerAlert" => $caalert,
-                        "Method" => $method,
-                    },
-                };
-                $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
-            }
-        }
-    }
-}
-
-generate_tests();
diff --git a/test/ssl-tests/05-sni.cnf b/test/ssl-tests/05-sni.cnf

new file mode 100644 (file)

index 0000000..a6c7f43
--- /dev/null
+++ b/test/ssl-tests/05-sni.cnf
@@ -0,0 +1,308 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 9
+
+test-0 = 0-SNI-switch-context
+test-1 = 1-SNI-keep-context
+test-2 = 2-SNI-no-server-support
+test-3 = 3-SNI-no-client-support
+test-4 = 4-SNI-bad-sni-ignore-mismatch
+test-5 = 5-SNI-bad-sni-reject-mismatch
+test-6 = 6-SNI-bad-clienthello-sni-ignore-mismatch
+test-7 = 7-SNI-bad-clienthello-sni-reject-mismatch
+test-8 = 8-SNI-clienthello-disable-v12
+# ===========================================================
+
+[0-SNI-switch-context]
+ssl_conf = 0-SNI-switch-context-ssl
+
+[0-SNI-switch-context-ssl]
+server = 0-SNI-switch-context-server
+client = 0-SNI-switch-context-client
+server2 = 0-SNI-switch-context-server
+
+[0-SNI-switch-context-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-SNI-switch-context-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+ExpectedServerName = server2
+server = 0-SNI-switch-context-server-extra
+server2 = 0-SNI-switch-context-server-extra
+client = 0-SNI-switch-context-client-extra
+
+[0-SNI-switch-context-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[0-SNI-switch-context-client-extra]
+ServerName = server2
+
+
+# ===========================================================
+
+[1-SNI-keep-context]
+ssl_conf = 1-SNI-keep-context-ssl
+
+[1-SNI-keep-context-ssl]
+server = 1-SNI-keep-context-server
+client = 1-SNI-keep-context-client
+server2 = 1-SNI-keep-context-server
+
+[1-SNI-keep-context-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-SNI-keep-context-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+ExpectedServerName = server1
+server = 1-SNI-keep-context-server-extra
+server2 = 1-SNI-keep-context-server-extra
+client = 1-SNI-keep-context-client-extra
+
+[1-SNI-keep-context-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[1-SNI-keep-context-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[2-SNI-no-server-support]
+ssl_conf = 2-SNI-no-server-support-ssl
+
+[2-SNI-no-server-support-ssl]
+server = 2-SNI-no-server-support-server
+client = 2-SNI-no-server-support-client
+
+[2-SNI-no-server-support-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-SNI-no-server-support-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+client = 2-SNI-no-server-support-client-extra
+
+[2-SNI-no-server-support-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[3-SNI-no-client-support]
+ssl_conf = 3-SNI-no-client-support-ssl
+
+[3-SNI-no-client-support-ssl]
+server = 3-SNI-no-client-support-server
+client = 3-SNI-no-client-support-client
+server2 = 3-SNI-no-client-support-server
+
+[3-SNI-no-client-support-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-SNI-no-client-support-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+ExpectedServerName = server1
+server = 3-SNI-no-client-support-server-extra
+server2 = 3-SNI-no-client-support-server-extra
+
+[3-SNI-no-client-support-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+
+# ===========================================================
+
+[4-SNI-bad-sni-ignore-mismatch]
+ssl_conf = 4-SNI-bad-sni-ignore-mismatch-ssl
+
+[4-SNI-bad-sni-ignore-mismatch-ssl]
+server = 4-SNI-bad-sni-ignore-mismatch-server
+client = 4-SNI-bad-sni-ignore-mismatch-client
+server2 = 4-SNI-bad-sni-ignore-mismatch-server
+
+[4-SNI-bad-sni-ignore-mismatch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-SNI-bad-sni-ignore-mismatch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+ExpectedServerName = server1
+server = 4-SNI-bad-sni-ignore-mismatch-server-extra
+server2 = 4-SNI-bad-sni-ignore-mismatch-server-extra
+client = 4-SNI-bad-sni-ignore-mismatch-client-extra
+
+[4-SNI-bad-sni-ignore-mismatch-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[4-SNI-bad-sni-ignore-mismatch-client-extra]
+ServerName = invalid
+
+
+# ===========================================================
+
+[5-SNI-bad-sni-reject-mismatch]
+ssl_conf = 5-SNI-bad-sni-reject-mismatch-ssl
+
+[5-SNI-bad-sni-reject-mismatch-ssl]
+server = 5-SNI-bad-sni-reject-mismatch-server
+client = 5-SNI-bad-sni-reject-mismatch-client
+server2 = 5-SNI-bad-sni-reject-mismatch-server
+
+[5-SNI-bad-sni-reject-mismatch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-SNI-bad-sni-reject-mismatch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = ServerFail
+ExpectedServerAlert = UnrecognizedName
+server = 5-SNI-bad-sni-reject-mismatch-server-extra
+server2 = 5-SNI-bad-sni-reject-mismatch-server-extra
+client = 5-SNI-bad-sni-reject-mismatch-client-extra
+
+[5-SNI-bad-sni-reject-mismatch-server-extra]
+ServerNameCallback = RejectMismatch
+
+[5-SNI-bad-sni-reject-mismatch-client-extra]
+ServerName = invalid
+
+
+# ===========================================================
+
+[6-SNI-bad-clienthello-sni-ignore-mismatch]
+ssl_conf = 6-SNI-bad-clienthello-sni-ignore-mismatch-ssl
+
+[6-SNI-bad-clienthello-sni-ignore-mismatch-ssl]
+server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server
+client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client
+server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server
+
+[6-SNI-bad-clienthello-sni-ignore-mismatch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-SNI-bad-clienthello-sni-ignore-mismatch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = Success
+ExpectedServerName = server1
+server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra
+server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra
+client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra
+
+[6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra]
+ServerNameCallback = ClientHelloIgnoreMismatch
+
+[6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra]
+ServerName = invalid
+
+
+# ===========================================================
+
+[7-SNI-bad-clienthello-sni-reject-mismatch]
+ssl_conf = 7-SNI-bad-clienthello-sni-reject-mismatch-ssl
+
+[7-SNI-bad-clienthello-sni-reject-mismatch-ssl]
+server = 7-SNI-bad-clienthello-sni-reject-mismatch-server
+client = 7-SNI-bad-clienthello-sni-reject-mismatch-client
+server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server
+
+[7-SNI-bad-clienthello-sni-reject-mismatch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-SNI-bad-clienthello-sni-reject-mismatch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = ServerFail
+ExpectedServerAlert = UnrecognizedName
+server = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra
+server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra
+client = 7-SNI-bad-clienthello-sni-reject-mismatch-client-extra
+
+[7-SNI-bad-clienthello-sni-reject-mismatch-server-extra]
+ServerNameCallback = ClientHelloRejectMismatch
+
+[7-SNI-bad-clienthello-sni-reject-mismatch-client-extra]
+ServerName = invalid
+
+
+# ===========================================================
+
+[8-SNI-clienthello-disable-v12]
+ssl_conf = 8-SNI-clienthello-disable-v12-ssl
+
+[8-SNI-clienthello-disable-v12-ssl]
+server = 8-SNI-clienthello-disable-v12-server
+client = 8-SNI-clienthello-disable-v12-client
+server2 = 8-SNI-clienthello-disable-v12-server
+
+[8-SNI-clienthello-disable-v12-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-SNI-clienthello-disable-v12-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedProtocol = TLSv1.1
+ExpectedServerName = server2
+server = 8-SNI-clienthello-disable-v12-server-extra
+server2 = 8-SNI-clienthello-disable-v12-server-extra
+client = 8-SNI-clienthello-disable-v12-client-extra
+
+[8-SNI-clienthello-disable-v12-server-extra]
+ServerNameCallback = ClientHelloNoV12
+
+[8-SNI-clienthello-disable-v12-client-extra]
+ServerName = server2
+
+
diff --git a/test/ssl-tests/05-sni.cnf.in b/test/ssl-tests/05-sni.cnf.in

new file mode 100644 (file)

index 0000000..6651899
--- /dev/null
+++ b/test/ssl-tests/05-sni.cnf.in
@@ -0,0 +1,169 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## SSL test configurations
+
+use strict;
+use warnings;
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+our @tests = (
+    {
+        name => "SNI-switch-context",
+        server => {
+            extra => {
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        client => {
+            extra => {
+                "ServerName" => "server2",
+            },
+        },
+        test   => {
+            "ExpectedServerName" => "server2",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "SNI-keep-context",
+        server => {
+            extra => {
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        client => {
+            extra => {
+                "ServerName" => "server1",
+            },
+        },
+        test   => {
+            "ExpectedServerName" => "server1",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "SNI-no-server-support",
+        server => { },
+        client => {
+            extra => {
+                "ServerName" => "server1",
+            },
+        },
+        test   => { "ExpectedResult" => "Success" },
+    },
+    {
+        name => "SNI-no-client-support",
+        server => {
+            extra => {
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        client => { },
+        test   => {
+            # We expect that the callback is still called
+            # to let the application decide whether they tolerate
+            # missing SNI (as our test callback does).
+            "ExpectedServerName" => "server1",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "SNI-bad-sni-ignore-mismatch",
+        server => {
+            extra => {
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        client => {
+            extra => {
+                "ServerName" => "invalid",
+            },
+        },
+        test   => {
+            "ExpectedServerName" => "server1",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "SNI-bad-sni-reject-mismatch",
+        server => {
+            extra => {
+                "ServerNameCallback" => "RejectMismatch",
+            },
+        },
+        client => {
+            extra => {
+                "ServerName" => "invalid",
+            },
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail",
+            "ExpectedServerAlert" => "UnrecognizedName"
+        },
+    },
+    {
+        name => "SNI-bad-clienthello-sni-ignore-mismatch",
+        server => {
+            extra => {
+                "ServerNameCallback" => "ClientHelloIgnoreMismatch",
+            },
+        },
+        client => {
+            extra => {
+                "ServerName" => "invalid",
+            },
+        },
+        test   => {
+            "ExpectedServerName" => "server1",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "SNI-bad-clienthello-sni-reject-mismatch",
+        server => {
+            extra => {
+                "ServerNameCallback" => "ClientHelloRejectMismatch",
+            },
+        },
+        client => {
+            extra => {
+                "ServerName" => "invalid",
+            },
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail",
+            "ExpectedServerAlert" => "UnrecognizedName"
+        },
+    },
+);
+
+our @tests_tls_1_1 = (
+    {
+        name => "SNI-clienthello-disable-v12",
+        server => {
+            extra => {
+                "ServerNameCallback" => "ClientHelloNoV12",
+            },
+        },
+        client => {
+            extra => {
+                "ServerName" => "server2",
+            },
+        },
+        test   => {
+            "ExpectedProtocol" => "TLSv1.1",
+            "ExpectedServerName" => "server2",
+        },
+    },
+);
+
+push @tests, @tests_tls_1_1 unless disabled("tls1_1");
diff --git a/test/ssl-tests/05-sni.conf b/test/ssl-tests/05-sni.conf

deleted file mode 100644 (file)

index a6c7f43..0000000
--- a/test/ssl-tests/05-sni.conf
+++ /dev/null
@@ -1,308 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 9
-
-test-0 = 0-SNI-switch-context
-test-1 = 1-SNI-keep-context
-test-2 = 2-SNI-no-server-support
-test-3 = 3-SNI-no-client-support
-test-4 = 4-SNI-bad-sni-ignore-mismatch
-test-5 = 5-SNI-bad-sni-reject-mismatch
-test-6 = 6-SNI-bad-clienthello-sni-ignore-mismatch
-test-7 = 7-SNI-bad-clienthello-sni-reject-mismatch
-test-8 = 8-SNI-clienthello-disable-v12
-# ===========================================================
-
-[0-SNI-switch-context]
-ssl_conf = 0-SNI-switch-context-ssl
-
-[0-SNI-switch-context-ssl]
-server = 0-SNI-switch-context-server
-client = 0-SNI-switch-context-client
-server2 = 0-SNI-switch-context-server
-
-[0-SNI-switch-context-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-SNI-switch-context-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-ExpectedServerName = server2
-server = 0-SNI-switch-context-server-extra
-server2 = 0-SNI-switch-context-server-extra
-client = 0-SNI-switch-context-client-extra
-
-[0-SNI-switch-context-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[0-SNI-switch-context-client-extra]
-ServerName = server2
-
-
-# ===========================================================
-
-[1-SNI-keep-context]
-ssl_conf = 1-SNI-keep-context-ssl
-
-[1-SNI-keep-context-ssl]
-server = 1-SNI-keep-context-server
-client = 1-SNI-keep-context-client
-server2 = 1-SNI-keep-context-server
-
-[1-SNI-keep-context-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-SNI-keep-context-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = Success
-ExpectedServerName = server1
-server = 1-SNI-keep-context-server-extra
-server2 = 1-SNI-keep-context-server-extra
-client = 1-SNI-keep-context-client-extra
-
-[1-SNI-keep-context-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[1-SNI-keep-context-client-extra]
-ServerName = server1
-
-
-# ===========================================================
-
-[2-SNI-no-server-support]
-ssl_conf = 2-SNI-no-server-support-ssl
-
-[2-SNI-no-server-support-ssl]
-server = 2-SNI-no-server-support-server
-client = 2-SNI-no-server-support-client
-
-[2-SNI-no-server-support-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-SNI-no-server-support-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedResult = Success
-client = 2-SNI-no-server-support-client-extra
-
-[2-SNI-no-server-support-client-extra]
-ServerName = server1
-
-
-# ===========================================================
-
-[3-SNI-no-client-support]
-ssl_conf = 3-SNI-no-client-support-ssl
-
-[3-SNI-no-client-support-ssl]
-server = 3-SNI-no-client-support-server
-client = 3-SNI-no-client-support-client
-server2 = 3-SNI-no-client-support-server
-
-[3-SNI-no-client-support-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-SNI-no-client-support-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedResult = Success
-ExpectedServerName = server1
-server = 3-SNI-no-client-support-server-extra
-server2 = 3-SNI-no-client-support-server-extra
-
-[3-SNI-no-client-support-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-
-# ===========================================================
-
-[4-SNI-bad-sni-ignore-mismatch]
-ssl_conf = 4-SNI-bad-sni-ignore-mismatch-ssl
-
-[4-SNI-bad-sni-ignore-mismatch-ssl]
-server = 4-SNI-bad-sni-ignore-mismatch-server
-client = 4-SNI-bad-sni-ignore-mismatch-client
-server2 = 4-SNI-bad-sni-ignore-mismatch-server
-
-[4-SNI-bad-sni-ignore-mismatch-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-SNI-bad-sni-ignore-mismatch-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedResult = Success
-ExpectedServerName = server1
-server = 4-SNI-bad-sni-ignore-mismatch-server-extra
-server2 = 4-SNI-bad-sni-ignore-mismatch-server-extra
-client = 4-SNI-bad-sni-ignore-mismatch-client-extra
-
-[4-SNI-bad-sni-ignore-mismatch-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[4-SNI-bad-sni-ignore-mismatch-client-extra]
-ServerName = invalid
-
-
-# ===========================================================
-
-[5-SNI-bad-sni-reject-mismatch]
-ssl_conf = 5-SNI-bad-sni-reject-mismatch-ssl
-
-[5-SNI-bad-sni-reject-mismatch-ssl]
-server = 5-SNI-bad-sni-reject-mismatch-server
-client = 5-SNI-bad-sni-reject-mismatch-client
-server2 = 5-SNI-bad-sni-reject-mismatch-server
-
-[5-SNI-bad-sni-reject-mismatch-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-SNI-bad-sni-reject-mismatch-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedResult = ServerFail
-ExpectedServerAlert = UnrecognizedName
-server = 5-SNI-bad-sni-reject-mismatch-server-extra
-server2 = 5-SNI-bad-sni-reject-mismatch-server-extra
-client = 5-SNI-bad-sni-reject-mismatch-client-extra
-
-[5-SNI-bad-sni-reject-mismatch-server-extra]
-ServerNameCallback = RejectMismatch
-
-[5-SNI-bad-sni-reject-mismatch-client-extra]
-ServerName = invalid
-
-
-# ===========================================================
-
-[6-SNI-bad-clienthello-sni-ignore-mismatch]
-ssl_conf = 6-SNI-bad-clienthello-sni-ignore-mismatch-ssl
-
-[6-SNI-bad-clienthello-sni-ignore-mismatch-ssl]
-server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server
-client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client
-server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server
-
-[6-SNI-bad-clienthello-sni-ignore-mismatch-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-SNI-bad-clienthello-sni-ignore-mismatch-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ExpectedResult = Success
-ExpectedServerName = server1
-server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra
-server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra
-client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra
-
-[6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra]
-ServerNameCallback = ClientHelloIgnoreMismatch
-
-[6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra]
-ServerName = invalid
-
-
-# ===========================================================
-
-[7-SNI-bad-clienthello-sni-reject-mismatch]
-ssl_conf = 7-SNI-bad-clienthello-sni-reject-mismatch-ssl
-
-[7-SNI-bad-clienthello-sni-reject-mismatch-ssl]
-server = 7-SNI-bad-clienthello-sni-reject-mismatch-server
-client = 7-SNI-bad-clienthello-sni-reject-mismatch-client
-server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server
-
-[7-SNI-bad-clienthello-sni-reject-mismatch-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-SNI-bad-clienthello-sni-reject-mismatch-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-ExpectedResult = ServerFail
-ExpectedServerAlert = UnrecognizedName
-server = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra
-server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra
-client = 7-SNI-bad-clienthello-sni-reject-mismatch-client-extra
-
-[7-SNI-bad-clienthello-sni-reject-mismatch-server-extra]
-ServerNameCallback = ClientHelloRejectMismatch
-
-[7-SNI-bad-clienthello-sni-reject-mismatch-client-extra]
-ServerName = invalid
-
-
-# ===========================================================
-
-[8-SNI-clienthello-disable-v12]
-ssl_conf = 8-SNI-clienthello-disable-v12-ssl
-
-[8-SNI-clienthello-disable-v12-ssl]
-server = 8-SNI-clienthello-disable-v12-server
-client = 8-SNI-clienthello-disable-v12-client
-server2 = 8-SNI-clienthello-disable-v12-server
-
-[8-SNI-clienthello-disable-v12-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-SNI-clienthello-disable-v12-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-8]
-ExpectedProtocol = TLSv1.1
-ExpectedServerName = server2
-server = 8-SNI-clienthello-disable-v12-server-extra
-server2 = 8-SNI-clienthello-disable-v12-server-extra
-client = 8-SNI-clienthello-disable-v12-client-extra
-
-[8-SNI-clienthello-disable-v12-server-extra]
-ServerNameCallback = ClientHelloNoV12
-
-[8-SNI-clienthello-disable-v12-client-extra]
-ServerName = server2
-
-
diff --git a/test/ssl-tests/05-sni.conf.in b/test/ssl-tests/05-sni.conf.in

deleted file mode 100644 (file)

index 6651899..0000000
--- a/test/ssl-tests/05-sni.conf.in
+++ /dev/null
@@ -1,169 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## SSL test configurations
-
-use strict;
-use warnings;
-
-package ssltests;
-use OpenSSL::Test::Utils;
-
-our @tests = (
-    {
-        name => "SNI-switch-context",
-        server => {
-            extra => {
-                "ServerNameCallback" => "IgnoreMismatch",
-            },
-        },
-        client => {
-            extra => {
-                "ServerName" => "server2",
-            },
-        },
-        test   => {
-            "ExpectedServerName" => "server2",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "SNI-keep-context",
-        server => {
-            extra => {
-                "ServerNameCallback" => "IgnoreMismatch",
-            },
-        },
-        client => {
-            extra => {
-                "ServerName" => "server1",
-            },
-        },
-        test   => {
-            "ExpectedServerName" => "server1",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "SNI-no-server-support",
-        server => { },
-        client => {
-            extra => {
-                "ServerName" => "server1",
-            },
-        },
-        test   => { "ExpectedResult" => "Success" },
-    },
-    {
-        name => "SNI-no-client-support",
-        server => {
-            extra => {
-                "ServerNameCallback" => "IgnoreMismatch",
-            },
-        },
-        client => { },
-        test   => {
-            # We expect that the callback is still called
-            # to let the application decide whether they tolerate
-            # missing SNI (as our test callback does).
-            "ExpectedServerName" => "server1",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "SNI-bad-sni-ignore-mismatch",
-        server => {
-            extra => {
-                "ServerNameCallback" => "IgnoreMismatch",
-            },
-        },
-        client => {
-            extra => {
-                "ServerName" => "invalid",
-            },
-        },
-        test   => {
-            "ExpectedServerName" => "server1",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "SNI-bad-sni-reject-mismatch",
-        server => {
-            extra => {
-                "ServerNameCallback" => "RejectMismatch",
-            },
-        },
-        client => {
-            extra => {
-                "ServerName" => "invalid",
-            },
-        },
-        test   => {
-            "ExpectedResult" => "ServerFail",
-            "ExpectedServerAlert" => "UnrecognizedName"
-        },
-    },
-    {
-        name => "SNI-bad-clienthello-sni-ignore-mismatch",
-        server => {
-            extra => {
-                "ServerNameCallback" => "ClientHelloIgnoreMismatch",
-            },
-        },
-        client => {
-            extra => {
-                "ServerName" => "invalid",
-            },
-        },
-        test   => {
-            "ExpectedServerName" => "server1",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "SNI-bad-clienthello-sni-reject-mismatch",
-        server => {
-            extra => {
-                "ServerNameCallback" => "ClientHelloRejectMismatch",
-            },
-        },
-        client => {
-            extra => {
-                "ServerName" => "invalid",
-            },
-        },
-        test   => {
-            "ExpectedResult" => "ServerFail",
-            "ExpectedServerAlert" => "UnrecognizedName"
-        },
-    },
-);
-
-our @tests_tls_1_1 = (
-    {
-        name => "SNI-clienthello-disable-v12",
-        server => {
-            extra => {
-                "ServerNameCallback" => "ClientHelloNoV12",
-            },
-        },
-        client => {
-            extra => {
-                "ServerName" => "server2",
-            },
-        },
-        test   => {
-            "ExpectedProtocol" => "TLSv1.1",
-            "ExpectedServerName" => "server2",
-        },
-    },
-);
-
-push @tests, @tests_tls_1_1 unless disabled("tls1_1");
diff --git a/test/ssl-tests/06-sni-ticket.cnf b/test/ssl-tests/06-sni-ticket.cnf

new file mode 100644 (file)

index 0000000..a3a9c78
--- /dev/null
+++ b/test/ssl-tests/06-sni-ticket.cnf
@@ -0,0 +1,767 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 17
+
+test-0 = 0-sni-session-ticket
+test-1 = 1-sni-session-ticket
+test-2 = 2-sni-session-ticket
+test-3 = 3-sni-session-ticket
+test-4 = 4-sni-session-ticket
+test-5 = 5-sni-session-ticket
+test-6 = 6-sni-session-ticket
+test-7 = 7-sni-session-ticket
+test-8 = 8-sni-session-ticket
+test-9 = 9-sni-session-ticket
+test-10 = 10-sni-session-ticket
+test-11 = 11-sni-session-ticket
+test-12 = 12-sni-session-ticket
+test-13 = 13-sni-session-ticket
+test-14 = 14-sni-session-ticket
+test-15 = 15-sni-session-ticket
+test-16 = 16-sni-session-ticket
+# ===========================================================
+
+[0-sni-session-ticket]
+ssl_conf = 0-sni-session-ticket-ssl
+
+[0-sni-session-ticket-ssl]
+server = 0-sni-session-ticket-server
+client = 0-sni-session-ticket-client
+server2 = 0-sni-session-ticket-server2
+
+[0-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+SessionTicketExpected = No
+server = 0-sni-session-ticket-server-extra
+client = 0-sni-session-ticket-client-extra
+
+[0-sni-session-ticket-server-extra]
+BrokenSessionTicket = Yes
+
+[0-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[1-sni-session-ticket]
+ssl_conf = 1-sni-session-ticket-ssl
+
+[1-sni-session-ticket-ssl]
+server = 1-sni-session-ticket-server
+client = 1-sni-session-ticket-client
+server2 = 1-sni-session-ticket-server2
+
+[1-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+ExpectedServerName = server1
+SessionIdExpected = Yes
+SessionTicketExpected = Yes
+server = 1-sni-session-ticket-server-extra
+client = 1-sni-session-ticket-client-extra
+
+[1-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[1-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[2-sni-session-ticket]
+ssl_conf = 2-sni-session-ticket-ssl
+
+[2-sni-session-ticket-ssl]
+server = 2-sni-session-ticket-server
+client = 2-sni-session-ticket-client
+server2 = 2-sni-session-ticket-server2
+
+[2-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+ExpectedServerName = server2
+SessionIdExpected = Yes
+SessionTicketExpected = Yes
+server = 2-sni-session-ticket-server-extra
+client = 2-sni-session-ticket-client-extra
+
+[2-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[2-sni-session-ticket-client-extra]
+ServerName = server2
+
+
+# ===========================================================
+
+[3-sni-session-ticket]
+ssl_conf = 3-sni-session-ticket-ssl
+
+[3-sni-session-ticket-ssl]
+server = 3-sni-session-ticket-server
+client = 3-sni-session-ticket-client
+server2 = 3-sni-session-ticket-server2
+
+[3-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+ExpectedServerName = server1
+SessionIdExpected = Yes
+SessionTicketExpected = Yes
+server = 3-sni-session-ticket-server-extra
+client = 3-sni-session-ticket-client-extra
+
+[3-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[3-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[4-sni-session-ticket]
+ssl_conf = 4-sni-session-ticket-ssl
+
+[4-sni-session-ticket-ssl]
+server = 4-sni-session-ticket-server
+client = 4-sni-session-ticket-client
+server2 = 4-sni-session-ticket-server2
+
+[4-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+ExpectedServerName = server2
+SessionIdExpected = Yes
+SessionTicketExpected = No
+server = 4-sni-session-ticket-server-extra
+client = 4-sni-session-ticket-client-extra
+
+[4-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[4-sni-session-ticket-client-extra]
+ServerName = server2
+
+
+# ===========================================================
+
+[5-sni-session-ticket]
+ssl_conf = 5-sni-session-ticket-ssl
+
+[5-sni-session-ticket-ssl]
+server = 5-sni-session-ticket-server
+client = 5-sni-session-ticket-client
+server2 = 5-sni-session-ticket-server2
+
+[5-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+ExpectedServerName = server1
+SessionIdExpected = Yes
+SessionTicketExpected = No
+server = 5-sni-session-ticket-server-extra
+client = 5-sni-session-ticket-client-extra
+
+[5-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[5-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[6-sni-session-ticket]
+ssl_conf = 6-sni-session-ticket-ssl
+
+[6-sni-session-ticket-ssl]
+server = 6-sni-session-ticket-server
+client = 6-sni-session-ticket-client
+server2 = 6-sni-session-ticket-server2
+
+[6-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = Success
+ExpectedServerName = server2
+SessionIdExpected = Yes
+SessionTicketExpected = No
+server = 6-sni-session-ticket-server-extra
+client = 6-sni-session-ticket-client-extra
+
+[6-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[6-sni-session-ticket-client-extra]
+ServerName = server2
+
+
+# ===========================================================
+
+[7-sni-session-ticket]
+ssl_conf = 7-sni-session-ticket-ssl
+
+[7-sni-session-ticket-ssl]
+server = 7-sni-session-ticket-server
+client = 7-sni-session-ticket-client
+server2 = 7-sni-session-ticket-server2
+
+[7-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = Success
+ExpectedServerName = server1
+SessionIdExpected = Yes
+SessionTicketExpected = No
+server = 7-sni-session-ticket-server-extra
+client = 7-sni-session-ticket-client-extra
+
+[7-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[7-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[8-sni-session-ticket]
+ssl_conf = 8-sni-session-ticket-ssl
+
+[8-sni-session-ticket-ssl]
+server = 8-sni-session-ticket-server
+client = 8-sni-session-ticket-client
+server2 = 8-sni-session-ticket-server2
+
+[8-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedResult = Success
+ExpectedServerName = server2
+SessionIdExpected = Yes
+SessionTicketExpected = No
+server = 8-sni-session-ticket-server-extra
+client = 8-sni-session-ticket-client-extra
+
+[8-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[8-sni-session-ticket-client-extra]
+ServerName = server2
+
+
+# ===========================================================
+
+[9-sni-session-ticket]
+ssl_conf = 9-sni-session-ticket-ssl
+
+[9-sni-session-ticket-ssl]
+server = 9-sni-session-ticket-server
+client = 9-sni-session-ticket-client
+server2 = 9-sni-session-ticket-server2
+
+[9-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = -SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedResult = Success
+ExpectedServerName = server1
+SessionIdExpected = Yes
+SessionTicketExpected = No
+server = 9-sni-session-ticket-server-extra
+client = 9-sni-session-ticket-client-extra
+
+[9-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[9-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[10-sni-session-ticket]
+ssl_conf = 10-sni-session-ticket-ssl
+
+[10-sni-session-ticket-ssl]
+server = 10-sni-session-ticket-server
+client = 10-sni-session-ticket-client
+server2 = 10-sni-session-ticket-server2
+
+[10-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = -SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedResult = Success
+ExpectedServerName = server2
+SessionIdExpected = Yes
+SessionTicketExpected = No
+server = 10-sni-session-ticket-server-extra
+client = 10-sni-session-ticket-client-extra
+
+[10-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[10-sni-session-ticket-client-extra]
+ServerName = server2
+
+
+# ===========================================================
+
+[11-sni-session-ticket]
+ssl_conf = 11-sni-session-ticket-ssl
+
+[11-sni-session-ticket-ssl]
+server = 11-sni-session-ticket-server
+client = 11-sni-session-ticket-client
+server2 = 11-sni-session-ticket-server2
+
+[11-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = -SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedResult = Success
+ExpectedServerName = server1
+SessionIdExpected = Yes
+SessionTicketExpected = No
+server = 11-sni-session-ticket-server-extra
+client = 11-sni-session-ticket-client-extra
+
+[11-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[11-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[12-sni-session-ticket]
+ssl_conf = 12-sni-session-ticket-ssl
+
+[12-sni-session-ticket-ssl]
+server = 12-sni-session-ticket-server
+client = 12-sni-session-ticket-client
+server2 = 12-sni-session-ticket-server2
+
+[12-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = -SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedResult = Success
+ExpectedServerName = server2
+SessionIdExpected = Yes
+SessionTicketExpected = No
+server = 12-sni-session-ticket-server-extra
+client = 12-sni-session-ticket-client-extra
+
+[12-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[12-sni-session-ticket-client-extra]
+ServerName = server2
+
+
+# ===========================================================
+
+[13-sni-session-ticket]
+ssl_conf = 13-sni-session-ticket-ssl
+
+[13-sni-session-ticket-ssl]
+server = 13-sni-session-ticket-server
+client = 13-sni-session-ticket-client
+server2 = 13-sni-session-ticket-server2
+
+[13-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = -SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedResult = Success
+ExpectedServerName = server1
+SessionIdExpected = Yes
+SessionTicketExpected = No
+server = 13-sni-session-ticket-server-extra
+client = 13-sni-session-ticket-client-extra
+
+[13-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[13-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[14-sni-session-ticket]
+ssl_conf = 14-sni-session-ticket-ssl
+
+[14-sni-session-ticket-ssl]
+server = 14-sni-session-ticket-server
+client = 14-sni-session-ticket-client
+server2 = 14-sni-session-ticket-server2
+
+[14-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = -SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedResult = Success
+ExpectedServerName = server2
+SessionIdExpected = Yes
+SessionTicketExpected = No
+server = 14-sni-session-ticket-server-extra
+client = 14-sni-session-ticket-client-extra
+
+[14-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[14-sni-session-ticket-client-extra]
+ServerName = server2
+
+
+# ===========================================================
+
+[15-sni-session-ticket]
+ssl_conf = 15-sni-session-ticket-ssl
+
+[15-sni-session-ticket-ssl]
+server = 15-sni-session-ticket-server
+client = 15-sni-session-ticket-client
+server2 = 15-sni-session-ticket-server2
+
+[15-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = -SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedResult = Success
+ExpectedServerName = server1
+SessionIdExpected = Yes
+SessionTicketExpected = No
+server = 15-sni-session-ticket-server-extra
+client = 15-sni-session-ticket-client-extra
+
+[15-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[15-sni-session-ticket-client-extra]
+ServerName = server1
+
+
+# ===========================================================
+
+[16-sni-session-ticket]
+ssl_conf = 16-sni-session-ticket-ssl
+
+[16-sni-session-ticket-ssl]
+server = 16-sni-session-ticket-server
+client = 16-sni-session-ticket-client
+server2 = 16-sni-session-ticket-server2
+
+[16-sni-session-ticket-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-sni-session-ticket-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-sni-session-ticket-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = -SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+ExpectedResult = Success
+ExpectedServerName = server2
+SessionIdExpected = Yes
+SessionTicketExpected = No
+server = 16-sni-session-ticket-server-extra
+client = 16-sni-session-ticket-client-extra
+
+[16-sni-session-ticket-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[16-sni-session-ticket-client-extra]
+ServerName = server2
+
+
diff --git a/test/ssl-tests/06-sni-ticket.cnf.in b/test/ssl-tests/06-sni-ticket.cnf.in

new file mode 100644 (file)

index 0000000..6a22afc
--- /dev/null
+++ b/test/ssl-tests/06-sni-ticket.cnf.in
@@ -0,0 +1,101 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test SNI/Session tickets
+
+use strict;
+use warnings;
+
+package ssltests;
+
+
+our @tests = ();
+
+#Note: MaxProtocol is set to TLSv1.2 as session tickets work differently in
+#TLSv1.3.
+sub generate_tests() {
+    foreach my $c ("SessionTicket", "-SessionTicket") {
+        foreach my $s1 ("SessionTicket", "-SessionTicket") {
+            foreach my $s2 ("SessionTicket", "-SessionTicket") {
+                foreach my $n ("server1", "server2") {
+                    my $ticket_result = expected_result($c, $s1, $s2, $n);
+                    my $session_id_result = "Yes"; # always, even with a ticket
+                    push @tests, {
+                        "name" => "sni-session-ticket",
+                        "client" => {
+                            "Options" => $c,
+                            "extra" => {
+                                "ServerName" => $n,
+                            },
+                            "MaxProtocol" => "TLSv1.2"
+                        },
+                        "server" => {
+                            "Options" => $s1,
+                            "extra" => {
+                                # We don't test mismatch here.
+                                "ServerNameCallback" => "IgnoreMismatch",
+                            },
+                        },
+                        "server2" => {
+                            "Options" => $s2,
+                        },
+                        "test" => {
+                            "ExpectedServerName" => $n,
+                            "ExpectedResult" => "Success",
+                            "SessionIdExpected" => $session_id_result,
+                            "SessionTicketExpected" => $ticket_result,
+                        }
+                    };
+                }
+            }
+        }
+    }
+}
+
+# If the client has session tickets disabled, then No support
+# If the server initial_ctx has session tickets disabled, then No support
+# If SNI is in use, then if the "switched-to" context has session tickets disabled,
+#    then No support
+sub expected_result {
+    my ($c, $s1, $s2, $n) = @_;
+
+    return "No" if $c eq "-SessionTicket";
+    return "No" if $s1 eq "-SessionTicket";
+    return "No" if ($s2 eq "-SessionTicket" && $n eq "server2");
+
+    return "Yes";
+
+}
+
+# Add a "Broken" case.
+push @tests, {
+    "name" => "sni-session-ticket",
+    "client" => {
+        "MaxProtocol" => "TLSv1.2",
+        "Options" => "SessionTicket",
+        "extra" => {
+            "ServerName" => "server1",
+        }
+    },
+    "server" => {
+        "Options" => "SessionTicket",
+        "extra" => {
+              "BrokenSessionTicket" => "Yes",
+        },
+    },
+    "server2" => {
+        "Options" => "SessionTicket",
+    },
+    "test" => {
+        "ExpectedResult" => "Success",
+        "SessionTicketExpected" => "No",
+    }
+};
+
+generate_tests();
diff --git a/test/ssl-tests/06-sni-ticket.conf b/test/ssl-tests/06-sni-ticket.conf

deleted file mode 100644 (file)

index a3a9c78..0000000
--- a/test/ssl-tests/06-sni-ticket.conf
+++ /dev/null
@@ -1,767 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 17
-
-test-0 = 0-sni-session-ticket
-test-1 = 1-sni-session-ticket
-test-2 = 2-sni-session-ticket
-test-3 = 3-sni-session-ticket
-test-4 = 4-sni-session-ticket
-test-5 = 5-sni-session-ticket
-test-6 = 6-sni-session-ticket
-test-7 = 7-sni-session-ticket
-test-8 = 8-sni-session-ticket
-test-9 = 9-sni-session-ticket
-test-10 = 10-sni-session-ticket
-test-11 = 11-sni-session-ticket
-test-12 = 12-sni-session-ticket
-test-13 = 13-sni-session-ticket
-test-14 = 14-sni-session-ticket
-test-15 = 15-sni-session-ticket
-test-16 = 16-sni-session-ticket
-# ===========================================================
-
-[0-sni-session-ticket]
-ssl_conf = 0-sni-session-ticket-ssl
-
-[0-sni-session-ticket-ssl]
-server = 0-sni-session-ticket-server
-client = 0-sni-session-ticket-client
-server2 = 0-sni-session-ticket-server2
-
-[0-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-SessionTicketExpected = No
-server = 0-sni-session-ticket-server-extra
-client = 0-sni-session-ticket-client-extra
-
-[0-sni-session-ticket-server-extra]
-BrokenSessionTicket = Yes
-
-[0-sni-session-ticket-client-extra]
-ServerName = server1
-
-
-# ===========================================================
-
-[1-sni-session-ticket]
-ssl_conf = 1-sni-session-ticket-ssl
-
-[1-sni-session-ticket-ssl]
-server = 1-sni-session-ticket-server
-client = 1-sni-session-ticket-client
-server2 = 1-sni-session-ticket-server2
-
-[1-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = Success
-ExpectedServerName = server1
-SessionIdExpected = Yes
-SessionTicketExpected = Yes
-server = 1-sni-session-ticket-server-extra
-client = 1-sni-session-ticket-client-extra
-
-[1-sni-session-ticket-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[1-sni-session-ticket-client-extra]
-ServerName = server1
-
-
-# ===========================================================
-
-[2-sni-session-ticket]
-ssl_conf = 2-sni-session-ticket-ssl
-
-[2-sni-session-ticket-ssl]
-server = 2-sni-session-ticket-server
-client = 2-sni-session-ticket-client
-server2 = 2-sni-session-ticket-server2
-
-[2-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedResult = Success
-ExpectedServerName = server2
-SessionIdExpected = Yes
-SessionTicketExpected = Yes
-server = 2-sni-session-ticket-server-extra
-client = 2-sni-session-ticket-client-extra
-
-[2-sni-session-ticket-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[2-sni-session-ticket-client-extra]
-ServerName = server2
-
-
-# ===========================================================
-
-[3-sni-session-ticket]
-ssl_conf = 3-sni-session-ticket-ssl
-
-[3-sni-session-ticket-ssl]
-server = 3-sni-session-ticket-server
-client = 3-sni-session-ticket-client
-server2 = 3-sni-session-ticket-server2
-
-[3-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedResult = Success
-ExpectedServerName = server1
-SessionIdExpected = Yes
-SessionTicketExpected = Yes
-server = 3-sni-session-ticket-server-extra
-client = 3-sni-session-ticket-client-extra
-
-[3-sni-session-ticket-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[3-sni-session-ticket-client-extra]
-ServerName = server1
-
-
-# ===========================================================
-
-[4-sni-session-ticket]
-ssl_conf = 4-sni-session-ticket-ssl
-
-[4-sni-session-ticket-ssl]
-server = 4-sni-session-ticket-server
-client = 4-sni-session-ticket-client
-server2 = 4-sni-session-ticket-server2
-
-[4-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedResult = Success
-ExpectedServerName = server2
-SessionIdExpected = Yes
-SessionTicketExpected = No
-server = 4-sni-session-ticket-server-extra
-client = 4-sni-session-ticket-client-extra
-
-[4-sni-session-ticket-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[4-sni-session-ticket-client-extra]
-ServerName = server2
-
-
-# ===========================================================
-
-[5-sni-session-ticket]
-ssl_conf = 5-sni-session-ticket-ssl
-
-[5-sni-session-ticket-ssl]
-server = 5-sni-session-ticket-server
-client = 5-sni-session-ticket-client
-server2 = 5-sni-session-ticket-server2
-
-[5-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedResult = Success
-ExpectedServerName = server1
-SessionIdExpected = Yes
-SessionTicketExpected = No
-server = 5-sni-session-ticket-server-extra
-client = 5-sni-session-ticket-client-extra
-
-[5-sni-session-ticket-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[5-sni-session-ticket-client-extra]
-ServerName = server1
-
-
-# ===========================================================
-
-[6-sni-session-ticket]
-ssl_conf = 6-sni-session-ticket-ssl
-
-[6-sni-session-ticket-ssl]
-server = 6-sni-session-ticket-server
-client = 6-sni-session-ticket-client
-server2 = 6-sni-session-ticket-server2
-
-[6-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ExpectedResult = Success
-ExpectedServerName = server2
-SessionIdExpected = Yes
-SessionTicketExpected = No
-server = 6-sni-session-ticket-server-extra
-client = 6-sni-session-ticket-client-extra
-
-[6-sni-session-ticket-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[6-sni-session-ticket-client-extra]
-ServerName = server2
-
-
-# ===========================================================
-
-[7-sni-session-ticket]
-ssl_conf = 7-sni-session-ticket-ssl
-
-[7-sni-session-ticket-ssl]
-server = 7-sni-session-ticket-server
-client = 7-sni-session-ticket-client
-server2 = 7-sni-session-ticket-server2
-
-[7-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-ExpectedResult = Success
-ExpectedServerName = server1
-SessionIdExpected = Yes
-SessionTicketExpected = No
-server = 7-sni-session-ticket-server-extra
-client = 7-sni-session-ticket-client-extra
-
-[7-sni-session-ticket-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[7-sni-session-ticket-client-extra]
-ServerName = server1
-
-
-# ===========================================================
-
-[8-sni-session-ticket]
-ssl_conf = 8-sni-session-ticket-ssl
-
-[8-sni-session-ticket-ssl]
-server = 8-sni-session-ticket-server
-client = 8-sni-session-ticket-client
-server2 = 8-sni-session-ticket-server2
-
-[8-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-8]
-ExpectedResult = Success
-ExpectedServerName = server2
-SessionIdExpected = Yes
-SessionTicketExpected = No
-server = 8-sni-session-ticket-server-extra
-client = 8-sni-session-ticket-client-extra
-
-[8-sni-session-ticket-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[8-sni-session-ticket-client-extra]
-ServerName = server2
-
-
-# ===========================================================
-
-[9-sni-session-ticket]
-ssl_conf = 9-sni-session-ticket-ssl
-
-[9-sni-session-ticket-ssl]
-server = 9-sni-session-ticket-server
-client = 9-sni-session-ticket-client
-server2 = 9-sni-session-ticket-server2
-
-[9-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[9-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[9-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = -SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-9]
-ExpectedResult = Success
-ExpectedServerName = server1
-SessionIdExpected = Yes
-SessionTicketExpected = No
-server = 9-sni-session-ticket-server-extra
-client = 9-sni-session-ticket-client-extra
-
-[9-sni-session-ticket-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[9-sni-session-ticket-client-extra]
-ServerName = server1
-
-
-# ===========================================================
-
-[10-sni-session-ticket]
-ssl_conf = 10-sni-session-ticket-ssl
-
-[10-sni-session-ticket-ssl]
-server = 10-sni-session-ticket-server
-client = 10-sni-session-ticket-client
-server2 = 10-sni-session-ticket-server2
-
-[10-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[10-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[10-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = -SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-10]
-ExpectedResult = Success
-ExpectedServerName = server2
-SessionIdExpected = Yes
-SessionTicketExpected = No
-server = 10-sni-session-ticket-server-extra
-client = 10-sni-session-ticket-client-extra
-
-[10-sni-session-ticket-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[10-sni-session-ticket-client-extra]
-ServerName = server2
-
-
-# ===========================================================
-
-[11-sni-session-ticket]
-ssl_conf = 11-sni-session-ticket-ssl
-
-[11-sni-session-ticket-ssl]
-server = 11-sni-session-ticket-server
-client = 11-sni-session-ticket-client
-server2 = 11-sni-session-ticket-server2
-
-[11-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[11-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[11-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = -SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-11]
-ExpectedResult = Success
-ExpectedServerName = server1
-SessionIdExpected = Yes
-SessionTicketExpected = No
-server = 11-sni-session-ticket-server-extra
-client = 11-sni-session-ticket-client-extra
-
-[11-sni-session-ticket-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[11-sni-session-ticket-client-extra]
-ServerName = server1
-
-
-# ===========================================================
-
-[12-sni-session-ticket]
-ssl_conf = 12-sni-session-ticket-ssl
-
-[12-sni-session-ticket-ssl]
-server = 12-sni-session-ticket-server
-client = 12-sni-session-ticket-client
-server2 = 12-sni-session-ticket-server2
-
-[12-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[12-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[12-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = -SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-12]
-ExpectedResult = Success
-ExpectedServerName = server2
-SessionIdExpected = Yes
-SessionTicketExpected = No
-server = 12-sni-session-ticket-server-extra
-client = 12-sni-session-ticket-client-extra
-
-[12-sni-session-ticket-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[12-sni-session-ticket-client-extra]
-ServerName = server2
-
-
-# ===========================================================
-
-[13-sni-session-ticket]
-ssl_conf = 13-sni-session-ticket-ssl
-
-[13-sni-session-ticket-ssl]
-server = 13-sni-session-ticket-server
-client = 13-sni-session-ticket-client
-server2 = 13-sni-session-ticket-server2
-
-[13-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[13-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[13-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = -SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-13]
-ExpectedResult = Success
-ExpectedServerName = server1
-SessionIdExpected = Yes
-SessionTicketExpected = No
-server = 13-sni-session-ticket-server-extra
-client = 13-sni-session-ticket-client-extra
-
-[13-sni-session-ticket-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[13-sni-session-ticket-client-extra]
-ServerName = server1
-
-
-# ===========================================================
-
-[14-sni-session-ticket]
-ssl_conf = 14-sni-session-ticket-ssl
-
-[14-sni-session-ticket-ssl]
-server = 14-sni-session-ticket-server
-client = 14-sni-session-ticket-client
-server2 = 14-sni-session-ticket-server2
-
-[14-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[14-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[14-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = -SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-14]
-ExpectedResult = Success
-ExpectedServerName = server2
-SessionIdExpected = Yes
-SessionTicketExpected = No
-server = 14-sni-session-ticket-server-extra
-client = 14-sni-session-ticket-client-extra
-
-[14-sni-session-ticket-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[14-sni-session-ticket-client-extra]
-ServerName = server2
-
-
-# ===========================================================
-
-[15-sni-session-ticket]
-ssl_conf = 15-sni-session-ticket-ssl
-
-[15-sni-session-ticket-ssl]
-server = 15-sni-session-ticket-server
-client = 15-sni-session-ticket-client
-server2 = 15-sni-session-ticket-server2
-
-[15-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[15-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[15-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = -SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-15]
-ExpectedResult = Success
-ExpectedServerName = server1
-SessionIdExpected = Yes
-SessionTicketExpected = No
-server = 15-sni-session-ticket-server-extra
-client = 15-sni-session-ticket-client-extra
-
-[15-sni-session-ticket-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[15-sni-session-ticket-client-extra]
-ServerName = server1
-
-
-# ===========================================================
-
-[16-sni-session-ticket]
-ssl_conf = 16-sni-session-ticket-ssl
-
-[16-sni-session-ticket-ssl]
-server = 16-sni-session-ticket-server
-client = 16-sni-session-ticket-client
-server2 = 16-sni-session-ticket-server2
-
-[16-sni-session-ticket-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[16-sni-session-ticket-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[16-sni-session-ticket-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = -SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-16]
-ExpectedResult = Success
-ExpectedServerName = server2
-SessionIdExpected = Yes
-SessionTicketExpected = No
-server = 16-sni-session-ticket-server-extra
-client = 16-sni-session-ticket-client-extra
-
-[16-sni-session-ticket-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[16-sni-session-ticket-client-extra]
-ServerName = server2
-
-
diff --git a/test/ssl-tests/06-sni-ticket.conf.in b/test/ssl-tests/06-sni-ticket.conf.in

deleted file mode 100644 (file)

index 6a22afc..0000000
--- a/test/ssl-tests/06-sni-ticket.conf.in
+++ /dev/null
@@ -1,101 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test SNI/Session tickets
-
-use strict;
-use warnings;
-
-package ssltests;
-
-
-our @tests = ();
-
-#Note: MaxProtocol is set to TLSv1.2 as session tickets work differently in
-#TLSv1.3.
-sub generate_tests() {
-    foreach my $c ("SessionTicket", "-SessionTicket") {
-        foreach my $s1 ("SessionTicket", "-SessionTicket") {
-            foreach my $s2 ("SessionTicket", "-SessionTicket") {
-                foreach my $n ("server1", "server2") {
-                    my $ticket_result = expected_result($c, $s1, $s2, $n);
-                    my $session_id_result = "Yes"; # always, even with a ticket
-                    push @tests, {
-                        "name" => "sni-session-ticket",
-                        "client" => {
-                            "Options" => $c,
-                            "extra" => {
-                                "ServerName" => $n,
-                            },
-                            "MaxProtocol" => "TLSv1.2"
-                        },
-                        "server" => {
-                            "Options" => $s1,
-                            "extra" => {
-                                # We don't test mismatch here.
-                                "ServerNameCallback" => "IgnoreMismatch",
-                            },
-                        },
-                        "server2" => {
-                            "Options" => $s2,
-                        },
-                        "test" => {
-                            "ExpectedServerName" => $n,
-                            "ExpectedResult" => "Success",
-                            "SessionIdExpected" => $session_id_result,
-                            "SessionTicketExpected" => $ticket_result,
-                        }
-                    };
-                }
-            }
-        }
-    }
-}
-
-# If the client has session tickets disabled, then No support
-# If the server initial_ctx has session tickets disabled, then No support
-# If SNI is in use, then if the "switched-to" context has session tickets disabled,
-#    then No support
-sub expected_result {
-    my ($c, $s1, $s2, $n) = @_;
-
-    return "No" if $c eq "-SessionTicket";
-    return "No" if $s1 eq "-SessionTicket";
-    return "No" if ($s2 eq "-SessionTicket" && $n eq "server2");
-
-    return "Yes";
-
-}
-
-# Add a "Broken" case.
-push @tests, {
-    "name" => "sni-session-ticket",
-    "client" => {
-        "MaxProtocol" => "TLSv1.2",
-        "Options" => "SessionTicket",
-        "extra" => {
-            "ServerName" => "server1",
-        }
-    },
-    "server" => {
-        "Options" => "SessionTicket",
-        "extra" => {
-              "BrokenSessionTicket" => "Yes",
-        },
-    },
-    "server2" => {
-        "Options" => "SessionTicket",
-    },
-    "test" => {
-        "ExpectedResult" => "Success",
-        "SessionTicketExpected" => "No",
-    }
-};
-
-generate_tests();
diff --git a/test/ssl-tests/07-dtls-protocol-version.cnf b/test/ssl-tests/07-dtls-protocol-version.cnf

new file mode 100644 (file)

index 0000000..3304a3b
--- /dev/null
+++ b/test/ssl-tests/07-dtls-protocol-version.cnf
@@ -0,0 +1,1820 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 64
+
+test-0 = 0-version-negotiation
+test-1 = 1-version-negotiation
+test-2 = 2-version-negotiation
+test-3 = 3-version-negotiation
+test-4 = 4-version-negotiation
+test-5 = 5-version-negotiation
+test-6 = 6-version-negotiation
+test-7 = 7-version-negotiation
+test-8 = 8-version-negotiation
+test-9 = 9-version-negotiation
+test-10 = 10-version-negotiation
+test-11 = 11-version-negotiation
+test-12 = 12-version-negotiation
+test-13 = 13-version-negotiation
+test-14 = 14-version-negotiation
+test-15 = 15-version-negotiation
+test-16 = 16-version-negotiation
+test-17 = 17-version-negotiation
+test-18 = 18-version-negotiation
+test-19 = 19-version-negotiation
+test-20 = 20-version-negotiation
+test-21 = 21-version-negotiation
+test-22 = 22-version-negotiation
+test-23 = 23-version-negotiation
+test-24 = 24-version-negotiation
+test-25 = 25-version-negotiation
+test-26 = 26-version-negotiation
+test-27 = 27-version-negotiation
+test-28 = 28-version-negotiation
+test-29 = 29-version-negotiation
+test-30 = 30-version-negotiation
+test-31 = 31-version-negotiation
+test-32 = 32-version-negotiation
+test-33 = 33-version-negotiation
+test-34 = 34-version-negotiation
+test-35 = 35-version-negotiation
+test-36 = 36-version-negotiation
+test-37 = 37-version-negotiation
+test-38 = 38-version-negotiation
+test-39 = 39-version-negotiation
+test-40 = 40-version-negotiation
+test-41 = 41-version-negotiation
+test-42 = 42-version-negotiation
+test-43 = 43-version-negotiation
+test-44 = 44-version-negotiation
+test-45 = 45-version-negotiation
+test-46 = 46-version-negotiation
+test-47 = 47-version-negotiation
+test-48 = 48-version-negotiation
+test-49 = 49-version-negotiation
+test-50 = 50-version-negotiation
+test-51 = 51-version-negotiation
+test-52 = 52-version-negotiation
+test-53 = 53-version-negotiation
+test-54 = 54-version-negotiation
+test-55 = 55-version-negotiation
+test-56 = 56-version-negotiation
+test-57 = 57-version-negotiation
+test-58 = 58-version-negotiation
+test-59 = 59-version-negotiation
+test-60 = 60-version-negotiation
+test-61 = 61-version-negotiation
+test-62 = 62-version-negotiation
+test-63 = 63-version-negotiation
+# ===========================================================
+
+[0-version-negotiation]
+ssl_conf = 0-version-negotiation-ssl
+
+[0-version-negotiation-ssl]
+server = 0-version-negotiation-server
+client = 0-version-negotiation-client
+
+[0-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[1-version-negotiation]
+ssl_conf = 1-version-negotiation-ssl
+
+[1-version-negotiation-ssl]
+server = 1-version-negotiation-server
+client = 1-version-negotiation-client
+
+[1-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[2-version-negotiation]
+ssl_conf = 2-version-negotiation-ssl
+
+[2-version-negotiation-ssl]
+server = 2-version-negotiation-server
+client = 2-version-negotiation-client
+
+[2-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[3-version-negotiation]
+ssl_conf = 3-version-negotiation-ssl
+
+[3-version-negotiation-ssl]
+server = 3-version-negotiation-server
+client = 3-version-negotiation-client
+
+[3-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[4-version-negotiation]
+ssl_conf = 4-version-negotiation-ssl
+
+[4-version-negotiation-ssl]
+server = 4-version-negotiation-server
+client = 4-version-negotiation-client
+
+[4-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[5-version-negotiation]
+ssl_conf = 5-version-negotiation-ssl
+
+[5-version-negotiation-ssl]
+server = 5-version-negotiation-server
+client = 5-version-negotiation-client
+
+[5-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[6-version-negotiation]
+ssl_conf = 6-version-negotiation-ssl
+
+[6-version-negotiation-ssl]
+server = 6-version-negotiation-server
+client = 6-version-negotiation-client
+
+[6-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = ServerFail
+Method = DTLS
+
+
+# ===========================================================
+
+[7-version-negotiation]
+ssl_conf = 7-version-negotiation-ssl
+
+[7-version-negotiation-ssl]
+server = 7-version-negotiation-server
+client = 7-version-negotiation-client
+
+[7-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = ServerFail
+Method = DTLS
+
+
+# ===========================================================
+
+[8-version-negotiation]
+ssl_conf = 8-version-negotiation-ssl
+
+[8-version-negotiation-ssl]
+server = 8-version-negotiation-server
+client = 8-version-negotiation-client
+
+[8-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[9-version-negotiation]
+ssl_conf = 9-version-negotiation-ssl
+
+[9-version-negotiation-ssl]
+server = 9-version-negotiation-server
+client = 9-version-negotiation-client
+
+[9-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[10-version-negotiation]
+ssl_conf = 10-version-negotiation-ssl
+
+[10-version-negotiation-ssl]
+server = 10-version-negotiation-server
+client = 10-version-negotiation-client
+
+[10-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[11-version-negotiation]
+ssl_conf = 11-version-negotiation-ssl
+
+[11-version-negotiation-ssl]
+server = 11-version-negotiation-server
+client = 11-version-negotiation-client
+
+[11-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[12-version-negotiation]
+ssl_conf = 12-version-negotiation-ssl
+
+[12-version-negotiation-ssl]
+server = 12-version-negotiation-server
+client = 12-version-negotiation-client
+
+[12-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[13-version-negotiation]
+ssl_conf = 13-version-negotiation-ssl
+
+[13-version-negotiation-ssl]
+server = 13-version-negotiation-server
+client = 13-version-negotiation-client
+
+[13-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[14-version-negotiation]
+ssl_conf = 14-version-negotiation-ssl
+
+[14-version-negotiation-ssl]
+server = 14-version-negotiation-server
+client = 14-version-negotiation-client
+
+[14-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[15-version-negotiation]
+ssl_conf = 15-version-negotiation-ssl
+
+[15-version-negotiation-ssl]
+server = 15-version-negotiation-server
+client = 15-version-negotiation-client
+
+[15-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[16-version-negotiation]
+ssl_conf = 16-version-negotiation-ssl
+
+[16-version-negotiation-ssl]
+server = 16-version-negotiation-server
+client = 16-version-negotiation-client
+
+[16-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[17-version-negotiation]
+ssl_conf = 17-version-negotiation-ssl
+
+[17-version-negotiation-ssl]
+server = 17-version-negotiation-server
+client = 17-version-negotiation-client
+
+[17-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[18-version-negotiation]
+ssl_conf = 18-version-negotiation-ssl
+
+[18-version-negotiation-ssl]
+server = 18-version-negotiation-server
+client = 18-version-negotiation-client
+
+[18-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[19-version-negotiation]
+ssl_conf = 19-version-negotiation-ssl
+
+[19-version-negotiation-ssl]
+server = 19-version-negotiation-server
+client = 19-version-negotiation-client
+
+[19-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[20-version-negotiation]
+ssl_conf = 20-version-negotiation-ssl
+
+[20-version-negotiation-ssl]
+server = 20-version-negotiation-server
+client = 20-version-negotiation-client
+
+[20-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[20-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-20]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[21-version-negotiation]
+ssl_conf = 21-version-negotiation-ssl
+
+[21-version-negotiation-ssl]
+server = 21-version-negotiation-server
+client = 21-version-negotiation-client
+
+[21-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[21-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-21]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[22-version-negotiation]
+ssl_conf = 22-version-negotiation-ssl
+
+[22-version-negotiation-ssl]
+server = 22-version-negotiation-server
+client = 22-version-negotiation-client
+
+[22-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[22-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-22]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[23-version-negotiation]
+ssl_conf = 23-version-negotiation-ssl
+
+[23-version-negotiation-ssl]
+server = 23-version-negotiation-server
+client = 23-version-negotiation-client
+
+[23-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[23-version-negotiation-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-23]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[24-version-negotiation]
+ssl_conf = 24-version-negotiation-ssl
+
+[24-version-negotiation-ssl]
+server = 24-version-negotiation-server
+client = 24-version-negotiation-client
+
+[24-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[24-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-24]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[25-version-negotiation]
+ssl_conf = 25-version-negotiation-ssl
+
+[25-version-negotiation-ssl]
+server = 25-version-negotiation-server
+client = 25-version-negotiation-client
+
+[25-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[25-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-25]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[26-version-negotiation]
+ssl_conf = 26-version-negotiation-ssl
+
+[26-version-negotiation-ssl]
+server = 26-version-negotiation-server
+client = 26-version-negotiation-client
+
+[26-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[26-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-26]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[27-version-negotiation]
+ssl_conf = 27-version-negotiation-ssl
+
+[27-version-negotiation-ssl]
+server = 27-version-negotiation-server
+client = 27-version-negotiation-client
+
+[27-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[27-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-27]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[28-version-negotiation]
+ssl_conf = 28-version-negotiation-ssl
+
+[28-version-negotiation-ssl]
+server = 28-version-negotiation-server
+client = 28-version-negotiation-client
+
+[28-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[28-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-28]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[29-version-negotiation]
+ssl_conf = 29-version-negotiation-ssl
+
+[29-version-negotiation-ssl]
+server = 29-version-negotiation-server
+client = 29-version-negotiation-client
+
+[29-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[29-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-29]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[30-version-negotiation]
+ssl_conf = 30-version-negotiation-ssl
+
+[30-version-negotiation-ssl]
+server = 30-version-negotiation-server
+client = 30-version-negotiation-client
+
+[30-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[30-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-30]
+ExpectedResult = ServerFail
+Method = DTLS
+
+
+# ===========================================================
+
+[31-version-negotiation]
+ssl_conf = 31-version-negotiation-ssl
+
+[31-version-negotiation-ssl]
+server = 31-version-negotiation-server
+client = 31-version-negotiation-client
+
+[31-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[31-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-31]
+ExpectedResult = ServerFail
+Method = DTLS
+
+
+# ===========================================================
+
+[32-version-negotiation]
+ssl_conf = 32-version-negotiation-ssl
+
+[32-version-negotiation-ssl]
+server = 32-version-negotiation-server
+client = 32-version-negotiation-client
+
+[32-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[32-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-32]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[33-version-negotiation]
+ssl_conf = 33-version-negotiation-ssl
+
+[33-version-negotiation-ssl]
+server = 33-version-negotiation-server
+client = 33-version-negotiation-client
+
+[33-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[33-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-33]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[34-version-negotiation]
+ssl_conf = 34-version-negotiation-ssl
+
+[34-version-negotiation-ssl]
+server = 34-version-negotiation-server
+client = 34-version-negotiation-client
+
+[34-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[34-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-34]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[35-version-negotiation]
+ssl_conf = 35-version-negotiation-ssl
+
+[35-version-negotiation-ssl]
+server = 35-version-negotiation-server
+client = 35-version-negotiation-client
+
+[35-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[35-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-35]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[36-version-negotiation]
+ssl_conf = 36-version-negotiation-ssl
+
+[36-version-negotiation-ssl]
+server = 36-version-negotiation-server
+client = 36-version-negotiation-client
+
+[36-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[36-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-36]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[37-version-negotiation]
+ssl_conf = 37-version-negotiation-ssl
+
+[37-version-negotiation-ssl]
+server = 37-version-negotiation-server
+client = 37-version-negotiation-client
+
+[37-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[37-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-37]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[38-version-negotiation]
+ssl_conf = 38-version-negotiation-ssl
+
+[38-version-negotiation-ssl]
+server = 38-version-negotiation-server
+client = 38-version-negotiation-client
+
+[38-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[38-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-38]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[39-version-negotiation]
+ssl_conf = 39-version-negotiation-ssl
+
+[39-version-negotiation-ssl]
+server = 39-version-negotiation-server
+client = 39-version-negotiation-client
+
+[39-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[39-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-39]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[40-version-negotiation]
+ssl_conf = 40-version-negotiation-ssl
+
+[40-version-negotiation-ssl]
+server = 40-version-negotiation-server
+client = 40-version-negotiation-client
+
+[40-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[40-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-40]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[41-version-negotiation]
+ssl_conf = 41-version-negotiation-ssl
+
+[41-version-negotiation-ssl]
+server = 41-version-negotiation-server
+client = 41-version-negotiation-client
+
+[41-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[41-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-41]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[42-version-negotiation]
+ssl_conf = 42-version-negotiation-ssl
+
+[42-version-negotiation-ssl]
+server = 42-version-negotiation-server
+client = 42-version-negotiation-client
+
+[42-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[42-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-42]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[43-version-negotiation]
+ssl_conf = 43-version-negotiation-ssl
+
+[43-version-negotiation-ssl]
+server = 43-version-negotiation-server
+client = 43-version-negotiation-client
+
+[43-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[43-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-43]
+ExpectedProtocol = DTLSv1
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[44-version-negotiation]
+ssl_conf = 44-version-negotiation-ssl
+
+[44-version-negotiation-ssl]
+server = 44-version-negotiation-server
+client = 44-version-negotiation-client
+
+[44-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[44-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-44]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[45-version-negotiation]
+ssl_conf = 45-version-negotiation-ssl
+
+[45-version-negotiation-ssl]
+server = 45-version-negotiation-server
+client = 45-version-negotiation-client
+
+[45-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[45-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-45]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[46-version-negotiation]
+ssl_conf = 46-version-negotiation-ssl
+
+[46-version-negotiation-ssl]
+server = 46-version-negotiation-server
+client = 46-version-negotiation-client
+
+[46-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[46-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-46]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[47-version-negotiation]
+ssl_conf = 47-version-negotiation-ssl
+
+[47-version-negotiation-ssl]
+server = 47-version-negotiation-server
+client = 47-version-negotiation-client
+
+[47-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[47-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-47]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[48-version-negotiation]
+ssl_conf = 48-version-negotiation-ssl
+
+[48-version-negotiation-ssl]
+server = 48-version-negotiation-server
+client = 48-version-negotiation-client
+
+[48-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[48-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-48]
+ExpectedResult = ClientFail
+Method = DTLS
+
+
+# ===========================================================
+
+[49-version-negotiation]
+ssl_conf = 49-version-negotiation-ssl
+
+[49-version-negotiation-ssl]
+server = 49-version-negotiation-server
+client = 49-version-negotiation-client
+
+[49-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[49-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-49]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[50-version-negotiation]
+ssl_conf = 50-version-negotiation-ssl
+
+[50-version-negotiation-ssl]
+server = 50-version-negotiation-server
+client = 50-version-negotiation-client
+
+[50-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[50-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-50]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[51-version-negotiation]
+ssl_conf = 51-version-negotiation-ssl
+
+[51-version-negotiation-ssl]
+server = 51-version-negotiation-server
+client = 51-version-negotiation-client
+
+[51-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[51-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-51]
+ExpectedResult = ClientFail
+Method = DTLS
+
+
+# ===========================================================
+
+[52-version-negotiation]
+ssl_conf = 52-version-negotiation-ssl
+
+[52-version-negotiation-ssl]
+server = 52-version-negotiation-server
+client = 52-version-negotiation-client
+
+[52-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[52-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-52]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[53-version-negotiation]
+ssl_conf = 53-version-negotiation-ssl
+
+[53-version-negotiation-ssl]
+server = 53-version-negotiation-server
+client = 53-version-negotiation-client
+
+[53-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[53-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-53]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[54-version-negotiation]
+ssl_conf = 54-version-negotiation-ssl
+
+[54-version-negotiation-ssl]
+server = 54-version-negotiation-server
+client = 54-version-negotiation-client
+
+[54-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[54-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-54]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[55-version-negotiation]
+ssl_conf = 55-version-negotiation-ssl
+
+[55-version-negotiation-ssl]
+server = 55-version-negotiation-server
+client = 55-version-negotiation-client
+
+[55-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[55-version-negotiation-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-55]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[56-version-negotiation]
+ssl_conf = 56-version-negotiation-ssl
+
+[56-version-negotiation-ssl]
+server = 56-version-negotiation-server
+client = 56-version-negotiation-client
+
+[56-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[56-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-56]
+ExpectedResult = ClientFail
+Method = DTLS
+
+
+# ===========================================================
+
+[57-version-negotiation]
+ssl_conf = 57-version-negotiation-ssl
+
+[57-version-negotiation-ssl]
+server = 57-version-negotiation-server
+client = 57-version-negotiation-client
+
+[57-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[57-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-57]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[58-version-negotiation]
+ssl_conf = 58-version-negotiation-ssl
+
+[58-version-negotiation-ssl]
+server = 58-version-negotiation-server
+client = 58-version-negotiation-client
+
+[58-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[58-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-58]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[59-version-negotiation]
+ssl_conf = 59-version-negotiation-ssl
+
+[59-version-negotiation-ssl]
+server = 59-version-negotiation-server
+client = 59-version-negotiation-client
+
+[59-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[59-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-59]
+ExpectedResult = ClientFail
+Method = DTLS
+
+
+# ===========================================================
+
+[60-version-negotiation]
+ssl_conf = 60-version-negotiation-ssl
+
+[60-version-negotiation-ssl]
+server = 60-version-negotiation-server
+client = 60-version-negotiation-client
+
+[60-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[60-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-60]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[61-version-negotiation]
+ssl_conf = 61-version-negotiation-ssl
+
+[61-version-negotiation-ssl]
+server = 61-version-negotiation-server
+client = 61-version-negotiation-client
+
+[61-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[61-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-61]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[62-version-negotiation]
+ssl_conf = 62-version-negotiation-ssl
+
+[62-version-negotiation-ssl]
+server = 62-version-negotiation-server
+client = 62-version-negotiation-client
+
+[62-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[62-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-62]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
+# ===========================================================
+
+[63-version-negotiation]
+ssl_conf = 63-version-negotiation-ssl
+
+[63-version-negotiation-ssl]
+server = 63-version-negotiation-server
+client = 63-version-negotiation-client
+
+[63-version-negotiation-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[63-version-negotiation-client]
+CipherString = DEFAULT
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-63]
+ExpectedProtocol = DTLSv1.2
+ExpectedResult = Success
+Method = DTLS
+
+
diff --git a/test/ssl-tests/07-dtls-protocol-version.cnf.in b/test/ssl-tests/07-dtls-protocol-version.cnf.in

new file mode 100644 (file)

index 0000000..2a53433
--- /dev/null
+++ b/test/ssl-tests/07-dtls-protocol-version.cnf.in
@@ -0,0 +1,19 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test DTLS version negotiation
+
+package ssltests;
+
+use strict;
+use warnings;
+
+use protocol_version;
+
+our @tests = generate_version_tests("DTLS");
diff --git a/test/ssl-tests/07-dtls-protocol-version.conf b/test/ssl-tests/07-dtls-protocol-version.conf

deleted file mode 100644 (file)

index 3304a3b..0000000
--- a/test/ssl-tests/07-dtls-protocol-version.conf
+++ /dev/null
@@ -1,1820 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 64
-
-test-0 = 0-version-negotiation
-test-1 = 1-version-negotiation
-test-2 = 2-version-negotiation
-test-3 = 3-version-negotiation
-test-4 = 4-version-negotiation
-test-5 = 5-version-negotiation
-test-6 = 6-version-negotiation
-test-7 = 7-version-negotiation
-test-8 = 8-version-negotiation
-test-9 = 9-version-negotiation
-test-10 = 10-version-negotiation
-test-11 = 11-version-negotiation
-test-12 = 12-version-negotiation
-test-13 = 13-version-negotiation
-test-14 = 14-version-negotiation
-test-15 = 15-version-negotiation
-test-16 = 16-version-negotiation
-test-17 = 17-version-negotiation
-test-18 = 18-version-negotiation
-test-19 = 19-version-negotiation
-test-20 = 20-version-negotiation
-test-21 = 21-version-negotiation
-test-22 = 22-version-negotiation
-test-23 = 23-version-negotiation
-test-24 = 24-version-negotiation
-test-25 = 25-version-negotiation
-test-26 = 26-version-negotiation
-test-27 = 27-version-negotiation
-test-28 = 28-version-negotiation
-test-29 = 29-version-negotiation
-test-30 = 30-version-negotiation
-test-31 = 31-version-negotiation
-test-32 = 32-version-negotiation
-test-33 = 33-version-negotiation
-test-34 = 34-version-negotiation
-test-35 = 35-version-negotiation
-test-36 = 36-version-negotiation
-test-37 = 37-version-negotiation
-test-38 = 38-version-negotiation
-test-39 = 39-version-negotiation
-test-40 = 40-version-negotiation
-test-41 = 41-version-negotiation
-test-42 = 42-version-negotiation
-test-43 = 43-version-negotiation
-test-44 = 44-version-negotiation
-test-45 = 45-version-negotiation
-test-46 = 46-version-negotiation
-test-47 = 47-version-negotiation
-test-48 = 48-version-negotiation
-test-49 = 49-version-negotiation
-test-50 = 50-version-negotiation
-test-51 = 51-version-negotiation
-test-52 = 52-version-negotiation
-test-53 = 53-version-negotiation
-test-54 = 54-version-negotiation
-test-55 = 55-version-negotiation
-test-56 = 56-version-negotiation
-test-57 = 57-version-negotiation
-test-58 = 58-version-negotiation
-test-59 = 59-version-negotiation
-test-60 = 60-version-negotiation
-test-61 = 61-version-negotiation
-test-62 = 62-version-negotiation
-test-63 = 63-version-negotiation
-# ===========================================================
-
-[0-version-negotiation]
-ssl_conf = 0-version-negotiation-ssl
-
-[0-version-negotiation-ssl]
-server = 0-version-negotiation-server
-client = 0-version-negotiation-client
-
-[0-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[1-version-negotiation]
-ssl_conf = 1-version-negotiation-ssl
-
-[1-version-negotiation-ssl]
-server = 1-version-negotiation-server
-client = 1-version-negotiation-client
-
-[1-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[2-version-negotiation]
-ssl_conf = 2-version-negotiation-ssl
-
-[2-version-negotiation-ssl]
-server = 2-version-negotiation-server
-client = 2-version-negotiation-client
-
-[2-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[3-version-negotiation]
-ssl_conf = 3-version-negotiation-ssl
-
-[3-version-negotiation-ssl]
-server = 3-version-negotiation-server
-client = 3-version-negotiation-client
-
-[3-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[4-version-negotiation]
-ssl_conf = 4-version-negotiation-ssl
-
-[4-version-negotiation-ssl]
-server = 4-version-negotiation-server
-client = 4-version-negotiation-client
-
-[4-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[5-version-negotiation]
-ssl_conf = 5-version-negotiation-ssl
-
-[5-version-negotiation-ssl]
-server = 5-version-negotiation-server
-client = 5-version-negotiation-client
-
-[5-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[6-version-negotiation]
-ssl_conf = 6-version-negotiation-ssl
-
-[6-version-negotiation-ssl]
-server = 6-version-negotiation-server
-client = 6-version-negotiation-client
-
-[6-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ExpectedResult = ServerFail
-Method = DTLS
-
-
-# ===========================================================
-
-[7-version-negotiation]
-ssl_conf = 7-version-negotiation-ssl
-
-[7-version-negotiation-ssl]
-server = 7-version-negotiation-server
-client = 7-version-negotiation-client
-
-[7-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-ExpectedResult = ServerFail
-Method = DTLS
-
-
-# ===========================================================
-
-[8-version-negotiation]
-ssl_conf = 8-version-negotiation-ssl
-
-[8-version-negotiation-ssl]
-server = 8-version-negotiation-server
-client = 8-version-negotiation-client
-
-[8-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-8]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[9-version-negotiation]
-ssl_conf = 9-version-negotiation-ssl
-
-[9-version-negotiation-ssl]
-server = 9-version-negotiation-server
-client = 9-version-negotiation-client
-
-[9-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[9-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-9]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[10-version-negotiation]
-ssl_conf = 10-version-negotiation-ssl
-
-[10-version-negotiation-ssl]
-server = 10-version-negotiation-server
-client = 10-version-negotiation-client
-
-[10-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[10-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-10]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[11-version-negotiation]
-ssl_conf = 11-version-negotiation-ssl
-
-[11-version-negotiation-ssl]
-server = 11-version-negotiation-server
-client = 11-version-negotiation-client
-
-[11-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[11-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-11]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[12-version-negotiation]
-ssl_conf = 12-version-negotiation-ssl
-
-[12-version-negotiation-ssl]
-server = 12-version-negotiation-server
-client = 12-version-negotiation-client
-
-[12-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[12-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-12]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[13-version-negotiation]
-ssl_conf = 13-version-negotiation-ssl
-
-[13-version-negotiation-ssl]
-server = 13-version-negotiation-server
-client = 13-version-negotiation-client
-
-[13-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[13-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-13]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[14-version-negotiation]
-ssl_conf = 14-version-negotiation-ssl
-
-[14-version-negotiation-ssl]
-server = 14-version-negotiation-server
-client = 14-version-negotiation-client
-
-[14-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[14-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-14]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[15-version-negotiation]
-ssl_conf = 15-version-negotiation-ssl
-
-[15-version-negotiation-ssl]
-server = 15-version-negotiation-server
-client = 15-version-negotiation-client
-
-[15-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[15-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-15]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[16-version-negotiation]
-ssl_conf = 16-version-negotiation-ssl
-
-[16-version-negotiation-ssl]
-server = 16-version-negotiation-server
-client = 16-version-negotiation-client
-
-[16-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[16-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-16]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[17-version-negotiation]
-ssl_conf = 17-version-negotiation-ssl
-
-[17-version-negotiation-ssl]
-server = 17-version-negotiation-server
-client = 17-version-negotiation-client
-
-[17-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[17-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-17]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[18-version-negotiation]
-ssl_conf = 18-version-negotiation-ssl
-
-[18-version-negotiation-ssl]
-server = 18-version-negotiation-server
-client = 18-version-negotiation-client
-
-[18-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[18-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-18]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[19-version-negotiation]
-ssl_conf = 19-version-negotiation-ssl
-
-[19-version-negotiation-ssl]
-server = 19-version-negotiation-server
-client = 19-version-negotiation-client
-
-[19-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[19-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-19]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[20-version-negotiation]
-ssl_conf = 20-version-negotiation-ssl
-
-[20-version-negotiation-ssl]
-server = 20-version-negotiation-server
-client = 20-version-negotiation-client
-
-[20-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[20-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-20]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[21-version-negotiation]
-ssl_conf = 21-version-negotiation-ssl
-
-[21-version-negotiation-ssl]
-server = 21-version-negotiation-server
-client = 21-version-negotiation-client
-
-[21-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[21-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-21]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[22-version-negotiation]
-ssl_conf = 22-version-negotiation-ssl
-
-[22-version-negotiation-ssl]
-server = 22-version-negotiation-server
-client = 22-version-negotiation-client
-
-[22-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[22-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-22]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[23-version-negotiation]
-ssl_conf = 23-version-negotiation-ssl
-
-[23-version-negotiation-ssl]
-server = 23-version-negotiation-server
-client = 23-version-negotiation-client
-
-[23-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[23-version-negotiation-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-23]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[24-version-negotiation]
-ssl_conf = 24-version-negotiation-ssl
-
-[24-version-negotiation-ssl]
-server = 24-version-negotiation-server
-client = 24-version-negotiation-client
-
-[24-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[24-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-24]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[25-version-negotiation]
-ssl_conf = 25-version-negotiation-ssl
-
-[25-version-negotiation-ssl]
-server = 25-version-negotiation-server
-client = 25-version-negotiation-client
-
-[25-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[25-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-25]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[26-version-negotiation]
-ssl_conf = 26-version-negotiation-ssl
-
-[26-version-negotiation-ssl]
-server = 26-version-negotiation-server
-client = 26-version-negotiation-client
-
-[26-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[26-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-26]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[27-version-negotiation]
-ssl_conf = 27-version-negotiation-ssl
-
-[27-version-negotiation-ssl]
-server = 27-version-negotiation-server
-client = 27-version-negotiation-client
-
-[27-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[27-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-27]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[28-version-negotiation]
-ssl_conf = 28-version-negotiation-ssl
-
-[28-version-negotiation-ssl]
-server = 28-version-negotiation-server
-client = 28-version-negotiation-client
-
-[28-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[28-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-28]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[29-version-negotiation]
-ssl_conf = 29-version-negotiation-ssl
-
-[29-version-negotiation-ssl]
-server = 29-version-negotiation-server
-client = 29-version-negotiation-client
-
-[29-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[29-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-29]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[30-version-negotiation]
-ssl_conf = 30-version-negotiation-ssl
-
-[30-version-negotiation-ssl]
-server = 30-version-negotiation-server
-client = 30-version-negotiation-client
-
-[30-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[30-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-30]
-ExpectedResult = ServerFail
-Method = DTLS
-
-
-# ===========================================================
-
-[31-version-negotiation]
-ssl_conf = 31-version-negotiation-ssl
-
-[31-version-negotiation-ssl]
-server = 31-version-negotiation-server
-client = 31-version-negotiation-client
-
-[31-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[31-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-31]
-ExpectedResult = ServerFail
-Method = DTLS
-
-
-# ===========================================================
-
-[32-version-negotiation]
-ssl_conf = 32-version-negotiation-ssl
-
-[32-version-negotiation-ssl]
-server = 32-version-negotiation-server
-client = 32-version-negotiation-client
-
-[32-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[32-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-32]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[33-version-negotiation]
-ssl_conf = 33-version-negotiation-ssl
-
-[33-version-negotiation-ssl]
-server = 33-version-negotiation-server
-client = 33-version-negotiation-client
-
-[33-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[33-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-33]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[34-version-negotiation]
-ssl_conf = 34-version-negotiation-ssl
-
-[34-version-negotiation-ssl]
-server = 34-version-negotiation-server
-client = 34-version-negotiation-client
-
-[34-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[34-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-34]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[35-version-negotiation]
-ssl_conf = 35-version-negotiation-ssl
-
-[35-version-negotiation-ssl]
-server = 35-version-negotiation-server
-client = 35-version-negotiation-client
-
-[35-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[35-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-35]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[36-version-negotiation]
-ssl_conf = 36-version-negotiation-ssl
-
-[36-version-negotiation-ssl]
-server = 36-version-negotiation-server
-client = 36-version-negotiation-client
-
-[36-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[36-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-36]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[37-version-negotiation]
-ssl_conf = 37-version-negotiation-ssl
-
-[37-version-negotiation-ssl]
-server = 37-version-negotiation-server
-client = 37-version-negotiation-client
-
-[37-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[37-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-37]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[38-version-negotiation]
-ssl_conf = 38-version-negotiation-ssl
-
-[38-version-negotiation-ssl]
-server = 38-version-negotiation-server
-client = 38-version-negotiation-client
-
-[38-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[38-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-38]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[39-version-negotiation]
-ssl_conf = 39-version-negotiation-ssl
-
-[39-version-negotiation-ssl]
-server = 39-version-negotiation-server
-client = 39-version-negotiation-client
-
-[39-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[39-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-39]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[40-version-negotiation]
-ssl_conf = 40-version-negotiation-ssl
-
-[40-version-negotiation-ssl]
-server = 40-version-negotiation-server
-client = 40-version-negotiation-client
-
-[40-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[40-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-40]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[41-version-negotiation]
-ssl_conf = 41-version-negotiation-ssl
-
-[41-version-negotiation-ssl]
-server = 41-version-negotiation-server
-client = 41-version-negotiation-client
-
-[41-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[41-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-41]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[42-version-negotiation]
-ssl_conf = 42-version-negotiation-ssl
-
-[42-version-negotiation-ssl]
-server = 42-version-negotiation-server
-client = 42-version-negotiation-client
-
-[42-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[42-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-42]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[43-version-negotiation]
-ssl_conf = 43-version-negotiation-ssl
-
-[43-version-negotiation-ssl]
-server = 43-version-negotiation-server
-client = 43-version-negotiation-client
-
-[43-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[43-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-43]
-ExpectedProtocol = DTLSv1
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[44-version-negotiation]
-ssl_conf = 44-version-negotiation-ssl
-
-[44-version-negotiation-ssl]
-server = 44-version-negotiation-server
-client = 44-version-negotiation-client
-
-[44-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[44-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-44]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[45-version-negotiation]
-ssl_conf = 45-version-negotiation-ssl
-
-[45-version-negotiation-ssl]
-server = 45-version-negotiation-server
-client = 45-version-negotiation-client
-
-[45-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[45-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-45]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[46-version-negotiation]
-ssl_conf = 46-version-negotiation-ssl
-
-[46-version-negotiation-ssl]
-server = 46-version-negotiation-server
-client = 46-version-negotiation-client
-
-[46-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[46-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-46]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[47-version-negotiation]
-ssl_conf = 47-version-negotiation-ssl
-
-[47-version-negotiation-ssl]
-server = 47-version-negotiation-server
-client = 47-version-negotiation-client
-
-[47-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[47-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-47]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[48-version-negotiation]
-ssl_conf = 48-version-negotiation-ssl
-
-[48-version-negotiation-ssl]
-server = 48-version-negotiation-server
-client = 48-version-negotiation-client
-
-[48-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[48-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-48]
-ExpectedResult = ClientFail
-Method = DTLS
-
-
-# ===========================================================
-
-[49-version-negotiation]
-ssl_conf = 49-version-negotiation-ssl
-
-[49-version-negotiation-ssl]
-server = 49-version-negotiation-server
-client = 49-version-negotiation-client
-
-[49-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[49-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-49]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[50-version-negotiation]
-ssl_conf = 50-version-negotiation-ssl
-
-[50-version-negotiation-ssl]
-server = 50-version-negotiation-server
-client = 50-version-negotiation-client
-
-[50-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[50-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-50]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[51-version-negotiation]
-ssl_conf = 51-version-negotiation-ssl
-
-[51-version-negotiation-ssl]
-server = 51-version-negotiation-server
-client = 51-version-negotiation-client
-
-[51-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[51-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-51]
-ExpectedResult = ClientFail
-Method = DTLS
-
-
-# ===========================================================
-
-[52-version-negotiation]
-ssl_conf = 52-version-negotiation-ssl
-
-[52-version-negotiation-ssl]
-server = 52-version-negotiation-server
-client = 52-version-negotiation-client
-
-[52-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[52-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-52]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[53-version-negotiation]
-ssl_conf = 53-version-negotiation-ssl
-
-[53-version-negotiation-ssl]
-server = 53-version-negotiation-server
-client = 53-version-negotiation-client
-
-[53-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[53-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-53]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[54-version-negotiation]
-ssl_conf = 54-version-negotiation-ssl
-
-[54-version-negotiation-ssl]
-server = 54-version-negotiation-server
-client = 54-version-negotiation-client
-
-[54-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[54-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-54]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[55-version-negotiation]
-ssl_conf = 55-version-negotiation-ssl
-
-[55-version-negotiation-ssl]
-server = 55-version-negotiation-server
-client = 55-version-negotiation-client
-
-[55-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[55-version-negotiation-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-55]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[56-version-negotiation]
-ssl_conf = 56-version-negotiation-ssl
-
-[56-version-negotiation-ssl]
-server = 56-version-negotiation-server
-client = 56-version-negotiation-client
-
-[56-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[56-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-56]
-ExpectedResult = ClientFail
-Method = DTLS
-
-
-# ===========================================================
-
-[57-version-negotiation]
-ssl_conf = 57-version-negotiation-ssl
-
-[57-version-negotiation-ssl]
-server = 57-version-negotiation-server
-client = 57-version-negotiation-client
-
-[57-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[57-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-57]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[58-version-negotiation]
-ssl_conf = 58-version-negotiation-ssl
-
-[58-version-negotiation-ssl]
-server = 58-version-negotiation-server
-client = 58-version-negotiation-client
-
-[58-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[58-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-58]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[59-version-negotiation]
-ssl_conf = 59-version-negotiation-ssl
-
-[59-version-negotiation-ssl]
-server = 59-version-negotiation-server
-client = 59-version-negotiation-client
-
-[59-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[59-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-59]
-ExpectedResult = ClientFail
-Method = DTLS
-
-
-# ===========================================================
-
-[60-version-negotiation]
-ssl_conf = 60-version-negotiation-ssl
-
-[60-version-negotiation-ssl]
-server = 60-version-negotiation-server
-client = 60-version-negotiation-client
-
-[60-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[60-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-60]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[61-version-negotiation]
-ssl_conf = 61-version-negotiation-ssl
-
-[61-version-negotiation-ssl]
-server = 61-version-negotiation-server
-client = 61-version-negotiation-client
-
-[61-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = DTLSv1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[61-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-61]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[62-version-negotiation]
-ssl_conf = 62-version-negotiation-ssl
-
-[62-version-negotiation-ssl]
-server = 62-version-negotiation-server
-client = 62-version-negotiation-client
-
-[62-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[62-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-62]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
-# ===========================================================
-
-[63-version-negotiation]
-ssl_conf = 63-version-negotiation-ssl
-
-[63-version-negotiation-ssl]
-server = 63-version-negotiation-server
-client = 63-version-negotiation-client
-
-[63-version-negotiation-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MinProtocol = DTLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[63-version-negotiation-client]
-CipherString = DEFAULT
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-63]
-ExpectedProtocol = DTLSv1.2
-ExpectedResult = Success
-Method = DTLS
-
-
diff --git a/test/ssl-tests/07-dtls-protocol-version.conf.in b/test/ssl-tests/07-dtls-protocol-version.conf.in

deleted file mode 100644 (file)

index 2a53433..0000000
--- a/test/ssl-tests/07-dtls-protocol-version.conf.in
+++ /dev/null
@@ -1,19 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test DTLS version negotiation
-
-package ssltests;
-
-use strict;
-use warnings;
-
-use protocol_version;
-
-our @tests = generate_version_tests("DTLS");
diff --git a/test/ssl-tests/08-npn.cnf b/test/ssl-tests/08-npn.cnf

new file mode 100644 (file)

index 0000000..f38b3f6
--- /dev/null
+++ b/test/ssl-tests/08-npn.cnf
@@ -0,0 +1,816 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 20
+
+test-0 = 0-npn-simple
+test-1 = 1-npn-client-finds-match
+test-2 = 2-npn-client-honours-server-pref
+test-3 = 3-npn-client-first-pref-on-mismatch
+test-4 = 4-npn-no-server-support
+test-5 = 5-npn-no-client-support
+test-6 = 6-npn-with-sni-no-context-switch
+test-7 = 7-npn-with-sni-context-switch
+test-8 = 8-npn-selected-sni-server-supports-npn
+test-9 = 9-npn-selected-sni-server-does-not-support-npn
+test-10 = 10-alpn-preferred-over-npn
+test-11 = 11-sni-npn-preferred-over-alpn
+test-12 = 12-npn-simple-resumption
+test-13 = 13-npn-server-switch-resumption
+test-14 = 14-npn-client-switch-resumption
+test-15 = 15-npn-client-first-pref-on-mismatch-resumption
+test-16 = 16-npn-no-server-support-resumption
+test-17 = 17-npn-no-client-support-resumption
+test-18 = 18-alpn-preferred-over-npn-resumption
+test-19 = 19-npn-used-if-alpn-not-supported-resumption
+# ===========================================================
+
+[0-npn-simple]
+ssl_conf = 0-npn-simple-ssl
+
+[0-npn-simple-ssl]
+server = 0-npn-simple-server
+client = 0-npn-simple-client
+
+[0-npn-simple-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-npn-simple-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedNPNProtocol = foo
+server = 0-npn-simple-server-extra
+client = 0-npn-simple-client-extra
+
+[0-npn-simple-server-extra]
+NPNProtocols = foo
+
+[0-npn-simple-client-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[1-npn-client-finds-match]
+ssl_conf = 1-npn-client-finds-match-ssl
+
+[1-npn-client-finds-match-ssl]
+server = 1-npn-client-finds-match-server
+client = 1-npn-client-finds-match-client
+
+[1-npn-client-finds-match-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-npn-client-finds-match-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedNPNProtocol = bar
+server = 1-npn-client-finds-match-server-extra
+client = 1-npn-client-finds-match-client-extra
+
+[1-npn-client-finds-match-server-extra]
+NPNProtocols = baz,bar
+
+[1-npn-client-finds-match-client-extra]
+NPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[2-npn-client-honours-server-pref]
+ssl_conf = 2-npn-client-honours-server-pref-ssl
+
+[2-npn-client-honours-server-pref-ssl]
+server = 2-npn-client-honours-server-pref-server
+client = 2-npn-client-honours-server-pref-client
+
+[2-npn-client-honours-server-pref-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-npn-client-honours-server-pref-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedNPNProtocol = bar
+server = 2-npn-client-honours-server-pref-server-extra
+client = 2-npn-client-honours-server-pref-client-extra
+
+[2-npn-client-honours-server-pref-server-extra]
+NPNProtocols = bar,foo
+
+[2-npn-client-honours-server-pref-client-extra]
+NPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[3-npn-client-first-pref-on-mismatch]
+ssl_conf = 3-npn-client-first-pref-on-mismatch-ssl
+
+[3-npn-client-first-pref-on-mismatch-ssl]
+server = 3-npn-client-first-pref-on-mismatch-server
+client = 3-npn-client-first-pref-on-mismatch-client
+
+[3-npn-client-first-pref-on-mismatch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-npn-client-first-pref-on-mismatch-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedNPNProtocol = foo
+server = 3-npn-client-first-pref-on-mismatch-server-extra
+client = 3-npn-client-first-pref-on-mismatch-client-extra
+
+[3-npn-client-first-pref-on-mismatch-server-extra]
+NPNProtocols = baz
+
+[3-npn-client-first-pref-on-mismatch-client-extra]
+NPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[4-npn-no-server-support]
+ssl_conf = 4-npn-no-server-support-ssl
+
+[4-npn-no-server-support-ssl]
+server = 4-npn-no-server-support-server
+client = 4-npn-no-server-support-client
+
+[4-npn-no-server-support-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-npn-no-server-support-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+client = 4-npn-no-server-support-client-extra
+
+[4-npn-no-server-support-client-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[5-npn-no-client-support]
+ssl_conf = 5-npn-no-client-support-ssl
+
+[5-npn-no-client-support-ssl]
+server = 5-npn-no-client-support-server
+client = 5-npn-no-client-support-client
+
+[5-npn-no-client-support-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-npn-no-client-support-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+server = 5-npn-no-client-support-server-extra
+
+[5-npn-no-client-support-server-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[6-npn-with-sni-no-context-switch]
+ssl_conf = 6-npn-with-sni-no-context-switch-ssl
+
+[6-npn-with-sni-no-context-switch-ssl]
+server = 6-npn-with-sni-no-context-switch-server
+client = 6-npn-with-sni-no-context-switch-client
+server2 = 6-npn-with-sni-no-context-switch-server2
+
+[6-npn-with-sni-no-context-switch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-npn-with-sni-no-context-switch-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-npn-with-sni-no-context-switch-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedNPNProtocol = foo
+ExpectedServerName = server1
+server = 6-npn-with-sni-no-context-switch-server-extra
+server2 = 6-npn-with-sni-no-context-switch-server2-extra
+client = 6-npn-with-sni-no-context-switch-client-extra
+
+[6-npn-with-sni-no-context-switch-server-extra]
+NPNProtocols = foo
+ServerNameCallback = IgnoreMismatch
+
+[6-npn-with-sni-no-context-switch-server2-extra]
+NPNProtocols = bar
+
+[6-npn-with-sni-no-context-switch-client-extra]
+NPNProtocols = foo,bar
+ServerName = server1
+
+
+# ===========================================================
+
+[7-npn-with-sni-context-switch]
+ssl_conf = 7-npn-with-sni-context-switch-ssl
+
+[7-npn-with-sni-context-switch-ssl]
+server = 7-npn-with-sni-context-switch-server
+client = 7-npn-with-sni-context-switch-client
+server2 = 7-npn-with-sni-context-switch-server2
+
+[7-npn-with-sni-context-switch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-npn-with-sni-context-switch-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-npn-with-sni-context-switch-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedNPNProtocol = bar
+ExpectedServerName = server2
+server = 7-npn-with-sni-context-switch-server-extra
+server2 = 7-npn-with-sni-context-switch-server2-extra
+client = 7-npn-with-sni-context-switch-client-extra
+
+[7-npn-with-sni-context-switch-server-extra]
+NPNProtocols = foo
+ServerNameCallback = IgnoreMismatch
+
+[7-npn-with-sni-context-switch-server2-extra]
+NPNProtocols = bar
+
+[7-npn-with-sni-context-switch-client-extra]
+NPNProtocols = foo,bar
+ServerName = server2
+
+
+# ===========================================================
+
+[8-npn-selected-sni-server-supports-npn]
+ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl
+
+[8-npn-selected-sni-server-supports-npn-ssl]
+server = 8-npn-selected-sni-server-supports-npn-server
+client = 8-npn-selected-sni-server-supports-npn-client
+server2 = 8-npn-selected-sni-server-supports-npn-server2
+
+[8-npn-selected-sni-server-supports-npn-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-npn-selected-sni-server-supports-npn-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-npn-selected-sni-server-supports-npn-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedNPNProtocol = bar
+ExpectedServerName = server2
+server = 8-npn-selected-sni-server-supports-npn-server-extra
+server2 = 8-npn-selected-sni-server-supports-npn-server2-extra
+client = 8-npn-selected-sni-server-supports-npn-client-extra
+
+[8-npn-selected-sni-server-supports-npn-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[8-npn-selected-sni-server-supports-npn-server2-extra]
+NPNProtocols = bar
+
+[8-npn-selected-sni-server-supports-npn-client-extra]
+NPNProtocols = foo,bar
+ServerName = server2
+
+
+# ===========================================================
+
+[9-npn-selected-sni-server-does-not-support-npn]
+ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl
+
+[9-npn-selected-sni-server-does-not-support-npn-ssl]
+server = 9-npn-selected-sni-server-does-not-support-npn-server
+client = 9-npn-selected-sni-server-does-not-support-npn-client
+server2 = 9-npn-selected-sni-server-does-not-support-npn-server2
+
+[9-npn-selected-sni-server-does-not-support-npn-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-npn-selected-sni-server-does-not-support-npn-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-npn-selected-sni-server-does-not-support-npn-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedServerName = server2
+server = 9-npn-selected-sni-server-does-not-support-npn-server-extra
+client = 9-npn-selected-sni-server-does-not-support-npn-client-extra
+
+[9-npn-selected-sni-server-does-not-support-npn-server-extra]
+NPNProtocols = bar
+ServerNameCallback = IgnoreMismatch
+
+[9-npn-selected-sni-server-does-not-support-npn-client-extra]
+NPNProtocols = foo,bar
+ServerName = server2
+
+
+# ===========================================================
+
+[10-alpn-preferred-over-npn]
+ssl_conf = 10-alpn-preferred-over-npn-ssl
+
+[10-alpn-preferred-over-npn-ssl]
+server = 10-alpn-preferred-over-npn-server
+client = 10-alpn-preferred-over-npn-client
+
+[10-alpn-preferred-over-npn-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-alpn-preferred-over-npn-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedALPNProtocol = foo
+server = 10-alpn-preferred-over-npn-server-extra
+client = 10-alpn-preferred-over-npn-client-extra
+
+[10-alpn-preferred-over-npn-server-extra]
+ALPNProtocols = foo
+NPNProtocols = bar
+
+[10-alpn-preferred-over-npn-client-extra]
+ALPNProtocols = foo
+NPNProtocols = bar
+
+
+# ===========================================================
+
+[11-sni-npn-preferred-over-alpn]
+ssl_conf = 11-sni-npn-preferred-over-alpn-ssl
+
+[11-sni-npn-preferred-over-alpn-ssl]
+server = 11-sni-npn-preferred-over-alpn-server
+client = 11-sni-npn-preferred-over-alpn-client
+server2 = 11-sni-npn-preferred-over-alpn-server2
+
+[11-sni-npn-preferred-over-alpn-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-sni-npn-preferred-over-alpn-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-sni-npn-preferred-over-alpn-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedNPNProtocol = bar
+ExpectedServerName = server2
+server = 11-sni-npn-preferred-over-alpn-server-extra
+server2 = 11-sni-npn-preferred-over-alpn-server2-extra
+client = 11-sni-npn-preferred-over-alpn-client-extra
+
+[11-sni-npn-preferred-over-alpn-server-extra]
+ALPNProtocols = foo
+ServerNameCallback = IgnoreMismatch
+
+[11-sni-npn-preferred-over-alpn-server2-extra]
+NPNProtocols = bar
+
+[11-sni-npn-preferred-over-alpn-client-extra]
+ALPNProtocols = foo
+NPNProtocols = bar
+ServerName = server2
+
+
+# ===========================================================
+
+[12-npn-simple-resumption]
+ssl_conf = 12-npn-simple-resumption-ssl
+
+[12-npn-simple-resumption-ssl]
+server = 12-npn-simple-resumption-server
+client = 12-npn-simple-resumption-client
+resume-server = 12-npn-simple-resumption-server
+resume-client = 12-npn-simple-resumption-client
+
+[12-npn-simple-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-npn-simple-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedNPNProtocol = foo
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 12-npn-simple-resumption-server-extra
+resume-server = 12-npn-simple-resumption-server-extra
+client = 12-npn-simple-resumption-client-extra
+resume-client = 12-npn-simple-resumption-client-extra
+
+[12-npn-simple-resumption-server-extra]
+NPNProtocols = foo
+
+[12-npn-simple-resumption-client-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[13-npn-server-switch-resumption]
+ssl_conf = 13-npn-server-switch-resumption-ssl
+
+[13-npn-server-switch-resumption-ssl]
+server = 13-npn-server-switch-resumption-server
+client = 13-npn-server-switch-resumption-client
+resume-server = 13-npn-server-switch-resumption-resume-server
+resume-client = 13-npn-server-switch-resumption-client
+
+[13-npn-server-switch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-npn-server-switch-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-npn-server-switch-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedNPNProtocol = baz
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 13-npn-server-switch-resumption-server-extra
+resume-server = 13-npn-server-switch-resumption-resume-server-extra
+client = 13-npn-server-switch-resumption-client-extra
+resume-client = 13-npn-server-switch-resumption-client-extra
+
+[13-npn-server-switch-resumption-server-extra]
+NPNProtocols = bar,foo
+
+[13-npn-server-switch-resumption-resume-server-extra]
+NPNProtocols = baz,foo
+
+[13-npn-server-switch-resumption-client-extra]
+NPNProtocols = foo,bar,baz
+
+
+# ===========================================================
+
+[14-npn-client-switch-resumption]
+ssl_conf = 14-npn-client-switch-resumption-ssl
+
+[14-npn-client-switch-resumption-ssl]
+server = 14-npn-client-switch-resumption-server
+client = 14-npn-client-switch-resumption-client
+resume-server = 14-npn-client-switch-resumption-server
+resume-client = 14-npn-client-switch-resumption-resume-client
+
+[14-npn-client-switch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-npn-client-switch-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[14-npn-client-switch-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedNPNProtocol = bar
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 14-npn-client-switch-resumption-server-extra
+resume-server = 14-npn-client-switch-resumption-server-extra
+client = 14-npn-client-switch-resumption-client-extra
+resume-client = 14-npn-client-switch-resumption-resume-client-extra
+
+[14-npn-client-switch-resumption-server-extra]
+NPNProtocols = foo,bar,baz
+
+[14-npn-client-switch-resumption-client-extra]
+NPNProtocols = foo,baz
+
+[14-npn-client-switch-resumption-resume-client-extra]
+NPNProtocols = bar,baz
+
+
+# ===========================================================
+
+[15-npn-client-first-pref-on-mismatch-resumption]
+ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl
+
+[15-npn-client-first-pref-on-mismatch-resumption-ssl]
+server = 15-npn-client-first-pref-on-mismatch-resumption-server
+client = 15-npn-client-first-pref-on-mismatch-resumption-client
+resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server
+resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client
+
+[15-npn-client-first-pref-on-mismatch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-npn-client-first-pref-on-mismatch-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-npn-client-first-pref-on-mismatch-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedNPNProtocol = foo
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra
+resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra
+client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra
+resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra
+
+[15-npn-client-first-pref-on-mismatch-resumption-server-extra]
+NPNProtocols = bar
+
+[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra]
+NPNProtocols = baz
+
+[15-npn-client-first-pref-on-mismatch-resumption-client-extra]
+NPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[16-npn-no-server-support-resumption]
+ssl_conf = 16-npn-no-server-support-resumption-ssl
+
+[16-npn-no-server-support-resumption-ssl]
+server = 16-npn-no-server-support-resumption-server
+client = 16-npn-no-server-support-resumption-client
+resume-server = 16-npn-no-server-support-resumption-resume-server
+resume-client = 16-npn-no-server-support-resumption-client
+
+[16-npn-no-server-support-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-npn-no-server-support-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-npn-no-server-support-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 16-npn-no-server-support-resumption-server-extra
+client = 16-npn-no-server-support-resumption-client-extra
+resume-client = 16-npn-no-server-support-resumption-client-extra
+
+[16-npn-no-server-support-resumption-server-extra]
+NPNProtocols = foo
+
+[16-npn-no-server-support-resumption-client-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[17-npn-no-client-support-resumption]
+ssl_conf = 17-npn-no-client-support-resumption-ssl
+
+[17-npn-no-client-support-resumption-ssl]
+server = 17-npn-no-client-support-resumption-server
+client = 17-npn-no-client-support-resumption-client
+resume-server = 17-npn-no-client-support-resumption-server
+resume-client = 17-npn-no-client-support-resumption-resume-client
+
+[17-npn-no-client-support-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-npn-no-client-support-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[17-npn-no-client-support-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 17-npn-no-client-support-resumption-server-extra
+resume-server = 17-npn-no-client-support-resumption-server-extra
+client = 17-npn-no-client-support-resumption-client-extra
+
+[17-npn-no-client-support-resumption-server-extra]
+NPNProtocols = foo
+
+[17-npn-no-client-support-resumption-client-extra]
+NPNProtocols = foo
+
+
+# ===========================================================
+
+[18-alpn-preferred-over-npn-resumption]
+ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl
+
+[18-alpn-preferred-over-npn-resumption-ssl]
+server = 18-alpn-preferred-over-npn-resumption-server
+client = 18-alpn-preferred-over-npn-resumption-client
+resume-server = 18-alpn-preferred-over-npn-resumption-resume-server
+resume-client = 18-alpn-preferred-over-npn-resumption-client
+
+[18-alpn-preferred-over-npn-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-alpn-preferred-over-npn-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-alpn-preferred-over-npn-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ExpectedALPNProtocol = foo
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 18-alpn-preferred-over-npn-resumption-server-extra
+resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra
+client = 18-alpn-preferred-over-npn-resumption-client-extra
+resume-client = 18-alpn-preferred-over-npn-resumption-client-extra
+
+[18-alpn-preferred-over-npn-resumption-server-extra]
+NPNProtocols = bar
+
+[18-alpn-preferred-over-npn-resumption-resume-server-extra]
+ALPNProtocols = foo
+NPNProtocols = baz
+
+[18-alpn-preferred-over-npn-resumption-client-extra]
+ALPNProtocols = foo
+NPNProtocols = bar,baz
+
+
+# ===========================================================
+
+[19-npn-used-if-alpn-not-supported-resumption]
+ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl
+
+[19-npn-used-if-alpn-not-supported-resumption-ssl]
+server = 19-npn-used-if-alpn-not-supported-resumption-server
+client = 19-npn-used-if-alpn-not-supported-resumption-client
+resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server
+resume-client = 19-npn-used-if-alpn-not-supported-resumption-client
+
+[19-npn-used-if-alpn-not-supported-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-npn-used-if-alpn-not-supported-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-npn-used-if-alpn-not-supported-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+ExpectedNPNProtocol = baz
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 19-npn-used-if-alpn-not-supported-resumption-server-extra
+resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra
+client = 19-npn-used-if-alpn-not-supported-resumption-client-extra
+resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra
+
+[19-npn-used-if-alpn-not-supported-resumption-server-extra]
+ALPNProtocols = foo
+NPNProtocols = bar
+
+[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra]
+NPNProtocols = baz
+
+[19-npn-used-if-alpn-not-supported-resumption-client-extra]
+ALPNProtocols = foo
+NPNProtocols = bar,baz
+
+
diff --git a/test/ssl-tests/08-npn.cnf.in b/test/ssl-tests/08-npn.cnf.in

new file mode 100644 (file)

index 0000000..aec6b7a
--- /dev/null
+++ b/test/ssl-tests/08-npn.cnf.in
@@ -0,0 +1,443 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test NPN. Note that NPN is only supported up to TLSv1.2
+
+use strict;
+use warnings;
+
+package ssltests;
+
+our @tests = (
+    {
+        name => "npn-simple",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "ExpectedNPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "npn-client-finds-match",
+        server => {
+            extra => {
+                "NPNProtocols" => "baz,bar",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "ExpectedNPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "npn-client-honours-server-pref",
+        server => {
+            extra => {
+                "NPNProtocols" => "bar,foo",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "ExpectedNPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "npn-client-first-pref-on-mismatch",
+        server => {
+            extra => {
+                "NPNProtocols" => "baz",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "ExpectedNPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "npn-no-server-support",
+        server => {},
+        client => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "npn-no-client-support",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        client => {
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "npn-with-sni-no-context-switch",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        server2 => {
+            extra => {
+                "NPNProtocols" => "bar",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+                "ServerName" => "server1",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "ExpectedServerName" => "server1",
+            "ExpectedNPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "npn-with-sni-context-switch",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        server2 => {
+            extra => {
+                "NPNProtocols" => "bar",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+                "ServerName" => "server2",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "ExpectedServerName" => "server2",
+            "ExpectedNPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "npn-selected-sni-server-supports-npn",
+        server => {
+            extra => {
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        server2 => {
+            extra => {
+                "NPNProtocols" => "bar",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+                "ServerName" => "server2",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "ExpectedServerName" => "server2",
+            "ExpectedNPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "npn-selected-sni-server-does-not-support-npn",
+        server => {
+            extra => {
+                "NPNProtocols" => "bar",
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        server2 => { },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+                "ServerName" => "server2",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+             "ExpectedServerName" => "server2",
+             "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "alpn-preferred-over-npn",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "bar",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "bar",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "ExpectedALPNProtocol" => "foo",
+            "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "sni-npn-preferred-over-alpn",
+        server => {
+            extra => {
+                "ServerNameCallback" => "IgnoreMismatch",
+                "ALPNProtocols" => "foo",
+            },
+        },
+        server2 => {
+            extra => {
+                "NPNProtocols" => "bar",
+            },
+        },
+        client => {
+            extra => {
+                "ServerName" => "server2",
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "bar",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "ExpectedALPNProtocol" => undef,
+            "ExpectedNPNProtocol" => "bar",
+            "ExpectedServerName" => "server2",  
+        },
+    },
+    {
+        name => "npn-simple-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "npn-server-switch-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "bar,foo",
+            },
+        },
+        resume_server => {
+            extra => {
+                "NPNProtocols" => "baz,foo",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar,baz",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => "baz",
+        },
+    },
+    {
+        name => "npn-client-switch-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo,bar,baz",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,baz",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        resume_client => {
+            extra => {
+                "NPNProtocols" => "bar,baz",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "npn-client-first-pref-on-mismatch-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "bar",
+            },
+        },
+        resume_server => {
+            extra => {
+                "NPNProtocols" => "baz",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo,bar",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "npn-no-server-support-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        resume_server => { },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "npn-no-client-support-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+        },
+        client => {
+            extra => {
+                "NPNProtocols" => "foo",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        resume_client => {
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "alpn-preferred-over-npn-resumption",
+        server => {
+            extra => {
+                "NPNProtocols" => "bar",
+            },
+        },
+        resume_server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "baz",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "bar,baz",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => "foo",
+            "ExpectedNPNProtocol" => undef,
+        },
+    },
+    {
+        name => "npn-used-if-alpn-not-supported-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "bar",
+            },
+        },
+        resume_server => {
+            extra => {
+                "NPNProtocols" => "baz",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "NPNProtocols" => "bar,baz",
+            },
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => undef,
+            "ExpectedNPNProtocol" => "baz",
+        },
+    },
+);
diff --git a/test/ssl-tests/08-npn.conf b/test/ssl-tests/08-npn.conf

deleted file mode 100644 (file)

index f38b3f6..0000000
--- a/test/ssl-tests/08-npn.conf
+++ /dev/null
@@ -1,816 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 20
-
-test-0 = 0-npn-simple
-test-1 = 1-npn-client-finds-match
-test-2 = 2-npn-client-honours-server-pref
-test-3 = 3-npn-client-first-pref-on-mismatch
-test-4 = 4-npn-no-server-support
-test-5 = 5-npn-no-client-support
-test-6 = 6-npn-with-sni-no-context-switch
-test-7 = 7-npn-with-sni-context-switch
-test-8 = 8-npn-selected-sni-server-supports-npn
-test-9 = 9-npn-selected-sni-server-does-not-support-npn
-test-10 = 10-alpn-preferred-over-npn
-test-11 = 11-sni-npn-preferred-over-alpn
-test-12 = 12-npn-simple-resumption
-test-13 = 13-npn-server-switch-resumption
-test-14 = 14-npn-client-switch-resumption
-test-15 = 15-npn-client-first-pref-on-mismatch-resumption
-test-16 = 16-npn-no-server-support-resumption
-test-17 = 17-npn-no-client-support-resumption
-test-18 = 18-alpn-preferred-over-npn-resumption
-test-19 = 19-npn-used-if-alpn-not-supported-resumption
-# ===========================================================
-
-[0-npn-simple]
-ssl_conf = 0-npn-simple-ssl
-
-[0-npn-simple-ssl]
-server = 0-npn-simple-server
-client = 0-npn-simple-client
-
-[0-npn-simple-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-npn-simple-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedNPNProtocol = foo
-server = 0-npn-simple-server-extra
-client = 0-npn-simple-client-extra
-
-[0-npn-simple-server-extra]
-NPNProtocols = foo
-
-[0-npn-simple-client-extra]
-NPNProtocols = foo
-
-
-# ===========================================================
-
-[1-npn-client-finds-match]
-ssl_conf = 1-npn-client-finds-match-ssl
-
-[1-npn-client-finds-match-ssl]
-server = 1-npn-client-finds-match-server
-client = 1-npn-client-finds-match-client
-
-[1-npn-client-finds-match-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-npn-client-finds-match-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedNPNProtocol = bar
-server = 1-npn-client-finds-match-server-extra
-client = 1-npn-client-finds-match-client-extra
-
-[1-npn-client-finds-match-server-extra]
-NPNProtocols = baz,bar
-
-[1-npn-client-finds-match-client-extra]
-NPNProtocols = foo,bar
-
-
-# ===========================================================
-
-[2-npn-client-honours-server-pref]
-ssl_conf = 2-npn-client-honours-server-pref-ssl
-
-[2-npn-client-honours-server-pref-ssl]
-server = 2-npn-client-honours-server-pref-server
-client = 2-npn-client-honours-server-pref-client
-
-[2-npn-client-honours-server-pref-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-npn-client-honours-server-pref-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedNPNProtocol = bar
-server = 2-npn-client-honours-server-pref-server-extra
-client = 2-npn-client-honours-server-pref-client-extra
-
-[2-npn-client-honours-server-pref-server-extra]
-NPNProtocols = bar,foo
-
-[2-npn-client-honours-server-pref-client-extra]
-NPNProtocols = foo,bar
-
-
-# ===========================================================
-
-[3-npn-client-first-pref-on-mismatch]
-ssl_conf = 3-npn-client-first-pref-on-mismatch-ssl
-
-[3-npn-client-first-pref-on-mismatch-ssl]
-server = 3-npn-client-first-pref-on-mismatch-server
-client = 3-npn-client-first-pref-on-mismatch-client
-
-[3-npn-client-first-pref-on-mismatch-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-npn-client-first-pref-on-mismatch-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedNPNProtocol = foo
-server = 3-npn-client-first-pref-on-mismatch-server-extra
-client = 3-npn-client-first-pref-on-mismatch-client-extra
-
-[3-npn-client-first-pref-on-mismatch-server-extra]
-NPNProtocols = baz
-
-[3-npn-client-first-pref-on-mismatch-client-extra]
-NPNProtocols = foo,bar
-
-
-# ===========================================================
-
-[4-npn-no-server-support]
-ssl_conf = 4-npn-no-server-support-ssl
-
-[4-npn-no-server-support-ssl]
-server = 4-npn-no-server-support-server
-client = 4-npn-no-server-support-client
-
-[4-npn-no-server-support-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-npn-no-server-support-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-client = 4-npn-no-server-support-client-extra
-
-[4-npn-no-server-support-client-extra]
-NPNProtocols = foo
-
-
-# ===========================================================
-
-[5-npn-no-client-support]
-ssl_conf = 5-npn-no-client-support-ssl
-
-[5-npn-no-client-support-ssl]
-server = 5-npn-no-client-support-server
-client = 5-npn-no-client-support-client
-
-[5-npn-no-client-support-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-npn-no-client-support-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-server = 5-npn-no-client-support-server-extra
-
-[5-npn-no-client-support-server-extra]
-NPNProtocols = foo
-
-
-# ===========================================================
-
-[6-npn-with-sni-no-context-switch]
-ssl_conf = 6-npn-with-sni-no-context-switch-ssl
-
-[6-npn-with-sni-no-context-switch-ssl]
-server = 6-npn-with-sni-no-context-switch-server
-client = 6-npn-with-sni-no-context-switch-client
-server2 = 6-npn-with-sni-no-context-switch-server2
-
-[6-npn-with-sni-no-context-switch-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-npn-with-sni-no-context-switch-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-npn-with-sni-no-context-switch-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ExpectedNPNProtocol = foo
-ExpectedServerName = server1
-server = 6-npn-with-sni-no-context-switch-server-extra
-server2 = 6-npn-with-sni-no-context-switch-server2-extra
-client = 6-npn-with-sni-no-context-switch-client-extra
-
-[6-npn-with-sni-no-context-switch-server-extra]
-NPNProtocols = foo
-ServerNameCallback = IgnoreMismatch
-
-[6-npn-with-sni-no-context-switch-server2-extra]
-NPNProtocols = bar
-
-[6-npn-with-sni-no-context-switch-client-extra]
-NPNProtocols = foo,bar
-ServerName = server1
-
-
-# ===========================================================
-
-[7-npn-with-sni-context-switch]
-ssl_conf = 7-npn-with-sni-context-switch-ssl
-
-[7-npn-with-sni-context-switch-ssl]
-server = 7-npn-with-sni-context-switch-server
-client = 7-npn-with-sni-context-switch-client
-server2 = 7-npn-with-sni-context-switch-server2
-
-[7-npn-with-sni-context-switch-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-npn-with-sni-context-switch-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-npn-with-sni-context-switch-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-ExpectedNPNProtocol = bar
-ExpectedServerName = server2
-server = 7-npn-with-sni-context-switch-server-extra
-server2 = 7-npn-with-sni-context-switch-server2-extra
-client = 7-npn-with-sni-context-switch-client-extra
-
-[7-npn-with-sni-context-switch-server-extra]
-NPNProtocols = foo
-ServerNameCallback = IgnoreMismatch
-
-[7-npn-with-sni-context-switch-server2-extra]
-NPNProtocols = bar
-
-[7-npn-with-sni-context-switch-client-extra]
-NPNProtocols = foo,bar
-ServerName = server2
-
-
-# ===========================================================
-
-[8-npn-selected-sni-server-supports-npn]
-ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl
-
-[8-npn-selected-sni-server-supports-npn-ssl]
-server = 8-npn-selected-sni-server-supports-npn-server
-client = 8-npn-selected-sni-server-supports-npn-client
-server2 = 8-npn-selected-sni-server-supports-npn-server2
-
-[8-npn-selected-sni-server-supports-npn-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-npn-selected-sni-server-supports-npn-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-npn-selected-sni-server-supports-npn-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-8]
-ExpectedNPNProtocol = bar
-ExpectedServerName = server2
-server = 8-npn-selected-sni-server-supports-npn-server-extra
-server2 = 8-npn-selected-sni-server-supports-npn-server2-extra
-client = 8-npn-selected-sni-server-supports-npn-client-extra
-
-[8-npn-selected-sni-server-supports-npn-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[8-npn-selected-sni-server-supports-npn-server2-extra]
-NPNProtocols = bar
-
-[8-npn-selected-sni-server-supports-npn-client-extra]
-NPNProtocols = foo,bar
-ServerName = server2
-
-
-# ===========================================================
-
-[9-npn-selected-sni-server-does-not-support-npn]
-ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl
-
-[9-npn-selected-sni-server-does-not-support-npn-ssl]
-server = 9-npn-selected-sni-server-does-not-support-npn-server
-client = 9-npn-selected-sni-server-does-not-support-npn-client
-server2 = 9-npn-selected-sni-server-does-not-support-npn-server2
-
-[9-npn-selected-sni-server-does-not-support-npn-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[9-npn-selected-sni-server-does-not-support-npn-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[9-npn-selected-sni-server-does-not-support-npn-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-9]
-ExpectedServerName = server2
-server = 9-npn-selected-sni-server-does-not-support-npn-server-extra
-client = 9-npn-selected-sni-server-does-not-support-npn-client-extra
-
-[9-npn-selected-sni-server-does-not-support-npn-server-extra]
-NPNProtocols = bar
-ServerNameCallback = IgnoreMismatch
-
-[9-npn-selected-sni-server-does-not-support-npn-client-extra]
-NPNProtocols = foo,bar
-ServerName = server2
-
-
-# ===========================================================
-
-[10-alpn-preferred-over-npn]
-ssl_conf = 10-alpn-preferred-over-npn-ssl
-
-[10-alpn-preferred-over-npn-ssl]
-server = 10-alpn-preferred-over-npn-server
-client = 10-alpn-preferred-over-npn-client
-
-[10-alpn-preferred-over-npn-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[10-alpn-preferred-over-npn-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-10]
-ExpectedALPNProtocol = foo
-server = 10-alpn-preferred-over-npn-server-extra
-client = 10-alpn-preferred-over-npn-client-extra
-
-[10-alpn-preferred-over-npn-server-extra]
-ALPNProtocols = foo
-NPNProtocols = bar
-
-[10-alpn-preferred-over-npn-client-extra]
-ALPNProtocols = foo
-NPNProtocols = bar
-
-
-# ===========================================================
-
-[11-sni-npn-preferred-over-alpn]
-ssl_conf = 11-sni-npn-preferred-over-alpn-ssl
-
-[11-sni-npn-preferred-over-alpn-ssl]
-server = 11-sni-npn-preferred-over-alpn-server
-client = 11-sni-npn-preferred-over-alpn-client
-server2 = 11-sni-npn-preferred-over-alpn-server2
-
-[11-sni-npn-preferred-over-alpn-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[11-sni-npn-preferred-over-alpn-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[11-sni-npn-preferred-over-alpn-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-11]
-ExpectedNPNProtocol = bar
-ExpectedServerName = server2
-server = 11-sni-npn-preferred-over-alpn-server-extra
-server2 = 11-sni-npn-preferred-over-alpn-server2-extra
-client = 11-sni-npn-preferred-over-alpn-client-extra
-
-[11-sni-npn-preferred-over-alpn-server-extra]
-ALPNProtocols = foo
-ServerNameCallback = IgnoreMismatch
-
-[11-sni-npn-preferred-over-alpn-server2-extra]
-NPNProtocols = bar
-
-[11-sni-npn-preferred-over-alpn-client-extra]
-ALPNProtocols = foo
-NPNProtocols = bar
-ServerName = server2
-
-
-# ===========================================================
-
-[12-npn-simple-resumption]
-ssl_conf = 12-npn-simple-resumption-ssl
-
-[12-npn-simple-resumption-ssl]
-server = 12-npn-simple-resumption-server
-client = 12-npn-simple-resumption-client
-resume-server = 12-npn-simple-resumption-server
-resume-client = 12-npn-simple-resumption-client
-
-[12-npn-simple-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[12-npn-simple-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-12]
-ExpectedNPNProtocol = foo
-HandshakeMode = Resume
-ResumptionExpected = Yes
-server = 12-npn-simple-resumption-server-extra
-resume-server = 12-npn-simple-resumption-server-extra
-client = 12-npn-simple-resumption-client-extra
-resume-client = 12-npn-simple-resumption-client-extra
-
-[12-npn-simple-resumption-server-extra]
-NPNProtocols = foo
-
-[12-npn-simple-resumption-client-extra]
-NPNProtocols = foo
-
-
-# ===========================================================
-
-[13-npn-server-switch-resumption]
-ssl_conf = 13-npn-server-switch-resumption-ssl
-
-[13-npn-server-switch-resumption-ssl]
-server = 13-npn-server-switch-resumption-server
-client = 13-npn-server-switch-resumption-client
-resume-server = 13-npn-server-switch-resumption-resume-server
-resume-client = 13-npn-server-switch-resumption-client
-
-[13-npn-server-switch-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[13-npn-server-switch-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[13-npn-server-switch-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-13]
-ExpectedNPNProtocol = baz
-HandshakeMode = Resume
-ResumptionExpected = Yes
-server = 13-npn-server-switch-resumption-server-extra
-resume-server = 13-npn-server-switch-resumption-resume-server-extra
-client = 13-npn-server-switch-resumption-client-extra
-resume-client = 13-npn-server-switch-resumption-client-extra
-
-[13-npn-server-switch-resumption-server-extra]
-NPNProtocols = bar,foo
-
-[13-npn-server-switch-resumption-resume-server-extra]
-NPNProtocols = baz,foo
-
-[13-npn-server-switch-resumption-client-extra]
-NPNProtocols = foo,bar,baz
-
-
-# ===========================================================
-
-[14-npn-client-switch-resumption]
-ssl_conf = 14-npn-client-switch-resumption-ssl
-
-[14-npn-client-switch-resumption-ssl]
-server = 14-npn-client-switch-resumption-server
-client = 14-npn-client-switch-resumption-client
-resume-server = 14-npn-client-switch-resumption-server
-resume-client = 14-npn-client-switch-resumption-resume-client
-
-[14-npn-client-switch-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[14-npn-client-switch-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[14-npn-client-switch-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-14]
-ExpectedNPNProtocol = bar
-HandshakeMode = Resume
-ResumptionExpected = Yes
-server = 14-npn-client-switch-resumption-server-extra
-resume-server = 14-npn-client-switch-resumption-server-extra
-client = 14-npn-client-switch-resumption-client-extra
-resume-client = 14-npn-client-switch-resumption-resume-client-extra
-
-[14-npn-client-switch-resumption-server-extra]
-NPNProtocols = foo,bar,baz
-
-[14-npn-client-switch-resumption-client-extra]
-NPNProtocols = foo,baz
-
-[14-npn-client-switch-resumption-resume-client-extra]
-NPNProtocols = bar,baz
-
-
-# ===========================================================
-
-[15-npn-client-first-pref-on-mismatch-resumption]
-ssl_conf = 15-npn-client-first-pref-on-mismatch-resumption-ssl
-
-[15-npn-client-first-pref-on-mismatch-resumption-ssl]
-server = 15-npn-client-first-pref-on-mismatch-resumption-server
-client = 15-npn-client-first-pref-on-mismatch-resumption-client
-resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server
-resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client
-
-[15-npn-client-first-pref-on-mismatch-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[15-npn-client-first-pref-on-mismatch-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[15-npn-client-first-pref-on-mismatch-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-15]
-ExpectedNPNProtocol = foo
-HandshakeMode = Resume
-ResumptionExpected = Yes
-server = 15-npn-client-first-pref-on-mismatch-resumption-server-extra
-resume-server = 15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra
-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra
-resume-client = 15-npn-client-first-pref-on-mismatch-resumption-client-extra
-
-[15-npn-client-first-pref-on-mismatch-resumption-server-extra]
-NPNProtocols = bar
-
-[15-npn-client-first-pref-on-mismatch-resumption-resume-server-extra]
-NPNProtocols = baz
-
-[15-npn-client-first-pref-on-mismatch-resumption-client-extra]
-NPNProtocols = foo,bar
-
-
-# ===========================================================
-
-[16-npn-no-server-support-resumption]
-ssl_conf = 16-npn-no-server-support-resumption-ssl
-
-[16-npn-no-server-support-resumption-ssl]
-server = 16-npn-no-server-support-resumption-server
-client = 16-npn-no-server-support-resumption-client
-resume-server = 16-npn-no-server-support-resumption-resume-server
-resume-client = 16-npn-no-server-support-resumption-client
-
-[16-npn-no-server-support-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[16-npn-no-server-support-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[16-npn-no-server-support-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-16]
-HandshakeMode = Resume
-ResumptionExpected = Yes
-server = 16-npn-no-server-support-resumption-server-extra
-client = 16-npn-no-server-support-resumption-client-extra
-resume-client = 16-npn-no-server-support-resumption-client-extra
-
-[16-npn-no-server-support-resumption-server-extra]
-NPNProtocols = foo
-
-[16-npn-no-server-support-resumption-client-extra]
-NPNProtocols = foo
-
-
-# ===========================================================
-
-[17-npn-no-client-support-resumption]
-ssl_conf = 17-npn-no-client-support-resumption-ssl
-
-[17-npn-no-client-support-resumption-ssl]
-server = 17-npn-no-client-support-resumption-server
-client = 17-npn-no-client-support-resumption-client
-resume-server = 17-npn-no-client-support-resumption-server
-resume-client = 17-npn-no-client-support-resumption-resume-client
-
-[17-npn-no-client-support-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[17-npn-no-client-support-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[17-npn-no-client-support-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-17]
-HandshakeMode = Resume
-ResumptionExpected = Yes
-server = 17-npn-no-client-support-resumption-server-extra
-resume-server = 17-npn-no-client-support-resumption-server-extra
-client = 17-npn-no-client-support-resumption-client-extra
-
-[17-npn-no-client-support-resumption-server-extra]
-NPNProtocols = foo
-
-[17-npn-no-client-support-resumption-client-extra]
-NPNProtocols = foo
-
-
-# ===========================================================
-
-[18-alpn-preferred-over-npn-resumption]
-ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl
-
-[18-alpn-preferred-over-npn-resumption-ssl]
-server = 18-alpn-preferred-over-npn-resumption-server
-client = 18-alpn-preferred-over-npn-resumption-client
-resume-server = 18-alpn-preferred-over-npn-resumption-resume-server
-resume-client = 18-alpn-preferred-over-npn-resumption-client
-
-[18-alpn-preferred-over-npn-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[18-alpn-preferred-over-npn-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[18-alpn-preferred-over-npn-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-18]
-ExpectedALPNProtocol = foo
-HandshakeMode = Resume
-ResumptionExpected = Yes
-server = 18-alpn-preferred-over-npn-resumption-server-extra
-resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra
-client = 18-alpn-preferred-over-npn-resumption-client-extra
-resume-client = 18-alpn-preferred-over-npn-resumption-client-extra
-
-[18-alpn-preferred-over-npn-resumption-server-extra]
-NPNProtocols = bar
-
-[18-alpn-preferred-over-npn-resumption-resume-server-extra]
-ALPNProtocols = foo
-NPNProtocols = baz
-
-[18-alpn-preferred-over-npn-resumption-client-extra]
-ALPNProtocols = foo
-NPNProtocols = bar,baz
-
-
-# ===========================================================
-
-[19-npn-used-if-alpn-not-supported-resumption]
-ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl
-
-[19-npn-used-if-alpn-not-supported-resumption-ssl]
-server = 19-npn-used-if-alpn-not-supported-resumption-server
-client = 19-npn-used-if-alpn-not-supported-resumption-client
-resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server
-resume-client = 19-npn-used-if-alpn-not-supported-resumption-client
-
-[19-npn-used-if-alpn-not-supported-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[19-npn-used-if-alpn-not-supported-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[19-npn-used-if-alpn-not-supported-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-19]
-ExpectedNPNProtocol = baz
-HandshakeMode = Resume
-ResumptionExpected = Yes
-server = 19-npn-used-if-alpn-not-supported-resumption-server-extra
-resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra
-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra
-resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra
-
-[19-npn-used-if-alpn-not-supported-resumption-server-extra]
-ALPNProtocols = foo
-NPNProtocols = bar
-
-[19-npn-used-if-alpn-not-supported-resumption-resume-server-extra]
-NPNProtocols = baz
-
-[19-npn-used-if-alpn-not-supported-resumption-client-extra]
-ALPNProtocols = foo
-NPNProtocols = bar,baz
-
-
diff --git a/test/ssl-tests/08-npn.conf.in b/test/ssl-tests/08-npn.conf.in

deleted file mode 100644 (file)

index aec6b7a..0000000
--- a/test/ssl-tests/08-npn.conf.in
+++ /dev/null
@@ -1,443 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test NPN. Note that NPN is only supported up to TLSv1.2
-
-use strict;
-use warnings;
-
-package ssltests;
-
-our @tests = (
-    {
-        name => "npn-simple",
-        server => {
-            extra => {
-                "NPNProtocols" => "foo",
-            },
-        },
-        client => {
-            extra => {
-                "NPNProtocols" => "foo",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "ExpectedNPNProtocol" => "foo",
-        },
-    },
-    {
-        name => "npn-client-finds-match",
-        server => {
-            extra => {
-                "NPNProtocols" => "baz,bar",
-            },
-        },
-        client => {
-            extra => {
-                "NPNProtocols" => "foo,bar",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "ExpectedNPNProtocol" => "bar",
-        },
-    },
-    {
-        name => "npn-client-honours-server-pref",
-        server => {
-            extra => {
-                "NPNProtocols" => "bar,foo",
-            },
-        },
-        client => {
-            extra => {
-                "NPNProtocols" => "foo,bar",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "ExpectedNPNProtocol" => "bar",
-        },
-    },
-    {
-        name => "npn-client-first-pref-on-mismatch",
-        server => {
-            extra => {
-                "NPNProtocols" => "baz",
-            },
-        },
-        client => {
-            extra => {
-                "NPNProtocols" => "foo,bar",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "ExpectedNPNProtocol" => "foo",
-        },
-    },
-    {
-        name => "npn-no-server-support",
-        server => {},
-        client => {
-            extra => {
-                "NPNProtocols" => "foo",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "ExpectedNPNProtocol" => undef,
-        },
-    },
-    {
-        name => "npn-no-client-support",
-        server => {
-            extra => {
-                "NPNProtocols" => "foo",
-            },
-        },
-        client => {
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "ExpectedNPNProtocol" => undef,
-        },
-    },
-    {
-        name => "npn-with-sni-no-context-switch",
-        server => {
-            extra => {
-                "NPNProtocols" => "foo",
-                "ServerNameCallback" => "IgnoreMismatch",
-            },
-        },
-        server2 => {
-            extra => {
-                "NPNProtocols" => "bar",
-            },
-        },
-        client => {
-            extra => {
-                "NPNProtocols" => "foo,bar",
-                "ServerName" => "server1",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "ExpectedServerName" => "server1",
-            "ExpectedNPNProtocol" => "foo",
-        },
-    },
-    {
-        name => "npn-with-sni-context-switch",
-        server => {
-            extra => {
-                "NPNProtocols" => "foo",
-                "ServerNameCallback" => "IgnoreMismatch",
-            },
-        },
-        server2 => {
-            extra => {
-                "NPNProtocols" => "bar",
-            },
-        },
-        client => {
-            extra => {
-                "NPNProtocols" => "foo,bar",
-                "ServerName" => "server2",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "ExpectedServerName" => "server2",
-            "ExpectedNPNProtocol" => "bar",
-        },
-    },
-    {
-        name => "npn-selected-sni-server-supports-npn",
-        server => {
-            extra => {
-                "ServerNameCallback" => "IgnoreMismatch",
-            },
-        },
-        server2 => {
-            extra => {
-                "NPNProtocols" => "bar",
-            },
-        },
-        client => {
-            extra => {
-                "NPNProtocols" => "foo,bar",
-                "ServerName" => "server2",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "ExpectedServerName" => "server2",
-            "ExpectedNPNProtocol" => "bar",
-        },
-    },
-    {
-        name => "npn-selected-sni-server-does-not-support-npn",
-        server => {
-            extra => {
-                "NPNProtocols" => "bar",
-                "ServerNameCallback" => "IgnoreMismatch",
-            },
-        },
-        server2 => { },
-        client => {
-            extra => {
-                "NPNProtocols" => "foo,bar",
-                "ServerName" => "server2",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-             "ExpectedServerName" => "server2",
-             "ExpectedNPNProtocol" => undef,
-        },
-    },
-    {
-        name => "alpn-preferred-over-npn",
-        server => {
-            extra => {
-                "ALPNProtocols" => "foo",
-                "NPNProtocols" => "bar",
-            },
-        },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo",
-                "NPNProtocols" => "bar",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "ExpectedALPNProtocol" => "foo",
-            "ExpectedNPNProtocol" => undef,
-        },
-    },
-    {
-        name => "sni-npn-preferred-over-alpn",
-        server => {
-            extra => {
-                "ServerNameCallback" => "IgnoreMismatch",
-                "ALPNProtocols" => "foo",
-            },
-        },
-        server2 => {
-            extra => {
-                "NPNProtocols" => "bar",
-            },
-        },
-        client => {
-            extra => {
-                "ServerName" => "server2",
-                "ALPNProtocols" => "foo",
-                "NPNProtocols" => "bar",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "ExpectedALPNProtocol" => undef,
-            "ExpectedNPNProtocol" => "bar",
-            "ExpectedServerName" => "server2",  
-        },
-    },
-    {
-        name => "npn-simple-resumption",
-        server => {
-            extra => {
-                "NPNProtocols" => "foo",
-            },
-        },
-        client => {
-            extra => {
-                "NPNProtocols" => "foo",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "HandshakeMode" => "Resume",
-            "ResumptionExpected" => "Yes",
-            "ExpectedNPNProtocol" => "foo",
-        },
-    },
-    {
-        name => "npn-server-switch-resumption",
-        server => {
-            extra => {
-                "NPNProtocols" => "bar,foo",
-            },
-        },
-        resume_server => {
-            extra => {
-                "NPNProtocols" => "baz,foo",
-            },
-        },
-        client => {
-            extra => {
-                "NPNProtocols" => "foo,bar,baz",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "HandshakeMode" => "Resume",
-            "ResumptionExpected" => "Yes",
-            "ExpectedNPNProtocol" => "baz",
-        },
-    },
-    {
-        name => "npn-client-switch-resumption",
-        server => {
-            extra => {
-                "NPNProtocols" => "foo,bar,baz",
-            },
-        },
-        client => {
-            extra => {
-                "NPNProtocols" => "foo,baz",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        resume_client => {
-            extra => {
-                "NPNProtocols" => "bar,baz",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "HandshakeMode" => "Resume",
-            "ResumptionExpected" => "Yes",
-            "ExpectedNPNProtocol" => "bar",
-        },
-    },
-    {
-        name => "npn-client-first-pref-on-mismatch-resumption",
-        server => {
-            extra => {
-                "NPNProtocols" => "bar",
-            },
-        },
-        resume_server => {
-            extra => {
-                "NPNProtocols" => "baz",
-            },
-        },
-        client => {
-            extra => {
-                "NPNProtocols" => "foo,bar",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "HandshakeMode" => "Resume",
-            "ResumptionExpected" => "Yes",
-            "ExpectedNPNProtocol" => "foo",
-        },
-    },
-    {
-        name => "npn-no-server-support-resumption",
-        server => {
-            extra => {
-                "NPNProtocols" => "foo",
-            },
-        },
-        resume_server => { },
-        client => {
-            extra => {
-                "NPNProtocols" => "foo",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "HandshakeMode" => "Resume",
-            "ResumptionExpected" => "Yes",
-            "ExpectedNPNProtocol" => undef,
-        },
-    },
-    {
-        name => "npn-no-client-support-resumption",
-        server => {
-            extra => {
-                "NPNProtocols" => "foo",
-            },
-        },
-        client => {
-            extra => {
-                "NPNProtocols" => "foo",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        resume_client => {
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "HandshakeMode" => "Resume",
-            "ResumptionExpected" => "Yes",
-            "ExpectedNPNProtocol" => undef,
-        },
-    },
-    {
-        name => "alpn-preferred-over-npn-resumption",
-        server => {
-            extra => {
-                "NPNProtocols" => "bar",
-            },
-        },
-        resume_server => {
-            extra => {
-                "ALPNProtocols" => "foo",
-                "NPNProtocols" => "baz",
-            },
-        },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo",
-                "NPNProtocols" => "bar,baz",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "HandshakeMode" => "Resume",
-            "ResumptionExpected" => "Yes",
-            "ExpectedALPNProtocol" => "foo",
-            "ExpectedNPNProtocol" => undef,
-        },
-    },
-    {
-        name => "npn-used-if-alpn-not-supported-resumption",
-        server => {
-            extra => {
-                "ALPNProtocols" => "foo",
-                "NPNProtocols" => "bar",
-            },
-        },
-        resume_server => {
-            extra => {
-                "NPNProtocols" => "baz",
-            },
-        },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo",
-                "NPNProtocols" => "bar,baz",
-            },
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "HandshakeMode" => "Resume",
-            "ResumptionExpected" => "Yes",
-            "ExpectedALPNProtocol" => undef,
-            "ExpectedNPNProtocol" => "baz",
-        },
-    },
-);
diff --git a/test/ssl-tests/09-alpn.cnf b/test/ssl-tests/09-alpn.cnf

new file mode 100644 (file)

index 0000000..e7e6cb9
--- /dev/null
+++ b/test/ssl-tests/09-alpn.cnf
@@ -0,0 +1,619 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 16
+
+test-0 = 0-alpn-simple
+test-1 = 1-alpn-server-finds-match
+test-2 = 2-alpn-server-honours-server-pref
+test-3 = 3-alpn-alert-on-mismatch
+test-4 = 4-alpn-no-server-support
+test-5 = 5-alpn-no-client-support
+test-6 = 6-alpn-with-sni-no-context-switch
+test-7 = 7-alpn-with-sni-context-switch
+test-8 = 8-alpn-selected-sni-server-supports-alpn
+test-9 = 9-alpn-selected-sni-server-does-not-support-alpn
+test-10 = 10-alpn-simple-resumption
+test-11 = 11-alpn-server-switch-resumption
+test-12 = 12-alpn-client-switch-resumption
+test-13 = 13-alpn-alert-on-mismatch-resumption
+test-14 = 14-alpn-no-server-support-resumption
+test-15 = 15-alpn-no-client-support-resumption
+# ===========================================================
+
+[0-alpn-simple]
+ssl_conf = 0-alpn-simple-ssl
+
+[0-alpn-simple-ssl]
+server = 0-alpn-simple-server
+client = 0-alpn-simple-client
+
+[0-alpn-simple-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-alpn-simple-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedALPNProtocol = foo
+server = 0-alpn-simple-server-extra
+client = 0-alpn-simple-client-extra
+
+[0-alpn-simple-server-extra]
+ALPNProtocols = foo
+
+[0-alpn-simple-client-extra]
+ALPNProtocols = foo
+
+
+# ===========================================================
+
+[1-alpn-server-finds-match]
+ssl_conf = 1-alpn-server-finds-match-ssl
+
+[1-alpn-server-finds-match-ssl]
+server = 1-alpn-server-finds-match-server
+client = 1-alpn-server-finds-match-client
+
+[1-alpn-server-finds-match-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-alpn-server-finds-match-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedALPNProtocol = bar
+server = 1-alpn-server-finds-match-server-extra
+client = 1-alpn-server-finds-match-client-extra
+
+[1-alpn-server-finds-match-server-extra]
+ALPNProtocols = baz,bar
+
+[1-alpn-server-finds-match-client-extra]
+ALPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[2-alpn-server-honours-server-pref]
+ssl_conf = 2-alpn-server-honours-server-pref-ssl
+
+[2-alpn-server-honours-server-pref-ssl]
+server = 2-alpn-server-honours-server-pref-server
+client = 2-alpn-server-honours-server-pref-client
+
+[2-alpn-server-honours-server-pref-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-alpn-server-honours-server-pref-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedALPNProtocol = bar
+server = 2-alpn-server-honours-server-pref-server-extra
+client = 2-alpn-server-honours-server-pref-client-extra
+
+[2-alpn-server-honours-server-pref-server-extra]
+ALPNProtocols = bar,foo
+
+[2-alpn-server-honours-server-pref-client-extra]
+ALPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[3-alpn-alert-on-mismatch]
+ssl_conf = 3-alpn-alert-on-mismatch-ssl
+
+[3-alpn-alert-on-mismatch-ssl]
+server = 3-alpn-alert-on-mismatch-server
+client = 3-alpn-alert-on-mismatch-client
+
+[3-alpn-alert-on-mismatch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-alpn-alert-on-mismatch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = ServerFail
+ExpectedServerAlert = NoApplicationProtocol
+server = 3-alpn-alert-on-mismatch-server-extra
+client = 3-alpn-alert-on-mismatch-client-extra
+
+[3-alpn-alert-on-mismatch-server-extra]
+ALPNProtocols = baz
+
+[3-alpn-alert-on-mismatch-client-extra]
+ALPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[4-alpn-no-server-support]
+ssl_conf = 4-alpn-no-server-support-ssl
+
+[4-alpn-no-server-support-ssl]
+server = 4-alpn-no-server-support-server
+client = 4-alpn-no-server-support-client
+
+[4-alpn-no-server-support-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-alpn-no-server-support-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+client = 4-alpn-no-server-support-client-extra
+
+[4-alpn-no-server-support-client-extra]
+ALPNProtocols = foo
+
+
+# ===========================================================
+
+[5-alpn-no-client-support]
+ssl_conf = 5-alpn-no-client-support-ssl
+
+[5-alpn-no-client-support-ssl]
+server = 5-alpn-no-client-support-server
+client = 5-alpn-no-client-support-client
+
+[5-alpn-no-client-support-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-alpn-no-client-support-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+server = 5-alpn-no-client-support-server-extra
+
+[5-alpn-no-client-support-server-extra]
+ALPNProtocols = foo
+
+
+# ===========================================================
+
+[6-alpn-with-sni-no-context-switch]
+ssl_conf = 6-alpn-with-sni-no-context-switch-ssl
+
+[6-alpn-with-sni-no-context-switch-ssl]
+server = 6-alpn-with-sni-no-context-switch-server
+client = 6-alpn-with-sni-no-context-switch-client
+server2 = 6-alpn-with-sni-no-context-switch-server2
+
+[6-alpn-with-sni-no-context-switch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-alpn-with-sni-no-context-switch-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-alpn-with-sni-no-context-switch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedALPNProtocol = foo
+ExpectedServerName = server1
+server = 6-alpn-with-sni-no-context-switch-server-extra
+server2 = 6-alpn-with-sni-no-context-switch-server2-extra
+client = 6-alpn-with-sni-no-context-switch-client-extra
+
+[6-alpn-with-sni-no-context-switch-server-extra]
+ALPNProtocols = foo
+ServerNameCallback = IgnoreMismatch
+
+[6-alpn-with-sni-no-context-switch-server2-extra]
+ALPNProtocols = bar
+
+[6-alpn-with-sni-no-context-switch-client-extra]
+ALPNProtocols = foo,bar
+ServerName = server1
+
+
+# ===========================================================
+
+[7-alpn-with-sni-context-switch]
+ssl_conf = 7-alpn-with-sni-context-switch-ssl
+
+[7-alpn-with-sni-context-switch-ssl]
+server = 7-alpn-with-sni-context-switch-server
+client = 7-alpn-with-sni-context-switch-client
+server2 = 7-alpn-with-sni-context-switch-server2
+
+[7-alpn-with-sni-context-switch-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-alpn-with-sni-context-switch-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-alpn-with-sni-context-switch-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedALPNProtocol = bar
+ExpectedServerName = server2
+server = 7-alpn-with-sni-context-switch-server-extra
+server2 = 7-alpn-with-sni-context-switch-server2-extra
+client = 7-alpn-with-sni-context-switch-client-extra
+
+[7-alpn-with-sni-context-switch-server-extra]
+ALPNProtocols = foo
+ServerNameCallback = IgnoreMismatch
+
+[7-alpn-with-sni-context-switch-server2-extra]
+ALPNProtocols = bar
+
+[7-alpn-with-sni-context-switch-client-extra]
+ALPNProtocols = foo,bar
+ServerName = server2
+
+
+# ===========================================================
+
+[8-alpn-selected-sni-server-supports-alpn]
+ssl_conf = 8-alpn-selected-sni-server-supports-alpn-ssl
+
+[8-alpn-selected-sni-server-supports-alpn-ssl]
+server = 8-alpn-selected-sni-server-supports-alpn-server
+client = 8-alpn-selected-sni-server-supports-alpn-client
+server2 = 8-alpn-selected-sni-server-supports-alpn-server2
+
+[8-alpn-selected-sni-server-supports-alpn-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-alpn-selected-sni-server-supports-alpn-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-alpn-selected-sni-server-supports-alpn-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedALPNProtocol = bar
+ExpectedServerName = server2
+server = 8-alpn-selected-sni-server-supports-alpn-server-extra
+server2 = 8-alpn-selected-sni-server-supports-alpn-server2-extra
+client = 8-alpn-selected-sni-server-supports-alpn-client-extra
+
+[8-alpn-selected-sni-server-supports-alpn-server-extra]
+ServerNameCallback = IgnoreMismatch
+
+[8-alpn-selected-sni-server-supports-alpn-server2-extra]
+ALPNProtocols = bar
+
+[8-alpn-selected-sni-server-supports-alpn-client-extra]
+ALPNProtocols = foo,bar
+ServerName = server2
+
+
+# ===========================================================
+
+[9-alpn-selected-sni-server-does-not-support-alpn]
+ssl_conf = 9-alpn-selected-sni-server-does-not-support-alpn-ssl
+
+[9-alpn-selected-sni-server-does-not-support-alpn-ssl]
+server = 9-alpn-selected-sni-server-does-not-support-alpn-server
+client = 9-alpn-selected-sni-server-does-not-support-alpn-client
+server2 = 9-alpn-selected-sni-server-does-not-support-alpn-server2
+
+[9-alpn-selected-sni-server-does-not-support-alpn-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-alpn-selected-sni-server-does-not-support-alpn-server2]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-alpn-selected-sni-server-does-not-support-alpn-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedServerName = server2
+server = 9-alpn-selected-sni-server-does-not-support-alpn-server-extra
+client = 9-alpn-selected-sni-server-does-not-support-alpn-client-extra
+
+[9-alpn-selected-sni-server-does-not-support-alpn-server-extra]
+ALPNProtocols = bar
+ServerNameCallback = IgnoreMismatch
+
+[9-alpn-selected-sni-server-does-not-support-alpn-client-extra]
+ALPNProtocols = foo,bar
+ServerName = server2
+
+
+# ===========================================================
+
+[10-alpn-simple-resumption]
+ssl_conf = 10-alpn-simple-resumption-ssl
+
+[10-alpn-simple-resumption-ssl]
+server = 10-alpn-simple-resumption-server
+client = 10-alpn-simple-resumption-client
+resume-server = 10-alpn-simple-resumption-server
+resume-client = 10-alpn-simple-resumption-client
+
+[10-alpn-simple-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-alpn-simple-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedALPNProtocol = foo
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 10-alpn-simple-resumption-server-extra
+resume-server = 10-alpn-simple-resumption-server-extra
+client = 10-alpn-simple-resumption-client-extra
+resume-client = 10-alpn-simple-resumption-client-extra
+
+[10-alpn-simple-resumption-server-extra]
+ALPNProtocols = foo
+
+[10-alpn-simple-resumption-client-extra]
+ALPNProtocols = foo
+
+
+# ===========================================================
+
+[11-alpn-server-switch-resumption]
+ssl_conf = 11-alpn-server-switch-resumption-ssl
+
+[11-alpn-server-switch-resumption-ssl]
+server = 11-alpn-server-switch-resumption-server
+client = 11-alpn-server-switch-resumption-client
+resume-server = 11-alpn-server-switch-resumption-resume-server
+resume-client = 11-alpn-server-switch-resumption-client
+
+[11-alpn-server-switch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-alpn-server-switch-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-alpn-server-switch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedALPNProtocol = baz
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 11-alpn-server-switch-resumption-server-extra
+resume-server = 11-alpn-server-switch-resumption-resume-server-extra
+client = 11-alpn-server-switch-resumption-client-extra
+resume-client = 11-alpn-server-switch-resumption-client-extra
+
+[11-alpn-server-switch-resumption-server-extra]
+ALPNProtocols = bar,foo
+
+[11-alpn-server-switch-resumption-resume-server-extra]
+ALPNProtocols = baz,foo
+
+[11-alpn-server-switch-resumption-client-extra]
+ALPNProtocols = foo,bar,baz
+
+
+# ===========================================================
+
+[12-alpn-client-switch-resumption]
+ssl_conf = 12-alpn-client-switch-resumption-ssl
+
+[12-alpn-client-switch-resumption-ssl]
+server = 12-alpn-client-switch-resumption-server
+client = 12-alpn-client-switch-resumption-client
+resume-server = 12-alpn-client-switch-resumption-server
+resume-client = 12-alpn-client-switch-resumption-resume-client
+
+[12-alpn-client-switch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-alpn-client-switch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[12-alpn-client-switch-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedALPNProtocol = bar
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 12-alpn-client-switch-resumption-server-extra
+resume-server = 12-alpn-client-switch-resumption-server-extra
+client = 12-alpn-client-switch-resumption-client-extra
+resume-client = 12-alpn-client-switch-resumption-resume-client-extra
+
+[12-alpn-client-switch-resumption-server-extra]
+ALPNProtocols = foo,bar,baz
+
+[12-alpn-client-switch-resumption-client-extra]
+ALPNProtocols = foo,baz
+
+[12-alpn-client-switch-resumption-resume-client-extra]
+ALPNProtocols = bar,baz
+
+
+# ===========================================================
+
+[13-alpn-alert-on-mismatch-resumption]
+ssl_conf = 13-alpn-alert-on-mismatch-resumption-ssl
+
+[13-alpn-alert-on-mismatch-resumption-ssl]
+server = 13-alpn-alert-on-mismatch-resumption-server
+client = 13-alpn-alert-on-mismatch-resumption-client
+resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server
+resume-client = 13-alpn-alert-on-mismatch-resumption-client
+
+[13-alpn-alert-on-mismatch-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-alpn-alert-on-mismatch-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-alpn-alert-on-mismatch-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedResult = ServerFail
+ExpectedServerAlert = NoApplicationProtocol
+HandshakeMode = Resume
+server = 13-alpn-alert-on-mismatch-resumption-server-extra
+resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server-extra
+client = 13-alpn-alert-on-mismatch-resumption-client-extra
+resume-client = 13-alpn-alert-on-mismatch-resumption-client-extra
+
+[13-alpn-alert-on-mismatch-resumption-server-extra]
+ALPNProtocols = bar
+
+[13-alpn-alert-on-mismatch-resumption-resume-server-extra]
+ALPNProtocols = baz
+
+[13-alpn-alert-on-mismatch-resumption-client-extra]
+ALPNProtocols = foo,bar
+
+
+# ===========================================================
+
+[14-alpn-no-server-support-resumption]
+ssl_conf = 14-alpn-no-server-support-resumption-ssl
+
+[14-alpn-no-server-support-resumption-ssl]
+server = 14-alpn-no-server-support-resumption-server
+client = 14-alpn-no-server-support-resumption-client
+resume-server = 14-alpn-no-server-support-resumption-resume-server
+resume-client = 14-alpn-no-server-support-resumption-client
+
+[14-alpn-no-server-support-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-alpn-no-server-support-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-alpn-no-server-support-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 14-alpn-no-server-support-resumption-server-extra
+client = 14-alpn-no-server-support-resumption-client-extra
+resume-client = 14-alpn-no-server-support-resumption-client-extra
+
+[14-alpn-no-server-support-resumption-server-extra]
+ALPNProtocols = foo
+
+[14-alpn-no-server-support-resumption-client-extra]
+ALPNProtocols = foo
+
+
+# ===========================================================
+
+[15-alpn-no-client-support-resumption]
+ssl_conf = 15-alpn-no-client-support-resumption-ssl
+
+[15-alpn-no-client-support-resumption-ssl]
+server = 15-alpn-no-client-support-resumption-server
+client = 15-alpn-no-client-support-resumption-client
+resume-server = 15-alpn-no-client-support-resumption-server
+resume-client = 15-alpn-no-client-support-resumption-resume-client
+
+[15-alpn-no-client-support-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-alpn-no-client-support-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[15-alpn-no-client-support-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+HandshakeMode = Resume
+ResumptionExpected = Yes
+server = 15-alpn-no-client-support-resumption-server-extra
+resume-server = 15-alpn-no-client-support-resumption-server-extra
+client = 15-alpn-no-client-support-resumption-client-extra
+
+[15-alpn-no-client-support-resumption-server-extra]
+ALPNProtocols = foo
+
+[15-alpn-no-client-support-resumption-client-extra]
+ALPNProtocols = foo
+
+
diff --git a/test/ssl-tests/09-alpn.cnf.in b/test/ssl-tests/09-alpn.cnf.in

new file mode 100644 (file)

index 0000000..75141bf
--- /dev/null
+++ b/test/ssl-tests/09-alpn.cnf.in
@@ -0,0 +1,325 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test version negotiation
+
+use strict;
+use warnings;
+
+package ssltests;
+
+
+our @tests = (
+    {
+        name => "alpn-simple",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        test => {
+            "ExpectedALPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "alpn-server-finds-match",
+        server => {
+            extra => {
+                "ALPNProtocols" => "baz,bar",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+            },
+        },
+        test => {
+            "ExpectedALPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "alpn-server-honours-server-pref",
+        server => {
+            extra => {
+                "ALPNProtocols" => "bar,foo",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+            },
+        },
+        test => {
+            "ExpectedALPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "alpn-alert-on-mismatch",
+        server => {
+            extra => {
+                "ALPNProtocols" => "baz",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+            },
+        },
+        test => {
+            "ExpectedResult" => "ServerFail",
+            "ExpectedServerAlert" => "NoApplicationProtocol",
+        },
+    },
+    {
+        name => "alpn-no-server-support",
+        server => { },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        test => {
+            "ExpectedALPNProtocol" => undef,
+        },
+    },
+    {
+        name => "alpn-no-client-support",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        client => { },
+        test => {
+            "ExpectedALPNProtocol" => undef,
+        },
+    },
+    {
+        name => "alpn-with-sni-no-context-switch",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        server2 => {
+            extra => {
+                "ALPNProtocols" => "bar",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+                "ServerName" => "server1",
+            },
+        },
+        test => {
+            "ExpectedServerName" => "server1",
+            "ExpectedALPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "alpn-with-sni-context-switch",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        server2 => {
+            extra => {
+                "ALPNProtocols" => "bar",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+                "ServerName" => "server2",
+            },
+        },
+        test => {
+            "ExpectedServerName" => "server2",
+            "ExpectedALPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "alpn-selected-sni-server-supports-alpn",
+        server => {
+            extra => {
+               "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        server2 => {
+            extra => {
+                "ALPNProtocols" => "bar",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+                "ServerName" => "server2",
+            },
+        },
+        test => {
+            "ExpectedServerName" => "server2",
+            "ExpectedALPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "alpn-selected-sni-server-does-not-support-alpn",
+        server => {
+            extra => {
+                "ALPNProtocols" => "bar", 
+                "ServerNameCallback" => "IgnoreMismatch",
+            },
+        },
+        server2 => { },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+                "ServerName" => "server2",
+            },
+        },
+        test => {
+            "ExpectedServerName" => "server2",
+            "ExpectedALPNProtocol" => undef,
+        },
+    },
+    {
+        name => "alpn-simple-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => "foo",
+        },
+    },
+    {
+        name => "alpn-server-switch-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "bar,foo",
+            },
+        },
+        resume_server => {
+            extra => {
+                "ALPNProtocols" => "baz,foo",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar,baz",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => "baz",
+        },
+    },
+    {
+        name => "alpn-client-switch-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo,bar,baz",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,baz",
+            },
+        },
+        resume_client => {
+            extra => {
+                "ALPNProtocols" => "bar,baz",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => "bar",
+        },
+    },
+    {
+        name => "alpn-alert-on-mismatch-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "bar",
+            },
+        },
+        resume_server => {
+            extra => {
+                "ALPNProtocols" => "baz",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo,bar",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ExpectedResult" => "ServerFail",
+            "ExpectedServerAlert" => "NoApplicationProtocol",
+        },
+    },
+    {
+        name => "alpn-no-server-support-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        resume_server => { },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => undef,
+        },
+    },
+    {
+        name => "alpn-no-client-support-resumption",
+        server => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        client => {
+            extra => {
+                "ALPNProtocols" => "foo",
+            },
+        },
+        resume_client => {
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedALPNProtocol" => undef,
+        },
+    },
+);
diff --git a/test/ssl-tests/09-alpn.conf b/test/ssl-tests/09-alpn.conf

deleted file mode 100644 (file)

index e7e6cb9..0000000
--- a/test/ssl-tests/09-alpn.conf
+++ /dev/null
@@ -1,619 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 16
-
-test-0 = 0-alpn-simple
-test-1 = 1-alpn-server-finds-match
-test-2 = 2-alpn-server-honours-server-pref
-test-3 = 3-alpn-alert-on-mismatch
-test-4 = 4-alpn-no-server-support
-test-5 = 5-alpn-no-client-support
-test-6 = 6-alpn-with-sni-no-context-switch
-test-7 = 7-alpn-with-sni-context-switch
-test-8 = 8-alpn-selected-sni-server-supports-alpn
-test-9 = 9-alpn-selected-sni-server-does-not-support-alpn
-test-10 = 10-alpn-simple-resumption
-test-11 = 11-alpn-server-switch-resumption
-test-12 = 12-alpn-client-switch-resumption
-test-13 = 13-alpn-alert-on-mismatch-resumption
-test-14 = 14-alpn-no-server-support-resumption
-test-15 = 15-alpn-no-client-support-resumption
-# ===========================================================
-
-[0-alpn-simple]
-ssl_conf = 0-alpn-simple-ssl
-
-[0-alpn-simple-ssl]
-server = 0-alpn-simple-server
-client = 0-alpn-simple-client
-
-[0-alpn-simple-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-alpn-simple-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedALPNProtocol = foo
-server = 0-alpn-simple-server-extra
-client = 0-alpn-simple-client-extra
-
-[0-alpn-simple-server-extra]
-ALPNProtocols = foo
-
-[0-alpn-simple-client-extra]
-ALPNProtocols = foo
-
-
-# ===========================================================
-
-[1-alpn-server-finds-match]
-ssl_conf = 1-alpn-server-finds-match-ssl
-
-[1-alpn-server-finds-match-ssl]
-server = 1-alpn-server-finds-match-server
-client = 1-alpn-server-finds-match-client
-
-[1-alpn-server-finds-match-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-alpn-server-finds-match-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedALPNProtocol = bar
-server = 1-alpn-server-finds-match-server-extra
-client = 1-alpn-server-finds-match-client-extra
-
-[1-alpn-server-finds-match-server-extra]
-ALPNProtocols = baz,bar
-
-[1-alpn-server-finds-match-client-extra]
-ALPNProtocols = foo,bar
-
-
-# ===========================================================
-
-[2-alpn-server-honours-server-pref]
-ssl_conf = 2-alpn-server-honours-server-pref-ssl
-
-[2-alpn-server-honours-server-pref-ssl]
-server = 2-alpn-server-honours-server-pref-server
-client = 2-alpn-server-honours-server-pref-client
-
-[2-alpn-server-honours-server-pref-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-alpn-server-honours-server-pref-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedALPNProtocol = bar
-server = 2-alpn-server-honours-server-pref-server-extra
-client = 2-alpn-server-honours-server-pref-client-extra
-
-[2-alpn-server-honours-server-pref-server-extra]
-ALPNProtocols = bar,foo
-
-[2-alpn-server-honours-server-pref-client-extra]
-ALPNProtocols = foo,bar
-
-
-# ===========================================================
-
-[3-alpn-alert-on-mismatch]
-ssl_conf = 3-alpn-alert-on-mismatch-ssl
-
-[3-alpn-alert-on-mismatch-ssl]
-server = 3-alpn-alert-on-mismatch-server
-client = 3-alpn-alert-on-mismatch-client
-
-[3-alpn-alert-on-mismatch-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-alpn-alert-on-mismatch-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedResult = ServerFail
-ExpectedServerAlert = NoApplicationProtocol
-server = 3-alpn-alert-on-mismatch-server-extra
-client = 3-alpn-alert-on-mismatch-client-extra
-
-[3-alpn-alert-on-mismatch-server-extra]
-ALPNProtocols = baz
-
-[3-alpn-alert-on-mismatch-client-extra]
-ALPNProtocols = foo,bar
-
-
-# ===========================================================
-
-[4-alpn-no-server-support]
-ssl_conf = 4-alpn-no-server-support-ssl
-
-[4-alpn-no-server-support-ssl]
-server = 4-alpn-no-server-support-server
-client = 4-alpn-no-server-support-client
-
-[4-alpn-no-server-support-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-alpn-no-server-support-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-client = 4-alpn-no-server-support-client-extra
-
-[4-alpn-no-server-support-client-extra]
-ALPNProtocols = foo
-
-
-# ===========================================================
-
-[5-alpn-no-client-support]
-ssl_conf = 5-alpn-no-client-support-ssl
-
-[5-alpn-no-client-support-ssl]
-server = 5-alpn-no-client-support-server
-client = 5-alpn-no-client-support-client
-
-[5-alpn-no-client-support-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-alpn-no-client-support-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-server = 5-alpn-no-client-support-server-extra
-
-[5-alpn-no-client-support-server-extra]
-ALPNProtocols = foo
-
-
-# ===========================================================
-
-[6-alpn-with-sni-no-context-switch]
-ssl_conf = 6-alpn-with-sni-no-context-switch-ssl
-
-[6-alpn-with-sni-no-context-switch-ssl]
-server = 6-alpn-with-sni-no-context-switch-server
-client = 6-alpn-with-sni-no-context-switch-client
-server2 = 6-alpn-with-sni-no-context-switch-server2
-
-[6-alpn-with-sni-no-context-switch-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-alpn-with-sni-no-context-switch-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-alpn-with-sni-no-context-switch-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ExpectedALPNProtocol = foo
-ExpectedServerName = server1
-server = 6-alpn-with-sni-no-context-switch-server-extra
-server2 = 6-alpn-with-sni-no-context-switch-server2-extra
-client = 6-alpn-with-sni-no-context-switch-client-extra
-
-[6-alpn-with-sni-no-context-switch-server-extra]
-ALPNProtocols = foo
-ServerNameCallback = IgnoreMismatch
-
-[6-alpn-with-sni-no-context-switch-server2-extra]
-ALPNProtocols = bar
-
-[6-alpn-with-sni-no-context-switch-client-extra]
-ALPNProtocols = foo,bar
-ServerName = server1
-
-
-# ===========================================================
-
-[7-alpn-with-sni-context-switch]
-ssl_conf = 7-alpn-with-sni-context-switch-ssl
-
-[7-alpn-with-sni-context-switch-ssl]
-server = 7-alpn-with-sni-context-switch-server
-client = 7-alpn-with-sni-context-switch-client
-server2 = 7-alpn-with-sni-context-switch-server2
-
-[7-alpn-with-sni-context-switch-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-alpn-with-sni-context-switch-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-alpn-with-sni-context-switch-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-ExpectedALPNProtocol = bar
-ExpectedServerName = server2
-server = 7-alpn-with-sni-context-switch-server-extra
-server2 = 7-alpn-with-sni-context-switch-server2-extra
-client = 7-alpn-with-sni-context-switch-client-extra
-
-[7-alpn-with-sni-context-switch-server-extra]
-ALPNProtocols = foo
-ServerNameCallback = IgnoreMismatch
-
-[7-alpn-with-sni-context-switch-server2-extra]
-ALPNProtocols = bar
-
-[7-alpn-with-sni-context-switch-client-extra]
-ALPNProtocols = foo,bar
-ServerName = server2
-
-
-# ===========================================================
-
-[8-alpn-selected-sni-server-supports-alpn]
-ssl_conf = 8-alpn-selected-sni-server-supports-alpn-ssl
-
-[8-alpn-selected-sni-server-supports-alpn-ssl]
-server = 8-alpn-selected-sni-server-supports-alpn-server
-client = 8-alpn-selected-sni-server-supports-alpn-client
-server2 = 8-alpn-selected-sni-server-supports-alpn-server2
-
-[8-alpn-selected-sni-server-supports-alpn-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-alpn-selected-sni-server-supports-alpn-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-alpn-selected-sni-server-supports-alpn-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-8]
-ExpectedALPNProtocol = bar
-ExpectedServerName = server2
-server = 8-alpn-selected-sni-server-supports-alpn-server-extra
-server2 = 8-alpn-selected-sni-server-supports-alpn-server2-extra
-client = 8-alpn-selected-sni-server-supports-alpn-client-extra
-
-[8-alpn-selected-sni-server-supports-alpn-server-extra]
-ServerNameCallback = IgnoreMismatch
-
-[8-alpn-selected-sni-server-supports-alpn-server2-extra]
-ALPNProtocols = bar
-
-[8-alpn-selected-sni-server-supports-alpn-client-extra]
-ALPNProtocols = foo,bar
-ServerName = server2
-
-
-# ===========================================================
-
-[9-alpn-selected-sni-server-does-not-support-alpn]
-ssl_conf = 9-alpn-selected-sni-server-does-not-support-alpn-ssl
-
-[9-alpn-selected-sni-server-does-not-support-alpn-ssl]
-server = 9-alpn-selected-sni-server-does-not-support-alpn-server
-client = 9-alpn-selected-sni-server-does-not-support-alpn-client
-server2 = 9-alpn-selected-sni-server-does-not-support-alpn-server2
-
-[9-alpn-selected-sni-server-does-not-support-alpn-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[9-alpn-selected-sni-server-does-not-support-alpn-server2]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[9-alpn-selected-sni-server-does-not-support-alpn-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-9]
-ExpectedServerName = server2
-server = 9-alpn-selected-sni-server-does-not-support-alpn-server-extra
-client = 9-alpn-selected-sni-server-does-not-support-alpn-client-extra
-
-[9-alpn-selected-sni-server-does-not-support-alpn-server-extra]
-ALPNProtocols = bar
-ServerNameCallback = IgnoreMismatch
-
-[9-alpn-selected-sni-server-does-not-support-alpn-client-extra]
-ALPNProtocols = foo,bar
-ServerName = server2
-
-
-# ===========================================================
-
-[10-alpn-simple-resumption]
-ssl_conf = 10-alpn-simple-resumption-ssl
-
-[10-alpn-simple-resumption-ssl]
-server = 10-alpn-simple-resumption-server
-client = 10-alpn-simple-resumption-client
-resume-server = 10-alpn-simple-resumption-server
-resume-client = 10-alpn-simple-resumption-client
-
-[10-alpn-simple-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[10-alpn-simple-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-10]
-ExpectedALPNProtocol = foo
-HandshakeMode = Resume
-ResumptionExpected = Yes
-server = 10-alpn-simple-resumption-server-extra
-resume-server = 10-alpn-simple-resumption-server-extra
-client = 10-alpn-simple-resumption-client-extra
-resume-client = 10-alpn-simple-resumption-client-extra
-
-[10-alpn-simple-resumption-server-extra]
-ALPNProtocols = foo
-
-[10-alpn-simple-resumption-client-extra]
-ALPNProtocols = foo
-
-
-# ===========================================================
-
-[11-alpn-server-switch-resumption]
-ssl_conf = 11-alpn-server-switch-resumption-ssl
-
-[11-alpn-server-switch-resumption-ssl]
-server = 11-alpn-server-switch-resumption-server
-client = 11-alpn-server-switch-resumption-client
-resume-server = 11-alpn-server-switch-resumption-resume-server
-resume-client = 11-alpn-server-switch-resumption-client
-
-[11-alpn-server-switch-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[11-alpn-server-switch-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[11-alpn-server-switch-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-11]
-ExpectedALPNProtocol = baz
-HandshakeMode = Resume
-ResumptionExpected = Yes
-server = 11-alpn-server-switch-resumption-server-extra
-resume-server = 11-alpn-server-switch-resumption-resume-server-extra
-client = 11-alpn-server-switch-resumption-client-extra
-resume-client = 11-alpn-server-switch-resumption-client-extra
-
-[11-alpn-server-switch-resumption-server-extra]
-ALPNProtocols = bar,foo
-
-[11-alpn-server-switch-resumption-resume-server-extra]
-ALPNProtocols = baz,foo
-
-[11-alpn-server-switch-resumption-client-extra]
-ALPNProtocols = foo,bar,baz
-
-
-# ===========================================================
-
-[12-alpn-client-switch-resumption]
-ssl_conf = 12-alpn-client-switch-resumption-ssl
-
-[12-alpn-client-switch-resumption-ssl]
-server = 12-alpn-client-switch-resumption-server
-client = 12-alpn-client-switch-resumption-client
-resume-server = 12-alpn-client-switch-resumption-server
-resume-client = 12-alpn-client-switch-resumption-resume-client
-
-[12-alpn-client-switch-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[12-alpn-client-switch-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[12-alpn-client-switch-resumption-resume-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-12]
-ExpectedALPNProtocol = bar
-HandshakeMode = Resume
-ResumptionExpected = Yes
-server = 12-alpn-client-switch-resumption-server-extra
-resume-server = 12-alpn-client-switch-resumption-server-extra
-client = 12-alpn-client-switch-resumption-client-extra
-resume-client = 12-alpn-client-switch-resumption-resume-client-extra
-
-[12-alpn-client-switch-resumption-server-extra]
-ALPNProtocols = foo,bar,baz
-
-[12-alpn-client-switch-resumption-client-extra]
-ALPNProtocols = foo,baz
-
-[12-alpn-client-switch-resumption-resume-client-extra]
-ALPNProtocols = bar,baz
-
-
-# ===========================================================
-
-[13-alpn-alert-on-mismatch-resumption]
-ssl_conf = 13-alpn-alert-on-mismatch-resumption-ssl
-
-[13-alpn-alert-on-mismatch-resumption-ssl]
-server = 13-alpn-alert-on-mismatch-resumption-server
-client = 13-alpn-alert-on-mismatch-resumption-client
-resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server
-resume-client = 13-alpn-alert-on-mismatch-resumption-client
-
-[13-alpn-alert-on-mismatch-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[13-alpn-alert-on-mismatch-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[13-alpn-alert-on-mismatch-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-13]
-ExpectedResult = ServerFail
-ExpectedServerAlert = NoApplicationProtocol
-HandshakeMode = Resume
-server = 13-alpn-alert-on-mismatch-resumption-server-extra
-resume-server = 13-alpn-alert-on-mismatch-resumption-resume-server-extra
-client = 13-alpn-alert-on-mismatch-resumption-client-extra
-resume-client = 13-alpn-alert-on-mismatch-resumption-client-extra
-
-[13-alpn-alert-on-mismatch-resumption-server-extra]
-ALPNProtocols = bar
-
-[13-alpn-alert-on-mismatch-resumption-resume-server-extra]
-ALPNProtocols = baz
-
-[13-alpn-alert-on-mismatch-resumption-client-extra]
-ALPNProtocols = foo,bar
-
-
-# ===========================================================
-
-[14-alpn-no-server-support-resumption]
-ssl_conf = 14-alpn-no-server-support-resumption-ssl
-
-[14-alpn-no-server-support-resumption-ssl]
-server = 14-alpn-no-server-support-resumption-server
-client = 14-alpn-no-server-support-resumption-client
-resume-server = 14-alpn-no-server-support-resumption-resume-server
-resume-client = 14-alpn-no-server-support-resumption-client
-
-[14-alpn-no-server-support-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[14-alpn-no-server-support-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[14-alpn-no-server-support-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-14]
-HandshakeMode = Resume
-ResumptionExpected = Yes
-server = 14-alpn-no-server-support-resumption-server-extra
-client = 14-alpn-no-server-support-resumption-client-extra
-resume-client = 14-alpn-no-server-support-resumption-client-extra
-
-[14-alpn-no-server-support-resumption-server-extra]
-ALPNProtocols = foo
-
-[14-alpn-no-server-support-resumption-client-extra]
-ALPNProtocols = foo
-
-
-# ===========================================================
-
-[15-alpn-no-client-support-resumption]
-ssl_conf = 15-alpn-no-client-support-resumption-ssl
-
-[15-alpn-no-client-support-resumption-ssl]
-server = 15-alpn-no-client-support-resumption-server
-client = 15-alpn-no-client-support-resumption-client
-resume-server = 15-alpn-no-client-support-resumption-server
-resume-client = 15-alpn-no-client-support-resumption-resume-client
-
-[15-alpn-no-client-support-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[15-alpn-no-client-support-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[15-alpn-no-client-support-resumption-resume-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-15]
-HandshakeMode = Resume
-ResumptionExpected = Yes
-server = 15-alpn-no-client-support-resumption-server-extra
-resume-server = 15-alpn-no-client-support-resumption-server-extra
-client = 15-alpn-no-client-support-resumption-client-extra
-
-[15-alpn-no-client-support-resumption-server-extra]
-ALPNProtocols = foo
-
-[15-alpn-no-client-support-resumption-client-extra]
-ALPNProtocols = foo
-
-
diff --git a/test/ssl-tests/09-alpn.conf.in b/test/ssl-tests/09-alpn.conf.in

deleted file mode 100644 (file)

index 75141bf..0000000
--- a/test/ssl-tests/09-alpn.conf.in
+++ /dev/null
@@ -1,325 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test version negotiation
-
-use strict;
-use warnings;
-
-package ssltests;
-
-
-our @tests = (
-    {
-        name => "alpn-simple",
-        server => {
-            extra => {
-                "ALPNProtocols" => "foo",
-            },
-        },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo",
-            },
-        },
-        test => {
-            "ExpectedALPNProtocol" => "foo",
-        },
-    },
-    {
-        name => "alpn-server-finds-match",
-        server => {
-            extra => {
-                "ALPNProtocols" => "baz,bar",
-            },
-        },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo,bar",
-            },
-        },
-        test => {
-            "ExpectedALPNProtocol" => "bar",
-        },
-    },
-    {
-        name => "alpn-server-honours-server-pref",
-        server => {
-            extra => {
-                "ALPNProtocols" => "bar,foo",
-            },
-        },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo,bar",
-            },
-        },
-        test => {
-            "ExpectedALPNProtocol" => "bar",
-        },
-    },
-    {
-        name => "alpn-alert-on-mismatch",
-        server => {
-            extra => {
-                "ALPNProtocols" => "baz",
-            },
-        },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo,bar",
-            },
-        },
-        test => {
-            "ExpectedResult" => "ServerFail",
-            "ExpectedServerAlert" => "NoApplicationProtocol",
-        },
-    },
-    {
-        name => "alpn-no-server-support",
-        server => { },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo",
-            },
-        },
-        test => {
-            "ExpectedALPNProtocol" => undef,
-        },
-    },
-    {
-        name => "alpn-no-client-support",
-        server => {
-            extra => {
-                "ALPNProtocols" => "foo",
-            },
-        },
-        client => { },
-        test => {
-            "ExpectedALPNProtocol" => undef,
-        },
-    },
-    {
-        name => "alpn-with-sni-no-context-switch",
-        server => {
-            extra => {
-                "ALPNProtocols" => "foo",
-                "ServerNameCallback" => "IgnoreMismatch",
-            },
-        },
-        server2 => {
-            extra => {
-                "ALPNProtocols" => "bar",
-            },
-        },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo,bar",
-                "ServerName" => "server1",
-            },
-        },
-        test => {
-            "ExpectedServerName" => "server1",
-            "ExpectedALPNProtocol" => "foo",
-        },
-    },
-    {
-        name => "alpn-with-sni-context-switch",
-        server => {
-            extra => {
-                "ALPNProtocols" => "foo",
-                "ServerNameCallback" => "IgnoreMismatch",
-            },
-        },
-        server2 => {
-            extra => {
-                "ALPNProtocols" => "bar",
-            },
-        },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo,bar",
-                "ServerName" => "server2",
-            },
-        },
-        test => {
-            "ExpectedServerName" => "server2",
-            "ExpectedALPNProtocol" => "bar",
-        },
-    },
-    {
-        name => "alpn-selected-sni-server-supports-alpn",
-        server => {
-            extra => {
-               "ServerNameCallback" => "IgnoreMismatch",
-            },
-        },
-        server2 => {
-            extra => {
-                "ALPNProtocols" => "bar",
-            },
-        },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo,bar",
-                "ServerName" => "server2",
-            },
-        },
-        test => {
-            "ExpectedServerName" => "server2",
-            "ExpectedALPNProtocol" => "bar",
-        },
-    },
-    {
-        name => "alpn-selected-sni-server-does-not-support-alpn",
-        server => {
-            extra => {
-                "ALPNProtocols" => "bar", 
-                "ServerNameCallback" => "IgnoreMismatch",
-            },
-        },
-        server2 => { },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo,bar",
-                "ServerName" => "server2",
-            },
-        },
-        test => {
-            "ExpectedServerName" => "server2",
-            "ExpectedALPNProtocol" => undef,
-        },
-    },
-    {
-        name => "alpn-simple-resumption",
-        server => {
-            extra => {
-                "ALPNProtocols" => "foo",
-            },
-        },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo",
-            },
-        },
-        test => {
-            "HandshakeMode" => "Resume",
-            "ResumptionExpected" => "Yes",
-            "ExpectedALPNProtocol" => "foo",
-        },
-    },
-    {
-        name => "alpn-server-switch-resumption",
-        server => {
-            extra => {
-                "ALPNProtocols" => "bar,foo",
-            },
-        },
-        resume_server => {
-            extra => {
-                "ALPNProtocols" => "baz,foo",
-            },
-        },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo,bar,baz",
-            },
-        },
-        test => {
-            "HandshakeMode" => "Resume",
-            "ResumptionExpected" => "Yes",
-            "ExpectedALPNProtocol" => "baz",
-        },
-    },
-    {
-        name => "alpn-client-switch-resumption",
-        server => {
-            extra => {
-                "ALPNProtocols" => "foo,bar,baz",
-            },
-        },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo,baz",
-            },
-        },
-        resume_client => {
-            extra => {
-                "ALPNProtocols" => "bar,baz",
-            },
-        },
-        test => {
-            "HandshakeMode" => "Resume",
-            "ResumptionExpected" => "Yes",
-            "ExpectedALPNProtocol" => "bar",
-        },
-    },
-    {
-        name => "alpn-alert-on-mismatch-resumption",
-        server => {
-            extra => {
-                "ALPNProtocols" => "bar",
-            },
-        },
-        resume_server => {
-            extra => {
-                "ALPNProtocols" => "baz",
-            },
-        },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo,bar",
-            },
-        },
-        test => {
-            "HandshakeMode" => "Resume",
-            "ExpectedResult" => "ServerFail",
-            "ExpectedServerAlert" => "NoApplicationProtocol",
-        },
-    },
-    {
-        name => "alpn-no-server-support-resumption",
-        server => {
-            extra => {
-                "ALPNProtocols" => "foo",
-            },
-        },
-        resume_server => { },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo",
-            },
-        },
-        test => {
-            "HandshakeMode" => "Resume",
-            "ResumptionExpected" => "Yes",
-            "ExpectedALPNProtocol" => undef,
-        },
-    },
-    {
-        name => "alpn-no-client-support-resumption",
-        server => {
-            extra => {
-                "ALPNProtocols" => "foo",
-            },
-        },
-        client => {
-            extra => {
-                "ALPNProtocols" => "foo",
-            },
-        },
-        resume_client => {
-        },
-        test => {
-            "HandshakeMode" => "Resume",
-            "ResumptionExpected" => "Yes",
-            "ExpectedALPNProtocol" => undef,
-        },
-    },
-);
diff --git a/test/ssl-tests/10-resumption.cnf b/test/ssl-tests/10-resumption.cnf

new file mode 100644 (file)

index 0000000..73de974
--- /dev/null
+++ b/test/ssl-tests/10-resumption.cnf
@@ -0,0 +1,2439 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 65
+
+test-0 = 0-resumption
+test-1 = 1-resumption
+test-2 = 2-resumption
+test-3 = 3-resumption
+test-4 = 4-resumption
+test-5 = 5-resumption
+test-6 = 6-resumption
+test-7 = 7-resumption
+test-8 = 8-resumption
+test-9 = 9-resumption
+test-10 = 10-resumption
+test-11 = 11-resumption
+test-12 = 12-resumption
+test-13 = 13-resumption
+test-14 = 14-resumption
+test-15 = 15-resumption
+test-16 = 16-resumption
+test-17 = 17-resumption
+test-18 = 18-resumption
+test-19 = 19-resumption
+test-20 = 20-resumption
+test-21 = 21-resumption
+test-22 = 22-resumption
+test-23 = 23-resumption
+test-24 = 24-resumption
+test-25 = 25-resumption
+test-26 = 26-resumption
+test-27 = 27-resumption
+test-28 = 28-resumption
+test-29 = 29-resumption
+test-30 = 30-resumption
+test-31 = 31-resumption
+test-32 = 32-resumption
+test-33 = 33-resumption
+test-34 = 34-resumption
+test-35 = 35-resumption
+test-36 = 36-resumption
+test-37 = 37-resumption
+test-38 = 38-resumption
+test-39 = 39-resumption
+test-40 = 40-resumption
+test-41 = 41-resumption
+test-42 = 42-resumption
+test-43 = 43-resumption
+test-44 = 44-resumption
+test-45 = 45-resumption
+test-46 = 46-resumption
+test-47 = 47-resumption
+test-48 = 48-resumption
+test-49 = 49-resumption
+test-50 = 50-resumption
+test-51 = 51-resumption
+test-52 = 52-resumption
+test-53 = 53-resumption
+test-54 = 54-resumption
+test-55 = 55-resumption
+test-56 = 56-resumption
+test-57 = 57-resumption
+test-58 = 58-resumption
+test-59 = 59-resumption
+test-60 = 60-resumption
+test-61 = 61-resumption
+test-62 = 62-resumption
+test-63 = 63-resumption
+test-64 = 64-resumption-with-hrr
+# ===========================================================
+
+[0-resumption]
+ssl_conf = 0-resumption-ssl
+
+[0-resumption-ssl]
+server = 0-resumption-server
+client = 0-resumption-client
+resume-server = 0-resumption-resume-server
+resume-client = 0-resumption-client
+
+[0-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[1-resumption]
+ssl_conf = 1-resumption-ssl
+
+[1-resumption-ssl]
+server = 1-resumption-server
+client = 1-resumption-client
+resume-server = 1-resumption-resume-server
+resume-client = 1-resumption-client
+
+[1-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[2-resumption]
+ssl_conf = 2-resumption-ssl
+
+[2-resumption-ssl]
+server = 2-resumption-server
+client = 2-resumption-client
+resume-server = 2-resumption-resume-server
+resume-client = 2-resumption-client
+
+[2-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[3-resumption]
+ssl_conf = 3-resumption-ssl
+
+[3-resumption-ssl]
+server = 3-resumption-server
+client = 3-resumption-client
+resume-server = 3-resumption-resume-server
+resume-client = 3-resumption-client
+
+[3-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[4-resumption]
+ssl_conf = 4-resumption-ssl
+
+[4-resumption-ssl]
+server = 4-resumption-server
+client = 4-resumption-client
+resume-server = 4-resumption-resume-server
+resume-client = 4-resumption-client
+
+[4-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[5-resumption]
+ssl_conf = 5-resumption-ssl
+
+[5-resumption-ssl]
+server = 5-resumption-server
+client = 5-resumption-client
+resume-server = 5-resumption-resume-server
+resume-client = 5-resumption-client
+
+[5-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[6-resumption]
+ssl_conf = 6-resumption-ssl
+
+[6-resumption-ssl]
+server = 6-resumption-server
+client = 6-resumption-client
+resume-server = 6-resumption-resume-server
+resume-client = 6-resumption-client
+
+[6-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[7-resumption]
+ssl_conf = 7-resumption-ssl
+
+[7-resumption-ssl]
+server = 7-resumption-server
+client = 7-resumption-client
+resume-server = 7-resumption-resume-server
+resume-client = 7-resumption-client
+
+[7-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[8-resumption]
+ssl_conf = 8-resumption-ssl
+
+[8-resumption-ssl]
+server = 8-resumption-server
+client = 8-resumption-client
+resume-server = 8-resumption-resume-server
+resume-client = 8-resumption-client
+
+[8-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[9-resumption]
+ssl_conf = 9-resumption-ssl
+
+[9-resumption-ssl]
+server = 9-resumption-server
+client = 9-resumption-client
+resume-server = 9-resumption-resume-server
+resume-client = 9-resumption-client
+
+[9-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[10-resumption]
+ssl_conf = 10-resumption-ssl
+
+[10-resumption-ssl]
+server = 10-resumption-server
+client = 10-resumption-client
+resume-server = 10-resumption-resume-server
+resume-client = 10-resumption-client
+
+[10-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[11-resumption]
+ssl_conf = 11-resumption-ssl
+
+[11-resumption-ssl]
+server = 11-resumption-server
+client = 11-resumption-client
+resume-server = 11-resumption-resume-server
+resume-client = 11-resumption-client
+
+[11-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[12-resumption]
+ssl_conf = 12-resumption-ssl
+
+[12-resumption-ssl]
+server = 12-resumption-server
+client = 12-resumption-client
+resume-server = 12-resumption-resume-server
+resume-client = 12-resumption-client
+
+[12-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[13-resumption]
+ssl_conf = 13-resumption-ssl
+
+[13-resumption-ssl]
+server = 13-resumption-server
+client = 13-resumption-client
+resume-server = 13-resumption-resume-server
+resume-client = 13-resumption-client
+
+[13-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[14-resumption]
+ssl_conf = 14-resumption-ssl
+
+[14-resumption-ssl]
+server = 14-resumption-server
+client = 14-resumption-client
+resume-server = 14-resumption-resume-server
+resume-client = 14-resumption-client
+
+[14-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[15-resumption]
+ssl_conf = 15-resumption-ssl
+
+[15-resumption-ssl]
+server = 15-resumption-server
+client = 15-resumption-client
+resume-server = 15-resumption-resume-server
+resume-client = 15-resumption-client
+
+[15-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[16-resumption]
+ssl_conf = 16-resumption-ssl
+
+[16-resumption-ssl]
+server = 16-resumption-server
+client = 16-resumption-client
+resume-server = 16-resumption-resume-server
+resume-client = 16-resumption-client
+
+[16-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[17-resumption]
+ssl_conf = 17-resumption-ssl
+
+[17-resumption-ssl]
+server = 17-resumption-server
+client = 17-resumption-client
+resume-server = 17-resumption-resume-server
+resume-client = 17-resumption-client
+
+[17-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[18-resumption]
+ssl_conf = 18-resumption-ssl
+
+[18-resumption-ssl]
+server = 18-resumption-server
+client = 18-resumption-client
+resume-server = 18-resumption-resume-server
+resume-client = 18-resumption-client
+
+[18-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[19-resumption]
+ssl_conf = 19-resumption-ssl
+
+[19-resumption-ssl]
+server = 19-resumption-server
+client = 19-resumption-client
+resume-server = 19-resumption-resume-server
+resume-client = 19-resumption-client
+
+[19-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[20-resumption]
+ssl_conf = 20-resumption-ssl
+
+[20-resumption-ssl]
+server = 20-resumption-server
+client = 20-resumption-client
+resume-server = 20-resumption-resume-server
+resume-client = 20-resumption-client
+
+[20-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[20-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[20-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-20]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[21-resumption]
+ssl_conf = 21-resumption-ssl
+
+[21-resumption-ssl]
+server = 21-resumption-server
+client = 21-resumption-client
+resume-server = 21-resumption-resume-server
+resume-client = 21-resumption-client
+
+[21-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[21-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[21-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-21]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[22-resumption]
+ssl_conf = 22-resumption-ssl
+
+[22-resumption-ssl]
+server = 22-resumption-server
+client = 22-resumption-client
+resume-server = 22-resumption-resume-server
+resume-client = 22-resumption-client
+
+[22-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[22-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[22-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-22]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[23-resumption]
+ssl_conf = 23-resumption-ssl
+
+[23-resumption-ssl]
+server = 23-resumption-server
+client = 23-resumption-client
+resume-server = 23-resumption-resume-server
+resume-client = 23-resumption-client
+
+[23-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[23-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[23-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-23]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[24-resumption]
+ssl_conf = 24-resumption-ssl
+
+[24-resumption-ssl]
+server = 24-resumption-server
+client = 24-resumption-client
+resume-server = 24-resumption-resume-server
+resume-client = 24-resumption-client
+
+[24-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[24-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[24-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-24]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[25-resumption]
+ssl_conf = 25-resumption-ssl
+
+[25-resumption-ssl]
+server = 25-resumption-server
+client = 25-resumption-client
+resume-server = 25-resumption-resume-server
+resume-client = 25-resumption-client
+
+[25-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[25-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[25-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-25]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[26-resumption]
+ssl_conf = 26-resumption-ssl
+
+[26-resumption-ssl]
+server = 26-resumption-server
+client = 26-resumption-client
+resume-server = 26-resumption-resume-server
+resume-client = 26-resumption-client
+
+[26-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[26-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[26-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-26]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[27-resumption]
+ssl_conf = 27-resumption-ssl
+
+[27-resumption-ssl]
+server = 27-resumption-server
+client = 27-resumption-client
+resume-server = 27-resumption-resume-server
+resume-client = 27-resumption-client
+
+[27-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[27-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[27-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-27]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[28-resumption]
+ssl_conf = 28-resumption-ssl
+
+[28-resumption-ssl]
+server = 28-resumption-server
+client = 28-resumption-client
+resume-server = 28-resumption-resume-server
+resume-client = 28-resumption-client
+
+[28-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[28-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[28-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-28]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[29-resumption]
+ssl_conf = 29-resumption-ssl
+
+[29-resumption-ssl]
+server = 29-resumption-server
+client = 29-resumption-client
+resume-server = 29-resumption-resume-server
+resume-client = 29-resumption-client
+
+[29-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[29-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[29-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-29]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[30-resumption]
+ssl_conf = 30-resumption-ssl
+
+[30-resumption-ssl]
+server = 30-resumption-server
+client = 30-resumption-client
+resume-server = 30-resumption-resume-server
+resume-client = 30-resumption-client
+
+[30-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[30-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[30-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-30]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[31-resumption]
+ssl_conf = 31-resumption-ssl
+
+[31-resumption-ssl]
+server = 31-resumption-server
+client = 31-resumption-client
+resume-server = 31-resumption-resume-server
+resume-client = 31-resumption-client
+
+[31-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[31-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[31-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-31]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[32-resumption]
+ssl_conf = 32-resumption-ssl
+
+[32-resumption-ssl]
+server = 32-resumption-server
+client = 32-resumption-client
+resume-server = 32-resumption-server
+resume-client = 32-resumption-resume-client
+
+[32-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[32-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[32-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-32]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[33-resumption]
+ssl_conf = 33-resumption-ssl
+
+[33-resumption-ssl]
+server = 33-resumption-server
+client = 33-resumption-client
+resume-server = 33-resumption-server
+resume-client = 33-resumption-resume-client
+
+[33-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[33-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[33-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-33]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[34-resumption]
+ssl_conf = 34-resumption-ssl
+
+[34-resumption-ssl]
+server = 34-resumption-server
+client = 34-resumption-client
+resume-server = 34-resumption-server
+resume-client = 34-resumption-resume-client
+
+[34-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[34-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[34-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-34]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[35-resumption]
+ssl_conf = 35-resumption-ssl
+
+[35-resumption-ssl]
+server = 35-resumption-server
+client = 35-resumption-client
+resume-server = 35-resumption-server
+resume-client = 35-resumption-resume-client
+
+[35-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[35-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[35-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-35]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[36-resumption]
+ssl_conf = 36-resumption-ssl
+
+[36-resumption-ssl]
+server = 36-resumption-server
+client = 36-resumption-client
+resume-server = 36-resumption-server
+resume-client = 36-resumption-resume-client
+
+[36-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[36-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[36-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-36]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[37-resumption]
+ssl_conf = 37-resumption-ssl
+
+[37-resumption-ssl]
+server = 37-resumption-server
+client = 37-resumption-client
+resume-server = 37-resumption-server
+resume-client = 37-resumption-resume-client
+
+[37-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[37-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[37-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-37]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[38-resumption]
+ssl_conf = 38-resumption-ssl
+
+[38-resumption-ssl]
+server = 38-resumption-server
+client = 38-resumption-client
+resume-server = 38-resumption-server
+resume-client = 38-resumption-resume-client
+
+[38-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[38-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[38-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-38]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[39-resumption]
+ssl_conf = 39-resumption-ssl
+
+[39-resumption-ssl]
+server = 39-resumption-server
+client = 39-resumption-client
+resume-server = 39-resumption-server
+resume-client = 39-resumption-resume-client
+
+[39-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[39-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+MinProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[39-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-39]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[40-resumption]
+ssl_conf = 40-resumption-ssl
+
+[40-resumption-ssl]
+server = 40-resumption-server
+client = 40-resumption-client
+resume-server = 40-resumption-server
+resume-client = 40-resumption-resume-client
+
+[40-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[40-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[40-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-40]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[41-resumption]
+ssl_conf = 41-resumption-ssl
+
+[41-resumption-ssl]
+server = 41-resumption-server
+client = 41-resumption-client
+resume-server = 41-resumption-server
+resume-client = 41-resumption-resume-client
+
+[41-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[41-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[41-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-41]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[42-resumption]
+ssl_conf = 42-resumption-ssl
+
+[42-resumption-ssl]
+server = 42-resumption-server
+client = 42-resumption-client
+resume-server = 42-resumption-server
+resume-client = 42-resumption-resume-client
+
+[42-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[42-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[42-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-42]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[43-resumption]
+ssl_conf = 43-resumption-ssl
+
+[43-resumption-ssl]
+server = 43-resumption-server
+client = 43-resumption-client
+resume-server = 43-resumption-server
+resume-client = 43-resumption-resume-client
+
+[43-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[43-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[43-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-43]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[44-resumption]
+ssl_conf = 44-resumption-ssl
+
+[44-resumption-ssl]
+server = 44-resumption-server
+client = 44-resumption-client
+resume-server = 44-resumption-server
+resume-client = 44-resumption-resume-client
+
+[44-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[44-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[44-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-44]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[45-resumption]
+ssl_conf = 45-resumption-ssl
+
+[45-resumption-ssl]
+server = 45-resumption-server
+client = 45-resumption-client
+resume-server = 45-resumption-server
+resume-client = 45-resumption-resume-client
+
+[45-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[45-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[45-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-45]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[46-resumption]
+ssl_conf = 46-resumption-ssl
+
+[46-resumption-ssl]
+server = 46-resumption-server
+client = 46-resumption-client
+resume-server = 46-resumption-server
+resume-client = 46-resumption-resume-client
+
+[46-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[46-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[46-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-46]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[47-resumption]
+ssl_conf = 47-resumption-ssl
+
+[47-resumption-ssl]
+server = 47-resumption-server
+client = 47-resumption-client
+resume-server = 47-resumption-server
+resume-client = 47-resumption-resume-client
+
+[47-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[47-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+MinProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[47-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-47]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[48-resumption]
+ssl_conf = 48-resumption-ssl
+
+[48-resumption-ssl]
+server = 48-resumption-server
+client = 48-resumption-client
+resume-server = 48-resumption-server
+resume-client = 48-resumption-resume-client
+
+[48-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[48-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[48-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-48]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[49-resumption]
+ssl_conf = 49-resumption-ssl
+
+[49-resumption-ssl]
+server = 49-resumption-server
+client = 49-resumption-client
+resume-server = 49-resumption-server
+resume-client = 49-resumption-resume-client
+
+[49-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[49-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[49-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-49]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[50-resumption]
+ssl_conf = 50-resumption-ssl
+
+[50-resumption-ssl]
+server = 50-resumption-server
+client = 50-resumption-client
+resume-server = 50-resumption-server
+resume-client = 50-resumption-resume-client
+
+[50-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[50-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[50-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-50]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[51-resumption]
+ssl_conf = 51-resumption-ssl
+
+[51-resumption-ssl]
+server = 51-resumption-server
+client = 51-resumption-client
+resume-server = 51-resumption-server
+resume-client = 51-resumption-resume-client
+
+[51-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[51-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[51-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-51]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[52-resumption]
+ssl_conf = 52-resumption-ssl
+
+[52-resumption-ssl]
+server = 52-resumption-server
+client = 52-resumption-client
+resume-server = 52-resumption-server
+resume-client = 52-resumption-resume-client
+
+[52-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[52-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[52-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-52]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[53-resumption]
+ssl_conf = 53-resumption-ssl
+
+[53-resumption-ssl]
+server = 53-resumption-server
+client = 53-resumption-client
+resume-server = 53-resumption-server
+resume-client = 53-resumption-resume-client
+
+[53-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[53-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[53-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-53]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[54-resumption]
+ssl_conf = 54-resumption-ssl
+
+[54-resumption-ssl]
+server = 54-resumption-server
+client = 54-resumption-client
+resume-server = 54-resumption-server
+resume-client = 54-resumption-resume-client
+
+[54-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[54-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[54-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-54]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[55-resumption]
+ssl_conf = 55-resumption-ssl
+
+[55-resumption-ssl]
+server = 55-resumption-server
+client = 55-resumption-client
+resume-server = 55-resumption-server
+resume-client = 55-resumption-resume-client
+
+[55-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[55-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[55-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-55]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[56-resumption]
+ssl_conf = 56-resumption-ssl
+
+[56-resumption-ssl]
+server = 56-resumption-server
+client = 56-resumption-client
+resume-server = 56-resumption-server
+resume-client = 56-resumption-resume-client
+
+[56-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[56-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[56-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-56]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[57-resumption]
+ssl_conf = 57-resumption-ssl
+
+[57-resumption-ssl]
+server = 57-resumption-server
+client = 57-resumption-client
+resume-server = 57-resumption-server
+resume-client = 57-resumption-resume-client
+
+[57-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[57-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[57-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-57]
+ExpectedProtocol = TLSv1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[58-resumption]
+ssl_conf = 58-resumption-ssl
+
+[58-resumption-ssl]
+server = 58-resumption-server
+client = 58-resumption-client
+resume-server = 58-resumption-server
+resume-client = 58-resumption-resume-client
+
+[58-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[58-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[58-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-58]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[59-resumption]
+ssl_conf = 59-resumption-ssl
+
+[59-resumption-ssl]
+server = 59-resumption-server
+client = 59-resumption-client
+resume-server = 59-resumption-server
+resume-client = 59-resumption-resume-client
+
+[59-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[59-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[59-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-59]
+ExpectedProtocol = TLSv1.1
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[60-resumption]
+ssl_conf = 60-resumption-ssl
+
+[60-resumption-ssl]
+server = 60-resumption-server
+client = 60-resumption-client
+resume-server = 60-resumption-server
+resume-client = 60-resumption-resume-client
+
+[60-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[60-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[60-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-60]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[61-resumption]
+ssl_conf = 61-resumption-ssl
+
+[61-resumption-ssl]
+server = 61-resumption-server
+client = 61-resumption-client
+resume-server = 61-resumption-server
+resume-client = 61-resumption-resume-client
+
+[61-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[61-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[61-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-61]
+ExpectedProtocol = TLSv1.2
+HandshakeMode = Resume
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[62-resumption]
+ssl_conf = 62-resumption-ssl
+
+[62-resumption-ssl]
+server = 62-resumption-server
+client = 62-resumption-client
+resume-server = 62-resumption-server
+resume-client = 62-resumption-resume-client
+
+[62-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[62-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[62-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-62]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[63-resumption]
+ssl_conf = 63-resumption-ssl
+
+[63-resumption-ssl]
+server = 63-resumption-server
+client = 63-resumption-client
+resume-server = 63-resumption-server
+resume-client = 63-resumption-resume-client
+
+[63-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[63-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[63-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-63]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[64-resumption-with-hrr]
+ssl_conf = 64-resumption-with-hrr-ssl
+
+[64-resumption-with-hrr-ssl]
+server = 64-resumption-with-hrr-server
+client = 64-resumption-with-hrr-client
+resume-server = 64-resumption-with-hrr-server
+resume-client = 64-resumption-with-hrr-resume-client
+
+[64-resumption-with-hrr-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = P-256
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[64-resumption-with-hrr-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[64-resumption-with-hrr-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-64]
+ExpectedProtocol = TLSv1.3
+HandshakeMode = Resume
+Method = TLS
+ResumptionExpected = Yes
+
+
diff --git a/test/ssl-tests/10-resumption.cnf.in b/test/ssl-tests/10-resumption.cnf.in

new file mode 100644 (file)

index 0000000..39c6939
--- /dev/null
+++ b/test/ssl-tests/10-resumption.cnf.in
@@ -0,0 +1,19 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test version negotiation upon resumption.
+
+use strict;
+use warnings;
+
+package ssltests;
+
+use protocol_version;
+
+our @tests = generate_resumption_tests("TLS");
diff --git a/test/ssl-tests/10-resumption.conf b/test/ssl-tests/10-resumption.conf

deleted file mode 100644 (file)

index 73de974..0000000
--- a/test/ssl-tests/10-resumption.conf
+++ /dev/null
@@ -1,2439 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 65
-
-test-0 = 0-resumption
-test-1 = 1-resumption
-test-2 = 2-resumption
-test-3 = 3-resumption
-test-4 = 4-resumption
-test-5 = 5-resumption
-test-6 = 6-resumption
-test-7 = 7-resumption
-test-8 = 8-resumption
-test-9 = 9-resumption
-test-10 = 10-resumption
-test-11 = 11-resumption
-test-12 = 12-resumption
-test-13 = 13-resumption
-test-14 = 14-resumption
-test-15 = 15-resumption
-test-16 = 16-resumption
-test-17 = 17-resumption
-test-18 = 18-resumption
-test-19 = 19-resumption
-test-20 = 20-resumption
-test-21 = 21-resumption
-test-22 = 22-resumption
-test-23 = 23-resumption
-test-24 = 24-resumption
-test-25 = 25-resumption
-test-26 = 26-resumption
-test-27 = 27-resumption
-test-28 = 28-resumption
-test-29 = 29-resumption
-test-30 = 30-resumption
-test-31 = 31-resumption
-test-32 = 32-resumption
-test-33 = 33-resumption
-test-34 = 34-resumption
-test-35 = 35-resumption
-test-36 = 36-resumption
-test-37 = 37-resumption
-test-38 = 38-resumption
-test-39 = 39-resumption
-test-40 = 40-resumption
-test-41 = 41-resumption
-test-42 = 42-resumption
-test-43 = 43-resumption
-test-44 = 44-resumption
-test-45 = 45-resumption
-test-46 = 46-resumption
-test-47 = 47-resumption
-test-48 = 48-resumption
-test-49 = 49-resumption
-test-50 = 50-resumption
-test-51 = 51-resumption
-test-52 = 52-resumption
-test-53 = 53-resumption
-test-54 = 54-resumption
-test-55 = 55-resumption
-test-56 = 56-resumption
-test-57 = 57-resumption
-test-58 = 58-resumption
-test-59 = 59-resumption
-test-60 = 60-resumption
-test-61 = 61-resumption
-test-62 = 62-resumption
-test-63 = 63-resumption
-test-64 = 64-resumption-with-hrr
-# ===========================================================
-
-[0-resumption]
-ssl_conf = 0-resumption-ssl
-
-[0-resumption-ssl]
-server = 0-resumption-server
-client = 0-resumption-client
-resume-server = 0-resumption-resume-server
-resume-client = 0-resumption-client
-
-[0-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedProtocol = TLSv1
-HandshakeMode = Resume
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[1-resumption]
-ssl_conf = 1-resumption-ssl
-
-[1-resumption-ssl]
-server = 1-resumption-server
-client = 1-resumption-client
-resume-server = 1-resumption-resume-server
-resume-client = 1-resumption-client
-
-[1-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedProtocol = TLSv1
-HandshakeMode = Resume
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[2-resumption]
-ssl_conf = 2-resumption-ssl
-
-[2-resumption-ssl]
-server = 2-resumption-server
-client = 2-resumption-client
-resume-server = 2-resumption-resume-server
-resume-client = 2-resumption-client
-
-[2-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedProtocol = TLSv1.1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[3-resumption]
-ssl_conf = 3-resumption-ssl
-
-[3-resumption-ssl]
-server = 3-resumption-server
-client = 3-resumption-client
-resume-server = 3-resumption-resume-server
-resume-client = 3-resumption-client
-
-[3-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedProtocol = TLSv1.1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[4-resumption]
-ssl_conf = 4-resumption-ssl
-
-[4-resumption-ssl]
-server = 4-resumption-server
-client = 4-resumption-client
-resume-server = 4-resumption-resume-server
-resume-client = 4-resumption-client
-
-[4-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedProtocol = TLSv1.2
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[5-resumption]
-ssl_conf = 5-resumption-ssl
-
-[5-resumption-ssl]
-server = 5-resumption-server
-client = 5-resumption-client
-resume-server = 5-resumption-resume-server
-resume-client = 5-resumption-client
-
-[5-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedProtocol = TLSv1.2
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[6-resumption]
-ssl_conf = 6-resumption-ssl
-
-[6-resumption-ssl]
-server = 6-resumption-server
-client = 6-resumption-client
-resume-server = 6-resumption-resume-server
-resume-client = 6-resumption-client
-
-[6-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[7-resumption]
-ssl_conf = 7-resumption-ssl
-
-[7-resumption-ssl]
-server = 7-resumption-server
-client = 7-resumption-client
-resume-server = 7-resumption-resume-server
-resume-client = 7-resumption-client
-
-[7-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[8-resumption]
-ssl_conf = 8-resumption-ssl
-
-[8-resumption-ssl]
-server = 8-resumption-server
-client = 8-resumption-client
-resume-server = 8-resumption-resume-server
-resume-client = 8-resumption-client
-
-[8-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-8]
-ExpectedProtocol = TLSv1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[9-resumption]
-ssl_conf = 9-resumption-ssl
-
-[9-resumption-ssl]
-server = 9-resumption-server
-client = 9-resumption-client
-resume-server = 9-resumption-resume-server
-resume-client = 9-resumption-client
-
-[9-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[9-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[9-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-9]
-ExpectedProtocol = TLSv1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[10-resumption]
-ssl_conf = 10-resumption-ssl
-
-[10-resumption-ssl]
-server = 10-resumption-server
-client = 10-resumption-client
-resume-server = 10-resumption-resume-server
-resume-client = 10-resumption-client
-
-[10-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[10-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[10-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-10]
-ExpectedProtocol = TLSv1.1
-HandshakeMode = Resume
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[11-resumption]
-ssl_conf = 11-resumption-ssl
-
-[11-resumption-ssl]
-server = 11-resumption-server
-client = 11-resumption-client
-resume-server = 11-resumption-resume-server
-resume-client = 11-resumption-client
-
-[11-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[11-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[11-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-11]
-ExpectedProtocol = TLSv1.1
-HandshakeMode = Resume
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[12-resumption]
-ssl_conf = 12-resumption-ssl
-
-[12-resumption-ssl]
-server = 12-resumption-server
-client = 12-resumption-client
-resume-server = 12-resumption-resume-server
-resume-client = 12-resumption-client
-
-[12-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[12-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[12-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-12]
-ExpectedProtocol = TLSv1.2
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[13-resumption]
-ssl_conf = 13-resumption-ssl
-
-[13-resumption-ssl]
-server = 13-resumption-server
-client = 13-resumption-client
-resume-server = 13-resumption-resume-server
-resume-client = 13-resumption-client
-
-[13-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[13-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[13-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-13]
-ExpectedProtocol = TLSv1.2
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[14-resumption]
-ssl_conf = 14-resumption-ssl
-
-[14-resumption-ssl]
-server = 14-resumption-server
-client = 14-resumption-client
-resume-server = 14-resumption-resume-server
-resume-client = 14-resumption-client
-
-[14-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[14-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[14-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-14]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[15-resumption]
-ssl_conf = 15-resumption-ssl
-
-[15-resumption-ssl]
-server = 15-resumption-server
-client = 15-resumption-client
-resume-server = 15-resumption-resume-server
-resume-client = 15-resumption-client
-
-[15-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[15-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[15-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-15]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[16-resumption]
-ssl_conf = 16-resumption-ssl
-
-[16-resumption-ssl]
-server = 16-resumption-server
-client = 16-resumption-client
-resume-server = 16-resumption-resume-server
-resume-client = 16-resumption-client
-
-[16-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[16-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[16-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-16]
-ExpectedProtocol = TLSv1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[17-resumption]
-ssl_conf = 17-resumption-ssl
-
-[17-resumption-ssl]
-server = 17-resumption-server
-client = 17-resumption-client
-resume-server = 17-resumption-resume-server
-resume-client = 17-resumption-client
-
-[17-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[17-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[17-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-17]
-ExpectedProtocol = TLSv1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[18-resumption]
-ssl_conf = 18-resumption-ssl
-
-[18-resumption-ssl]
-server = 18-resumption-server
-client = 18-resumption-client
-resume-server = 18-resumption-resume-server
-resume-client = 18-resumption-client
-
-[18-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[18-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[18-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-18]
-ExpectedProtocol = TLSv1.1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[19-resumption]
-ssl_conf = 19-resumption-ssl
-
-[19-resumption-ssl]
-server = 19-resumption-server
-client = 19-resumption-client
-resume-server = 19-resumption-resume-server
-resume-client = 19-resumption-client
-
-[19-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[19-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[19-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-19]
-ExpectedProtocol = TLSv1.1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[20-resumption]
-ssl_conf = 20-resumption-ssl
-
-[20-resumption-ssl]
-server = 20-resumption-server
-client = 20-resumption-client
-resume-server = 20-resumption-resume-server
-resume-client = 20-resumption-client
-
-[20-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[20-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[20-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-20]
-ExpectedProtocol = TLSv1.2
-HandshakeMode = Resume
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[21-resumption]
-ssl_conf = 21-resumption-ssl
-
-[21-resumption-ssl]
-server = 21-resumption-server
-client = 21-resumption-client
-resume-server = 21-resumption-resume-server
-resume-client = 21-resumption-client
-
-[21-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[21-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[21-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-21]
-ExpectedProtocol = TLSv1.2
-HandshakeMode = Resume
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[22-resumption]
-ssl_conf = 22-resumption-ssl
-
-[22-resumption-ssl]
-server = 22-resumption-server
-client = 22-resumption-client
-resume-server = 22-resumption-resume-server
-resume-client = 22-resumption-client
-
-[22-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[22-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[22-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-22]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[23-resumption]
-ssl_conf = 23-resumption-ssl
-
-[23-resumption-ssl]
-server = 23-resumption-server
-client = 23-resumption-client
-resume-server = 23-resumption-resume-server
-resume-client = 23-resumption-client
-
-[23-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[23-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[23-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-23]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[24-resumption]
-ssl_conf = 24-resumption-ssl
-
-[24-resumption-ssl]
-server = 24-resumption-server
-client = 24-resumption-client
-resume-server = 24-resumption-resume-server
-resume-client = 24-resumption-client
-
-[24-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[24-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[24-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-24]
-ExpectedProtocol = TLSv1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[25-resumption]
-ssl_conf = 25-resumption-ssl
-
-[25-resumption-ssl]
-server = 25-resumption-server
-client = 25-resumption-client
-resume-server = 25-resumption-resume-server
-resume-client = 25-resumption-client
-
-[25-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[25-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[25-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-25]
-ExpectedProtocol = TLSv1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[26-resumption]
-ssl_conf = 26-resumption-ssl
-
-[26-resumption-ssl]
-server = 26-resumption-server
-client = 26-resumption-client
-resume-server = 26-resumption-resume-server
-resume-client = 26-resumption-client
-
-[26-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[26-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[26-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-26]
-ExpectedProtocol = TLSv1.1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[27-resumption]
-ssl_conf = 27-resumption-ssl
-
-[27-resumption-ssl]
-server = 27-resumption-server
-client = 27-resumption-client
-resume-server = 27-resumption-resume-server
-resume-client = 27-resumption-client
-
-[27-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[27-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[27-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-27]
-ExpectedProtocol = TLSv1.1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[28-resumption]
-ssl_conf = 28-resumption-ssl
-
-[28-resumption-ssl]
-server = 28-resumption-server
-client = 28-resumption-client
-resume-server = 28-resumption-resume-server
-resume-client = 28-resumption-client
-
-[28-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[28-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[28-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-28]
-ExpectedProtocol = TLSv1.2
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[29-resumption]
-ssl_conf = 29-resumption-ssl
-
-[29-resumption-ssl]
-server = 29-resumption-server
-client = 29-resumption-client
-resume-server = 29-resumption-resume-server
-resume-client = 29-resumption-client
-
-[29-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[29-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[29-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-29]
-ExpectedProtocol = TLSv1.2
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[30-resumption]
-ssl_conf = 30-resumption-ssl
-
-[30-resumption-ssl]
-server = 30-resumption-server
-client = 30-resumption-client
-resume-server = 30-resumption-resume-server
-resume-client = 30-resumption-client
-
-[30-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[30-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[30-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-30]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[31-resumption]
-ssl_conf = 31-resumption-ssl
-
-[31-resumption-ssl]
-server = 31-resumption-server
-client = 31-resumption-client
-resume-server = 31-resumption-resume-server
-resume-client = 31-resumption-client
-
-[31-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[31-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[31-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-31]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[32-resumption]
-ssl_conf = 32-resumption-ssl
-
-[32-resumption-ssl]
-server = 32-resumption-server
-client = 32-resumption-client
-resume-server = 32-resumption-server
-resume-client = 32-resumption-resume-client
-
-[32-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[32-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[32-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-32]
-ExpectedProtocol = TLSv1
-HandshakeMode = Resume
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[33-resumption]
-ssl_conf = 33-resumption-ssl
-
-[33-resumption-ssl]
-server = 33-resumption-server
-client = 33-resumption-client
-resume-server = 33-resumption-server
-resume-client = 33-resumption-resume-client
-
-[33-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[33-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[33-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-33]
-ExpectedProtocol = TLSv1
-HandshakeMode = Resume
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[34-resumption]
-ssl_conf = 34-resumption-ssl
-
-[34-resumption-ssl]
-server = 34-resumption-server
-client = 34-resumption-client
-resume-server = 34-resumption-server
-resume-client = 34-resumption-resume-client
-
-[34-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[34-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[34-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-34]
-ExpectedProtocol = TLSv1.1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[35-resumption]
-ssl_conf = 35-resumption-ssl
-
-[35-resumption-ssl]
-server = 35-resumption-server
-client = 35-resumption-client
-resume-server = 35-resumption-server
-resume-client = 35-resumption-resume-client
-
-[35-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[35-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[35-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-35]
-ExpectedProtocol = TLSv1.1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[36-resumption]
-ssl_conf = 36-resumption-ssl
-
-[36-resumption-ssl]
-server = 36-resumption-server
-client = 36-resumption-client
-resume-server = 36-resumption-server
-resume-client = 36-resumption-resume-client
-
-[36-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[36-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[36-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-36]
-ExpectedProtocol = TLSv1.2
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[37-resumption]
-ssl_conf = 37-resumption-ssl
-
-[37-resumption-ssl]
-server = 37-resumption-server
-client = 37-resumption-client
-resume-server = 37-resumption-server
-resume-client = 37-resumption-resume-client
-
-[37-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[37-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[37-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-37]
-ExpectedProtocol = TLSv1.2
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[38-resumption]
-ssl_conf = 38-resumption-ssl
-
-[38-resumption-ssl]
-server = 38-resumption-server
-client = 38-resumption-client
-resume-server = 38-resumption-server
-resume-client = 38-resumption-resume-client
-
-[38-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[38-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[38-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-38]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[39-resumption]
-ssl_conf = 39-resumption-ssl
-
-[39-resumption-ssl]
-server = 39-resumption-server
-client = 39-resumption-client
-resume-server = 39-resumption-server
-resume-client = 39-resumption-resume-client
-
-[39-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[39-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-MinProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[39-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-39]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[40-resumption]
-ssl_conf = 40-resumption-ssl
-
-[40-resumption-ssl]
-server = 40-resumption-server
-client = 40-resumption-client
-resume-server = 40-resumption-server
-resume-client = 40-resumption-resume-client
-
-[40-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[40-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[40-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-40]
-ExpectedProtocol = TLSv1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[41-resumption]
-ssl_conf = 41-resumption-ssl
-
-[41-resumption-ssl]
-server = 41-resumption-server
-client = 41-resumption-client
-resume-server = 41-resumption-server
-resume-client = 41-resumption-resume-client
-
-[41-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[41-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[41-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-41]
-ExpectedProtocol = TLSv1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[42-resumption]
-ssl_conf = 42-resumption-ssl
-
-[42-resumption-ssl]
-server = 42-resumption-server
-client = 42-resumption-client
-resume-server = 42-resumption-server
-resume-client = 42-resumption-resume-client
-
-[42-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[42-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[42-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-42]
-ExpectedProtocol = TLSv1.1
-HandshakeMode = Resume
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[43-resumption]
-ssl_conf = 43-resumption-ssl
-
-[43-resumption-ssl]
-server = 43-resumption-server
-client = 43-resumption-client
-resume-server = 43-resumption-server
-resume-client = 43-resumption-resume-client
-
-[43-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[43-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[43-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-43]
-ExpectedProtocol = TLSv1.1
-HandshakeMode = Resume
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[44-resumption]
-ssl_conf = 44-resumption-ssl
-
-[44-resumption-ssl]
-server = 44-resumption-server
-client = 44-resumption-client
-resume-server = 44-resumption-server
-resume-client = 44-resumption-resume-client
-
-[44-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[44-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[44-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-44]
-ExpectedProtocol = TLSv1.2
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[45-resumption]
-ssl_conf = 45-resumption-ssl
-
-[45-resumption-ssl]
-server = 45-resumption-server
-client = 45-resumption-client
-resume-server = 45-resumption-server
-resume-client = 45-resumption-resume-client
-
-[45-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[45-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[45-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-45]
-ExpectedProtocol = TLSv1.2
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[46-resumption]
-ssl_conf = 46-resumption-ssl
-
-[46-resumption-ssl]
-server = 46-resumption-server
-client = 46-resumption-client
-resume-server = 46-resumption-server
-resume-client = 46-resumption-resume-client
-
-[46-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[46-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[46-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-46]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[47-resumption]
-ssl_conf = 47-resumption-ssl
-
-[47-resumption-ssl]
-server = 47-resumption-server
-client = 47-resumption-client
-resume-server = 47-resumption-server
-resume-client = 47-resumption-resume-client
-
-[47-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[47-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-MinProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[47-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-47]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[48-resumption]
-ssl_conf = 48-resumption-ssl
-
-[48-resumption-ssl]
-server = 48-resumption-server
-client = 48-resumption-client
-resume-server = 48-resumption-server
-resume-client = 48-resumption-resume-client
-
-[48-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[48-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[48-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-48]
-ExpectedProtocol = TLSv1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[49-resumption]
-ssl_conf = 49-resumption-ssl
-
-[49-resumption-ssl]
-server = 49-resumption-server
-client = 49-resumption-client
-resume-server = 49-resumption-server
-resume-client = 49-resumption-resume-client
-
-[49-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[49-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[49-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-49]
-ExpectedProtocol = TLSv1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[50-resumption]
-ssl_conf = 50-resumption-ssl
-
-[50-resumption-ssl]
-server = 50-resumption-server
-client = 50-resumption-client
-resume-server = 50-resumption-server
-resume-client = 50-resumption-resume-client
-
-[50-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[50-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[50-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-50]
-ExpectedProtocol = TLSv1.1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[51-resumption]
-ssl_conf = 51-resumption-ssl
-
-[51-resumption-ssl]
-server = 51-resumption-server
-client = 51-resumption-client
-resume-server = 51-resumption-server
-resume-client = 51-resumption-resume-client
-
-[51-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[51-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[51-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-51]
-ExpectedProtocol = TLSv1.1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[52-resumption]
-ssl_conf = 52-resumption-ssl
-
-[52-resumption-ssl]
-server = 52-resumption-server
-client = 52-resumption-client
-resume-server = 52-resumption-server
-resume-client = 52-resumption-resume-client
-
-[52-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[52-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[52-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-52]
-ExpectedProtocol = TLSv1.2
-HandshakeMode = Resume
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[53-resumption]
-ssl_conf = 53-resumption-ssl
-
-[53-resumption-ssl]
-server = 53-resumption-server
-client = 53-resumption-client
-resume-server = 53-resumption-server
-resume-client = 53-resumption-resume-client
-
-[53-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[53-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[53-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-53]
-ExpectedProtocol = TLSv1.2
-HandshakeMode = Resume
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[54-resumption]
-ssl_conf = 54-resumption-ssl
-
-[54-resumption-ssl]
-server = 54-resumption-server
-client = 54-resumption-client
-resume-server = 54-resumption-server
-resume-client = 54-resumption-resume-client
-
-[54-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[54-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[54-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-54]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[55-resumption]
-ssl_conf = 55-resumption-ssl
-
-[55-resumption-ssl]
-server = 55-resumption-server
-client = 55-resumption-client
-resume-server = 55-resumption-server
-resume-client = 55-resumption-resume-client
-
-[55-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[55-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[55-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-55]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[56-resumption]
-ssl_conf = 56-resumption-ssl
-
-[56-resumption-ssl]
-server = 56-resumption-server
-client = 56-resumption-client
-resume-server = 56-resumption-server
-resume-client = 56-resumption-resume-client
-
-[56-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[56-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[56-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-56]
-ExpectedProtocol = TLSv1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[57-resumption]
-ssl_conf = 57-resumption-ssl
-
-[57-resumption-ssl]
-server = 57-resumption-server
-client = 57-resumption-client
-resume-server = 57-resumption-server
-resume-client = 57-resumption-resume-client
-
-[57-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[57-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[57-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-57]
-ExpectedProtocol = TLSv1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[58-resumption]
-ssl_conf = 58-resumption-ssl
-
-[58-resumption-ssl]
-server = 58-resumption-server
-client = 58-resumption-client
-resume-server = 58-resumption-server
-resume-client = 58-resumption-resume-client
-
-[58-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[58-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[58-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-58]
-ExpectedProtocol = TLSv1.1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[59-resumption]
-ssl_conf = 59-resumption-ssl
-
-[59-resumption-ssl]
-server = 59-resumption-server
-client = 59-resumption-client
-resume-server = 59-resumption-server
-resume-client = 59-resumption-resume-client
-
-[59-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[59-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[59-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-59]
-ExpectedProtocol = TLSv1.1
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[60-resumption]
-ssl_conf = 60-resumption-ssl
-
-[60-resumption-ssl]
-server = 60-resumption-server
-client = 60-resumption-client
-resume-server = 60-resumption-server
-resume-client = 60-resumption-resume-client
-
-[60-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[60-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[60-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-60]
-ExpectedProtocol = TLSv1.2
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[61-resumption]
-ssl_conf = 61-resumption-ssl
-
-[61-resumption-ssl]
-server = 61-resumption-server
-client = 61-resumption-client
-resume-server = 61-resumption-server
-resume-client = 61-resumption-resume-client
-
-[61-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[61-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[61-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-61]
-ExpectedProtocol = TLSv1.2
-HandshakeMode = Resume
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[62-resumption]
-ssl_conf = 62-resumption-ssl
-
-[62-resumption-ssl]
-server = 62-resumption-server
-client = 62-resumption-client
-resume-server = 62-resumption-server
-resume-client = 62-resumption-resume-client
-
-[62-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[62-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[62-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-62]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[63-resumption]
-ssl_conf = 63-resumption-ssl
-
-[63-resumption-ssl]
-server = 63-resumption-server
-client = 63-resumption-client
-resume-server = 63-resumption-server
-resume-client = 63-resumption-resume-client
-
-[63-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[63-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[63-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-63]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[64-resumption-with-hrr]
-ssl_conf = 64-resumption-with-hrr-ssl
-
-[64-resumption-with-hrr-ssl]
-server = 64-resumption-with-hrr-server
-client = 64-resumption-with-hrr-client
-resume-server = 64-resumption-with-hrr-server
-resume-client = 64-resumption-with-hrr-resume-client
-
-[64-resumption-with-hrr-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = P-256
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[64-resumption-with-hrr-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[64-resumption-with-hrr-resume-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-64]
-ExpectedProtocol = TLSv1.3
-HandshakeMode = Resume
-Method = TLS
-ResumptionExpected = Yes
-
-
diff --git a/test/ssl-tests/10-resumption.conf.in b/test/ssl-tests/10-resumption.conf.in

deleted file mode 100644 (file)

index 39c6939..0000000
--- a/test/ssl-tests/10-resumption.conf.in
+++ /dev/null
@@ -1,19 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test version negotiation upon resumption.
-
-use strict;
-use warnings;
-
-package ssltests;
-
-use protocol_version;
-
-our @tests = generate_resumption_tests("TLS");
diff --git a/test/ssl-tests/11-dtls_resumption.cnf b/test/ssl-tests/11-dtls_resumption.cnf

new file mode 100644 (file)

index 0000000..a981fa5
--- /dev/null
+++ b/test/ssl-tests/11-dtls_resumption.cnf
@@ -0,0 +1,620 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 16
+
+test-0 = 0-resumption
+test-1 = 1-resumption
+test-2 = 2-resumption
+test-3 = 3-resumption
+test-4 = 4-resumption
+test-5 = 5-resumption
+test-6 = 6-resumption
+test-7 = 7-resumption
+test-8 = 8-resumption
+test-9 = 9-resumption
+test-10 = 10-resumption
+test-11 = 11-resumption
+test-12 = 12-resumption
+test-13 = 13-resumption
+test-14 = 14-resumption
+test-15 = 15-resumption
+# ===========================================================
+
+[0-resumption]
+ssl_conf = 0-resumption-ssl
+
+[0-resumption-ssl]
+server = 0-resumption-server
+client = 0-resumption-client
+resume-server = 0-resumption-resume-server
+resume-client = 0-resumption-client
+
+[0-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedProtocol = DTLSv1
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[1-resumption]
+ssl_conf = 1-resumption-ssl
+
+[1-resumption-ssl]
+server = 1-resumption-server
+client = 1-resumption-client
+resume-server = 1-resumption-resume-server
+resume-client = 1-resumption-client
+
+[1-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedProtocol = DTLSv1
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[2-resumption]
+ssl_conf = 2-resumption-ssl
+
+[2-resumption-ssl]
+server = 2-resumption-server
+client = 2-resumption-client
+resume-server = 2-resumption-resume-server
+resume-client = 2-resumption-client
+
+[2-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedProtocol = DTLSv1.2
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[3-resumption]
+ssl_conf = 3-resumption-ssl
+
+[3-resumption-ssl]
+server = 3-resumption-server
+client = 3-resumption-client
+resume-server = 3-resumption-resume-server
+resume-client = 3-resumption-client
+
+[3-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedProtocol = DTLSv1.2
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[4-resumption]
+ssl_conf = 4-resumption-ssl
+
+[4-resumption-ssl]
+server = 4-resumption-server
+client = 4-resumption-client
+resume-server = 4-resumption-resume-server
+resume-client = 4-resumption-client
+
+[4-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedProtocol = DTLSv1
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[5-resumption]
+ssl_conf = 5-resumption-ssl
+
+[5-resumption-ssl]
+server = 5-resumption-server
+client = 5-resumption-client
+resume-server = 5-resumption-resume-server
+resume-client = 5-resumption-client
+
+[5-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedProtocol = DTLSv1
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[6-resumption]
+ssl_conf = 6-resumption-ssl
+
+[6-resumption-ssl]
+server = 6-resumption-server
+client = 6-resumption-client
+resume-server = 6-resumption-resume-server
+resume-client = 6-resumption-client
+
+[6-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedProtocol = DTLSv1.2
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[7-resumption]
+ssl_conf = 7-resumption-ssl
+
+[7-resumption-ssl]
+server = 7-resumption-server
+client = 7-resumption-client
+resume-server = 7-resumption-resume-server
+resume-client = 7-resumption-client
+
+[7-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-resumption-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedProtocol = DTLSv1.2
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[8-resumption]
+ssl_conf = 8-resumption-ssl
+
+[8-resumption-ssl]
+server = 8-resumption-server
+client = 8-resumption-client
+resume-server = 8-resumption-server
+resume-client = 8-resumption-resume-client
+
+[8-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[8-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedProtocol = DTLSv1
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[9-resumption]
+ssl_conf = 9-resumption-ssl
+
+[9-resumption-ssl]
+server = 9-resumption-server
+client = 9-resumption-client
+resume-server = 9-resumption-server
+resume-client = 9-resumption-resume-client
+
+[9-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[9-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedProtocol = DTLSv1
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[10-resumption]
+ssl_conf = 10-resumption-ssl
+
+[10-resumption-ssl]
+server = 10-resumption-server
+client = 10-resumption-client
+resume-server = 10-resumption-server
+resume-client = 10-resumption-resume-client
+
+[10-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[10-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedProtocol = DTLSv1.2
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[11-resumption]
+ssl_conf = 11-resumption-ssl
+
+[11-resumption-ssl]
+server = 11-resumption-server
+client = 11-resumption-client
+resume-server = 11-resumption-server
+resume-client = 11-resumption-resume-client
+
+[11-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+MinProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[11-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedProtocol = DTLSv1.2
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[12-resumption]
+ssl_conf = 12-resumption-ssl
+
+[12-resumption-ssl]
+server = 12-resumption-server
+client = 12-resumption-client
+resume-server = 12-resumption-server
+resume-client = 12-resumption-resume-client
+
+[12-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[12-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedProtocol = DTLSv1
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[13-resumption]
+ssl_conf = 13-resumption-ssl
+
+[13-resumption-ssl]
+server = 13-resumption-server
+client = 13-resumption-client
+resume-server = 13-resumption-server
+resume-client = 13-resumption-resume-client
+
+[13-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[13-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedProtocol = DTLSv1
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[14-resumption]
+ssl_conf = 14-resumption-ssl
+
+[14-resumption-ssl]
+server = 14-resumption-server
+client = 14-resumption-client
+resume-server = 14-resumption-server
+resume-client = 14-resumption-resume-client
+
+[14-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[14-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedProtocol = DTLSv1.2
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[15-resumption]
+ssl_conf = 15-resumption-ssl
+
+[15-resumption-ssl]
+server = 15-resumption-server
+client = 15-resumption-client
+resume-server = 15-resumption-server
+resume-client = 15-resumption-resume-client
+
+[15-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-resumption-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+MinProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[15-resumption-resume-client]
+CipherString = DEFAULT
+MaxProtocol = DTLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedProtocol = DTLSv1.2
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+
+
diff --git a/test/ssl-tests/11-dtls_resumption.cnf.in b/test/ssl-tests/11-dtls_resumption.cnf.in

new file mode 100644 (file)

index 0000000..9f600e6
--- /dev/null
+++ b/test/ssl-tests/11-dtls_resumption.cnf.in
@@ -0,0 +1,19 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test version negotiation upon resumption.
+
+use strict;
+use warnings;
+
+package ssltests;
+
+use protocol_version;
+
+our @tests = generate_resumption_tests("DTLS");
diff --git a/test/ssl-tests/11-dtls_resumption.conf b/test/ssl-tests/11-dtls_resumption.conf

deleted file mode 100644 (file)

index a981fa5..0000000
--- a/test/ssl-tests/11-dtls_resumption.conf
+++ /dev/null
@@ -1,620 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 16
-
-test-0 = 0-resumption
-test-1 = 1-resumption
-test-2 = 2-resumption
-test-3 = 3-resumption
-test-4 = 4-resumption
-test-5 = 5-resumption
-test-6 = 6-resumption
-test-7 = 7-resumption
-test-8 = 8-resumption
-test-9 = 9-resumption
-test-10 = 10-resumption
-test-11 = 11-resumption
-test-12 = 12-resumption
-test-13 = 13-resumption
-test-14 = 14-resumption
-test-15 = 15-resumption
-# ===========================================================
-
-[0-resumption]
-ssl_conf = 0-resumption-ssl
-
-[0-resumption-ssl]
-server = 0-resumption-server
-client = 0-resumption-client
-resume-server = 0-resumption-resume-server
-resume-client = 0-resumption-client
-
-[0-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedProtocol = DTLSv1
-HandshakeMode = Resume
-Method = DTLS
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[1-resumption]
-ssl_conf = 1-resumption-ssl
-
-[1-resumption-ssl]
-server = 1-resumption-server
-client = 1-resumption-client
-resume-server = 1-resumption-resume-server
-resume-client = 1-resumption-client
-
-[1-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedProtocol = DTLSv1
-HandshakeMode = Resume
-Method = DTLS
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[2-resumption]
-ssl_conf = 2-resumption-ssl
-
-[2-resumption-ssl]
-server = 2-resumption-server
-client = 2-resumption-client
-resume-server = 2-resumption-resume-server
-resume-client = 2-resumption-client
-
-[2-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedProtocol = DTLSv1.2
-HandshakeMode = Resume
-Method = DTLS
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[3-resumption]
-ssl_conf = 3-resumption-ssl
-
-[3-resumption-ssl]
-server = 3-resumption-server
-client = 3-resumption-client
-resume-server = 3-resumption-resume-server
-resume-client = 3-resumption-client
-
-[3-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedProtocol = DTLSv1.2
-HandshakeMode = Resume
-Method = DTLS
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[4-resumption]
-ssl_conf = 4-resumption-ssl
-
-[4-resumption-ssl]
-server = 4-resumption-server
-client = 4-resumption-client
-resume-server = 4-resumption-resume-server
-resume-client = 4-resumption-client
-
-[4-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedProtocol = DTLSv1
-HandshakeMode = Resume
-Method = DTLS
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[5-resumption]
-ssl_conf = 5-resumption-ssl
-
-[5-resumption-ssl]
-server = 5-resumption-server
-client = 5-resumption-client
-resume-server = 5-resumption-resume-server
-resume-client = 5-resumption-client
-
-[5-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedProtocol = DTLSv1
-HandshakeMode = Resume
-Method = DTLS
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[6-resumption]
-ssl_conf = 6-resumption-ssl
-
-[6-resumption-ssl]
-server = 6-resumption-server
-client = 6-resumption-client
-resume-server = 6-resumption-resume-server
-resume-client = 6-resumption-client
-
-[6-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ExpectedProtocol = DTLSv1.2
-HandshakeMode = Resume
-Method = DTLS
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[7-resumption]
-ssl_conf = 7-resumption-ssl
-
-[7-resumption-ssl]
-server = 7-resumption-server
-client = 7-resumption-client
-resume-server = 7-resumption-resume-server
-resume-client = 7-resumption-client
-
-[7-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-resumption-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-ExpectedProtocol = DTLSv1.2
-HandshakeMode = Resume
-Method = DTLS
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[8-resumption]
-ssl_conf = 8-resumption-ssl
-
-[8-resumption-ssl]
-server = 8-resumption-server
-client = 8-resumption-client
-resume-server = 8-resumption-server
-resume-client = 8-resumption-resume-client
-
-[8-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[8-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-8]
-ExpectedProtocol = DTLSv1
-HandshakeMode = Resume
-Method = DTLS
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[9-resumption]
-ssl_conf = 9-resumption-ssl
-
-[9-resumption-ssl]
-server = 9-resumption-server
-client = 9-resumption-client
-resume-server = 9-resumption-server
-resume-client = 9-resumption-resume-client
-
-[9-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[9-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[9-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-9]
-ExpectedProtocol = DTLSv1
-HandshakeMode = Resume
-Method = DTLS
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[10-resumption]
-ssl_conf = 10-resumption-ssl
-
-[10-resumption-ssl]
-server = 10-resumption-server
-client = 10-resumption-client
-resume-server = 10-resumption-server
-resume-client = 10-resumption-resume-client
-
-[10-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[10-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[10-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-10]
-ExpectedProtocol = DTLSv1.2
-HandshakeMode = Resume
-Method = DTLS
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[11-resumption]
-ssl_conf = 11-resumption-ssl
-
-[11-resumption-ssl]
-server = 11-resumption-server
-client = 11-resumption-client
-resume-server = 11-resumption-server
-resume-client = 11-resumption-resume-client
-
-[11-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[11-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-MinProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[11-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-11]
-ExpectedProtocol = DTLSv1.2
-HandshakeMode = Resume
-Method = DTLS
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[12-resumption]
-ssl_conf = 12-resumption-ssl
-
-[12-resumption-ssl]
-server = 12-resumption-server
-client = 12-resumption-client
-resume-server = 12-resumption-server
-resume-client = 12-resumption-resume-client
-
-[12-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[12-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[12-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-12]
-ExpectedProtocol = DTLSv1
-HandshakeMode = Resume
-Method = DTLS
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[13-resumption]
-ssl_conf = 13-resumption-ssl
-
-[13-resumption-ssl]
-server = 13-resumption-server
-client = 13-resumption-client
-resume-server = 13-resumption-server
-resume-client = 13-resumption-resume-client
-
-[13-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[13-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[13-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-13]
-ExpectedProtocol = DTLSv1
-HandshakeMode = Resume
-Method = DTLS
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[14-resumption]
-ssl_conf = 14-resumption-ssl
-
-[14-resumption-ssl]
-server = 14-resumption-server
-client = 14-resumption-client
-resume-server = 14-resumption-server
-resume-client = 14-resumption-resume-client
-
-[14-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[14-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[14-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-14]
-ExpectedProtocol = DTLSv1.2
-HandshakeMode = Resume
-Method = DTLS
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[15-resumption]
-ssl_conf = 15-resumption-ssl
-
-[15-resumption-ssl]
-server = 15-resumption-server
-client = 15-resumption-client
-resume-server = 15-resumption-server
-resume-client = 15-resumption-resume-client
-
-[15-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[15-resumption-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-MinProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[15-resumption-resume-client]
-CipherString = DEFAULT
-MaxProtocol = DTLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-15]
-ExpectedProtocol = DTLSv1.2
-HandshakeMode = Resume
-Method = DTLS
-ResumptionExpected = Yes
-
-
diff --git a/test/ssl-tests/11-dtls_resumption.conf.in b/test/ssl-tests/11-dtls_resumption.conf.in

deleted file mode 100644 (file)

index 9f600e6..0000000
--- a/test/ssl-tests/11-dtls_resumption.conf.in
+++ /dev/null
@@ -1,19 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test version negotiation upon resumption.
-
-use strict;
-use warnings;
-
-package ssltests;
-
-use protocol_version;
-
-our @tests = generate_resumption_tests("DTLS");
diff --git a/test/ssl-tests/12-ct.cnf b/test/ssl-tests/12-ct.cnf

new file mode 100644 (file)

index 0000000..2e6e9de
--- /dev/null
+++ b/test/ssl-tests/12-ct.cnf
@@ -0,0 +1,191 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 6
+
+test-0 = 0-ct-permissive-without-scts
+test-1 = 1-ct-permissive-with-scts
+test-2 = 2-ct-strict-without-scts
+test-3 = 3-ct-strict-with-scts
+test-4 = 4-ct-permissive-resumption
+test-5 = 5-ct-strict-resumption
+# ===========================================================
+
+[0-ct-permissive-without-scts]
+ssl_conf = 0-ct-permissive-without-scts-ssl
+
+[0-ct-permissive-without-scts-ssl]
+server = 0-ct-permissive-without-scts-server
+client = 0-ct-permissive-without-scts-client
+
+[0-ct-permissive-without-scts-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-ct-permissive-without-scts-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+client = 0-ct-permissive-without-scts-client-extra
+
+[0-ct-permissive-without-scts-client-extra]
+CTValidation = Permissive
+
+
+# ===========================================================
+
+[1-ct-permissive-with-scts]
+ssl_conf = 1-ct-permissive-with-scts-ssl
+
+[1-ct-permissive-with-scts-ssl]
+server = 1-ct-permissive-with-scts-server
+client = 1-ct-permissive-with-scts-client
+
+[1-ct-permissive-with-scts-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
+
+[1-ct-permissive-with-scts-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+client = 1-ct-permissive-with-scts-client-extra
+
+[1-ct-permissive-with-scts-client-extra]
+CTValidation = Permissive
+
+
+# ===========================================================
+
+[2-ct-strict-without-scts]
+ssl_conf = 2-ct-strict-without-scts-ssl
+
+[2-ct-strict-without-scts-ssl]
+server = 2-ct-strict-without-scts-server
+client = 2-ct-strict-without-scts-client
+
+[2-ct-strict-without-scts-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-ct-strict-without-scts-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedClientAlert = HandshakeFailure
+ExpectedResult = ClientFail
+client = 2-ct-strict-without-scts-client-extra
+
+[2-ct-strict-without-scts-client-extra]
+CTValidation = Strict
+
+
+# ===========================================================
+
+[3-ct-strict-with-scts]
+ssl_conf = 3-ct-strict-with-scts-ssl
+
+[3-ct-strict-with-scts-ssl]
+server = 3-ct-strict-with-scts-server
+client = 3-ct-strict-with-scts-client
+
+[3-ct-strict-with-scts-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
+
+[3-ct-strict-with-scts-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+client = 3-ct-strict-with-scts-client-extra
+
+[3-ct-strict-with-scts-client-extra]
+CTValidation = Strict
+
+
+# ===========================================================
+
+[4-ct-permissive-resumption]
+ssl_conf = 4-ct-permissive-resumption-ssl
+
+[4-ct-permissive-resumption-ssl]
+server = 4-ct-permissive-resumption-server
+client = 4-ct-permissive-resumption-client
+resume-server = 4-ct-permissive-resumption-server
+resume-client = 4-ct-permissive-resumption-client
+
+[4-ct-permissive-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
+
+[4-ct-permissive-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+HandshakeMode = Resume
+ResumptionExpected = Yes
+client = 4-ct-permissive-resumption-client-extra
+resume-client = 4-ct-permissive-resumption-client-extra
+
+[4-ct-permissive-resumption-client-extra]
+CTValidation = Permissive
+
+
+# ===========================================================
+
+[5-ct-strict-resumption]
+ssl_conf = 5-ct-strict-resumption-ssl
+
+[5-ct-strict-resumption-ssl]
+server = 5-ct-strict-resumption-server
+client = 5-ct-strict-resumption-client
+resume-server = 5-ct-strict-resumption-server
+resume-client = 5-ct-strict-resumption-resume-client
+
+[5-ct-strict-resumption-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
+
+[5-ct-strict-resumption-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
+VerifyMode = Peer
+
+[5-ct-strict-resumption-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+HandshakeMode = Resume
+ResumptionExpected = Yes
+client = 5-ct-strict-resumption-client-extra
+resume-client = 5-ct-strict-resumption-resume-client-extra
+
+[5-ct-strict-resumption-client-extra]
+CTValidation = Strict
+
+[5-ct-strict-resumption-resume-client-extra]
+CTValidation = Strict
+
+
diff --git a/test/ssl-tests/12-ct.cnf.in b/test/ssl-tests/12-ct.cnf.in

new file mode 100644 (file)

index 0000000..e87a1de
--- /dev/null
+++ b/test/ssl-tests/12-ct.cnf.in
@@ -0,0 +1,119 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test version negotiation
+
+use strict;
+use warnings;
+
+package ssltests;
+
+
+our @tests = (
+    {
+        name => "ct-permissive-without-scts",
+        server => { },
+        client => {
+            extra => {
+                "CTValidation" => "Permissive",
+            },
+        },
+        test => {
+            "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "ct-permissive-with-scts",
+        server => {
+            "Certificate" => test_pem("embeddedSCTs1.pem"),
+            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
+        },
+        client => {
+            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+            extra => {
+                "CTValidation" => "Permissive",
+            },
+        },
+        test => {
+            "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "ct-strict-without-scts",
+        server => { },
+        client => {
+            extra => {
+                "CTValidation" => "Strict",
+            },
+        },
+        test => {
+            "ExpectedResult" => "ClientFail",
+            "ExpectedClientAlert" => "HandshakeFailure",
+        },
+    },
+    {
+        name => "ct-strict-with-scts",
+        server => {
+            "Certificate" => test_pem("embeddedSCTs1.pem"),
+            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
+        },
+        client => {
+            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+            extra => {
+                "CTValidation" => "Strict",
+            },
+        },
+        test => {
+            "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "ct-permissive-resumption",
+        server => {
+            "Certificate" => test_pem("embeddedSCTs1.pem"),
+            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
+        },
+        client => {
+            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+            extra => {
+                "CTValidation" => "Permissive",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "ct-strict-resumption",
+        server => {
+            "Certificate" => test_pem("embeddedSCTs1.pem"),
+            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
+        },
+        client => {
+            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
+            extra => {
+                "CTValidation" => "Strict",
+            },
+        },
+        # SCTs are not present during resumption, so the resumption
+        # should succeed.
+        resume_client => {
+            extra => {
+                "CTValidation" => "Strict",
+            },
+        },
+        test => {
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedResult" => "Success",
+        },
+    },
+);
diff --git a/test/ssl-tests/12-ct.conf b/test/ssl-tests/12-ct.conf

deleted file mode 100644 (file)

index 2e6e9de..0000000
--- a/test/ssl-tests/12-ct.conf
+++ /dev/null
@@ -1,191 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 6
-
-test-0 = 0-ct-permissive-without-scts
-test-1 = 1-ct-permissive-with-scts
-test-2 = 2-ct-strict-without-scts
-test-3 = 3-ct-strict-with-scts
-test-4 = 4-ct-permissive-resumption
-test-5 = 5-ct-strict-resumption
-# ===========================================================
-
-[0-ct-permissive-without-scts]
-ssl_conf = 0-ct-permissive-without-scts-ssl
-
-[0-ct-permissive-without-scts-ssl]
-server = 0-ct-permissive-without-scts-server
-client = 0-ct-permissive-without-scts-client
-
-[0-ct-permissive-without-scts-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-ct-permissive-without-scts-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-client = 0-ct-permissive-without-scts-client-extra
-
-[0-ct-permissive-without-scts-client-extra]
-CTValidation = Permissive
-
-
-# ===========================================================
-
-[1-ct-permissive-with-scts]
-ssl_conf = 1-ct-permissive-with-scts-ssl
-
-[1-ct-permissive-with-scts-ssl]
-server = 1-ct-permissive-with-scts-server
-client = 1-ct-permissive-with-scts-client
-
-[1-ct-permissive-with-scts-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
-
-[1-ct-permissive-with-scts-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = Success
-client = 1-ct-permissive-with-scts-client-extra
-
-[1-ct-permissive-with-scts-client-extra]
-CTValidation = Permissive
-
-
-# ===========================================================
-
-[2-ct-strict-without-scts]
-ssl_conf = 2-ct-strict-without-scts-ssl
-
-[2-ct-strict-without-scts-ssl]
-server = 2-ct-strict-without-scts-server
-client = 2-ct-strict-without-scts-client
-
-[2-ct-strict-without-scts-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-ct-strict-without-scts-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedClientAlert = HandshakeFailure
-ExpectedResult = ClientFail
-client = 2-ct-strict-without-scts-client-extra
-
-[2-ct-strict-without-scts-client-extra]
-CTValidation = Strict
-
-
-# ===========================================================
-
-[3-ct-strict-with-scts]
-ssl_conf = 3-ct-strict-with-scts-ssl
-
-[3-ct-strict-with-scts-ssl]
-server = 3-ct-strict-with-scts-server
-client = 3-ct-strict-with-scts-client
-
-[3-ct-strict-with-scts-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
-
-[3-ct-strict-with-scts-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedResult = Success
-client = 3-ct-strict-with-scts-client-extra
-
-[3-ct-strict-with-scts-client-extra]
-CTValidation = Strict
-
-
-# ===========================================================
-
-[4-ct-permissive-resumption]
-ssl_conf = 4-ct-permissive-resumption-ssl
-
-[4-ct-permissive-resumption-ssl]
-server = 4-ct-permissive-resumption-server
-client = 4-ct-permissive-resumption-client
-resume-server = 4-ct-permissive-resumption-server
-resume-client = 4-ct-permissive-resumption-client
-
-[4-ct-permissive-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
-
-[4-ct-permissive-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedResult = Success
-HandshakeMode = Resume
-ResumptionExpected = Yes
-client = 4-ct-permissive-resumption-client-extra
-resume-client = 4-ct-permissive-resumption-client-extra
-
-[4-ct-permissive-resumption-client-extra]
-CTValidation = Permissive
-
-
-# ===========================================================
-
-[5-ct-strict-resumption]
-ssl_conf = 5-ct-strict-resumption-ssl
-
-[5-ct-strict-resumption-ssl]
-server = 5-ct-strict-resumption-server
-client = 5-ct-strict-resumption-client
-resume-server = 5-ct-strict-resumption-server
-resume-client = 5-ct-strict-resumption-resume-client
-
-[5-ct-strict-resumption-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem
-
-[5-ct-strict-resumption-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem
-VerifyMode = Peer
-
-[5-ct-strict-resumption-resume-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedResult = Success
-HandshakeMode = Resume
-ResumptionExpected = Yes
-client = 5-ct-strict-resumption-client-extra
-resume-client = 5-ct-strict-resumption-resume-client-extra
-
-[5-ct-strict-resumption-client-extra]
-CTValidation = Strict
-
-[5-ct-strict-resumption-resume-client-extra]
-CTValidation = Strict
-
-
diff --git a/test/ssl-tests/12-ct.conf.in b/test/ssl-tests/12-ct.conf.in

deleted file mode 100644 (file)

index e87a1de..0000000
--- a/test/ssl-tests/12-ct.conf.in
+++ /dev/null
@@ -1,119 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test version negotiation
-
-use strict;
-use warnings;
-
-package ssltests;
-
-
-our @tests = (
-    {
-        name => "ct-permissive-without-scts",
-        server => { },
-        client => {
-            extra => {
-                "CTValidation" => "Permissive",
-            },
-        },
-        test => {
-            "ExpectedResult" => "Success",
-        },
-    },
-    {
-        name => "ct-permissive-with-scts",
-        server => {
-            "Certificate" => test_pem("embeddedSCTs1.pem"),
-            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
-        },
-        client => {
-            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
-            extra => {
-                "CTValidation" => "Permissive",
-            },
-        },
-        test => {
-            "ExpectedResult" => "Success",
-        },
-    },
-    {
-        name => "ct-strict-without-scts",
-        server => { },
-        client => {
-            extra => {
-                "CTValidation" => "Strict",
-            },
-        },
-        test => {
-            "ExpectedResult" => "ClientFail",
-            "ExpectedClientAlert" => "HandshakeFailure",
-        },
-    },
-    {
-        name => "ct-strict-with-scts",
-        server => {
-            "Certificate" => test_pem("embeddedSCTs1.pem"),
-            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
-        },
-        client => {
-            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
-            extra => {
-                "CTValidation" => "Strict",
-            },
-        },
-        test => {
-            "ExpectedResult" => "Success",
-        },
-    },
-    {
-        name => "ct-permissive-resumption",
-        server => {
-            "Certificate" => test_pem("embeddedSCTs1.pem"),
-            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
-        },
-        client => {
-            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
-            extra => {
-                "CTValidation" => "Permissive",
-            },
-        },
-        test => {
-            "HandshakeMode" => "Resume",
-            "ResumptionExpected" => "Yes",
-            "ExpectedResult" => "Success",
-        },
-    },
-    {
-        name => "ct-strict-resumption",
-        server => {
-            "Certificate" => test_pem("embeddedSCTs1.pem"),
-            "PrivateKey"  => test_pem("embeddedSCTs1-key.pem"),
-        },
-        client => {
-            "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"),
-            extra => {
-                "CTValidation" => "Strict",
-            },
-        },
-        # SCTs are not present during resumption, so the resumption
-        # should succeed.
-        resume_client => {
-            extra => {
-                "CTValidation" => "Strict",
-            },
-        },
-        test => {
-            "HandshakeMode" => "Resume",
-            "ResumptionExpected" => "Yes",
-            "ExpectedResult" => "Success",
-        },
-    },
-);
diff --git a/test/ssl-tests/13-fragmentation.cnf b/test/ssl-tests/13-fragmentation.cnf

new file mode 100644 (file)

index 0000000..649387c
--- /dev/null
+++ b/test/ssl-tests/13-fragmentation.cnf
@@ -0,0 +1,577 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 22
+
+test-0 = 0-one-fragment-minus-app-data
+test-1 = 1-one-fragment-app-data
+test-2 = 2-one-fragment-plus-app-data
+test-3 = 3-small-app-data
+test-4 = 4-small-app-data-large-fragment-size
+test-5 = 5-medium-app-data
+test-6 = 6-medium-plus-app-data
+test-7 = 7-large-app-data
+test-8 = 8-large-app-data-large-fragment-size
+test-9 = 9-large-app-data-odd-fragment-size
+test-10 = 10-large-app-data-aes-sha1-multibuffer
+test-11 = 11-large-app-data-aes-sha2-multibuffer
+test-12 = 12-large-app-data-aes-sha1-multibuffer-odd-fragment
+test-13 = 13-large-app-data-aes-sha2-multibuffer-odd-fragment
+test-14 = 14-small-app-data-aes-sha1-multibuffer
+test-15 = 15-small-app-data-aes-sha2-multibuffer
+test-16 = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled
+test-17 = 17-Maximum Fragment Len extension equal FragmentSize to 2048
+test-18 = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024
+test-19 = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024
+test-20 = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048
+test-21 = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024
+# ===========================================================
+
+[0-one-fragment-minus-app-data]
+ssl_conf = 0-one-fragment-minus-app-data-ssl
+
+[0-one-fragment-minus-app-data-ssl]
+server = 0-one-fragment-minus-app-data-server
+client = 0-one-fragment-minus-app-data-client
+
+[0-one-fragment-minus-app-data-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-one-fragment-minus-app-data-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ApplicationData = 511
+
+
+# ===========================================================
+
+[1-one-fragment-app-data]
+ssl_conf = 1-one-fragment-app-data-ssl
+
+[1-one-fragment-app-data-ssl]
+server = 1-one-fragment-app-data-server
+client = 1-one-fragment-app-data-client
+
+[1-one-fragment-app-data-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-one-fragment-app-data-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ApplicationData = 512
+
+
+# ===========================================================
+
+[2-one-fragment-plus-app-data]
+ssl_conf = 2-one-fragment-plus-app-data-ssl
+
+[2-one-fragment-plus-app-data-ssl]
+server = 2-one-fragment-plus-app-data-server
+client = 2-one-fragment-plus-app-data-client
+
+[2-one-fragment-plus-app-data-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-one-fragment-plus-app-data-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ApplicationData = 513
+
+
+# ===========================================================
+
+[3-small-app-data]
+ssl_conf = 3-small-app-data-ssl
+
+[3-small-app-data-ssl]
+server = 3-small-app-data-server
+client = 3-small-app-data-client
+
+[3-small-app-data-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-small-app-data-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ApplicationData = 4097
+
+
+# ===========================================================
+
+[4-small-app-data-large-fragment-size]
+ssl_conf = 4-small-app-data-large-fragment-size-ssl
+
+[4-small-app-data-large-fragment-size-ssl]
+server = 4-small-app-data-large-fragment-size-server
+client = 4-small-app-data-large-fragment-size-client
+
+[4-small-app-data-large-fragment-size-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-small-app-data-large-fragment-size-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ApplicationData = 4097
+MaxFragmentSize = 16384
+
+
+# ===========================================================
+
+[5-medium-app-data]
+ssl_conf = 5-medium-app-data-ssl
+
+[5-medium-app-data-ssl]
+server = 5-medium-app-data-server
+client = 5-medium-app-data-client
+
+[5-medium-app-data-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-medium-app-data-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ApplicationData = 32775
+
+
+# ===========================================================
+
+[6-medium-plus-app-data]
+ssl_conf = 6-medium-plus-app-data-ssl
+
+[6-medium-plus-app-data-ssl]
+server = 6-medium-plus-app-data-server
+client = 6-medium-plus-app-data-client
+
+[6-medium-plus-app-data-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-medium-plus-app-data-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ApplicationData = 131069
+
+
+# ===========================================================
+
+[7-large-app-data]
+ssl_conf = 7-large-app-data-ssl
+
+[7-large-app-data-ssl]
+server = 7-large-app-data-server
+client = 7-large-app-data-client
+
+[7-large-app-data-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-large-app-data-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ApplicationData = 1048576
+
+
+# ===========================================================
+
+[8-large-app-data-large-fragment-size]
+ssl_conf = 8-large-app-data-large-fragment-size-ssl
+
+[8-large-app-data-large-fragment-size-ssl]
+server = 8-large-app-data-large-fragment-size-server
+client = 8-large-app-data-large-fragment-size-client
+
+[8-large-app-data-large-fragment-size-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-large-app-data-large-fragment-size-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ApplicationData = 1048576
+MaxFragmentSize = 16384
+
+
+# ===========================================================
+
+[9-large-app-data-odd-fragment-size]
+ssl_conf = 9-large-app-data-odd-fragment-size-ssl
+
+[9-large-app-data-odd-fragment-size-ssl]
+server = 9-large-app-data-odd-fragment-size-server
+client = 9-large-app-data-odd-fragment-size-client
+
+[9-large-app-data-odd-fragment-size-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-large-app-data-odd-fragment-size-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ApplicationData = 1048576
+MaxFragmentSize = 5115
+
+
+# ===========================================================
+
+[10-large-app-data-aes-sha1-multibuffer]
+ssl_conf = 10-large-app-data-aes-sha1-multibuffer-ssl
+
+[10-large-app-data-aes-sha1-multibuffer-ssl]
+server = 10-large-app-data-aes-sha1-multibuffer-server
+client = 10-large-app-data-aes-sha1-multibuffer-client
+
+[10-large-app-data-aes-sha1-multibuffer-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-large-app-data-aes-sha1-multibuffer-client]
+CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ApplicationData = 1048576
+MaxFragmentSize = 4096
+
+
+# ===========================================================
+
+[11-large-app-data-aes-sha2-multibuffer]
+ssl_conf = 11-large-app-data-aes-sha2-multibuffer-ssl
+
+[11-large-app-data-aes-sha2-multibuffer-ssl]
+server = 11-large-app-data-aes-sha2-multibuffer-server
+client = 11-large-app-data-aes-sha2-multibuffer-client
+
+[11-large-app-data-aes-sha2-multibuffer-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-large-app-data-aes-sha2-multibuffer-client]
+CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ApplicationData = 1048576
+MaxFragmentSize = 4096
+
+
+# ===========================================================
+
+[12-large-app-data-aes-sha1-multibuffer-odd-fragment]
+ssl_conf = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl
+
+[12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl]
+server = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-server
+client = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-client
+
+[12-large-app-data-aes-sha1-multibuffer-odd-fragment-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-large-app-data-aes-sha1-multibuffer-odd-fragment-client]
+CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ApplicationData = 1048579
+MaxFragmentSize = 5115
+
+
+# ===========================================================
+
+[13-large-app-data-aes-sha2-multibuffer-odd-fragment]
+ssl_conf = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl
+
+[13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl]
+server = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-server
+client = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-client
+
+[13-large-app-data-aes-sha2-multibuffer-odd-fragment-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-large-app-data-aes-sha2-multibuffer-odd-fragment-client]
+CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ApplicationData = 1048573
+MaxFragmentSize = 5125
+
+
+# ===========================================================
+
+[14-small-app-data-aes-sha1-multibuffer]
+ssl_conf = 14-small-app-data-aes-sha1-multibuffer-ssl
+
+[14-small-app-data-aes-sha1-multibuffer-ssl]
+server = 14-small-app-data-aes-sha1-multibuffer-server
+client = 14-small-app-data-aes-sha1-multibuffer-client
+
+[14-small-app-data-aes-sha1-multibuffer-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-small-app-data-aes-sha1-multibuffer-client]
+CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ApplicationData = 4096
+MaxFragmentSize = 4096
+
+
+# ===========================================================
+
+[15-small-app-data-aes-sha2-multibuffer]
+ssl_conf = 15-small-app-data-aes-sha2-multibuffer-ssl
+
+[15-small-app-data-aes-sha2-multibuffer-ssl]
+server = 15-small-app-data-aes-sha2-multibuffer-server
+client = 15-small-app-data-aes-sha2-multibuffer-client
+
+[15-small-app-data-aes-sha2-multibuffer-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-small-app-data-aes-sha2-multibuffer-client]
+CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ApplicationData = 4096
+MaxFragmentSize = 4096
+
+
+# ===========================================================
+
+[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled]
+ssl_conf = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-ssl
+
+[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-ssl]
+server = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-server
+client = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client
+
+[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+ApplicationData = 3072
+MaxFragmentSize = 16384
+client = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client-extra
+
+[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client-extra]
+MaxFragmentLenExt = 1024
+
+
+# ===========================================================
+
+[17-Maximum Fragment Len extension equal FragmentSize to 2048]
+ssl_conf = 17-Maximum Fragment Len extension equal FragmentSize to 2048-ssl
+
+[17-Maximum Fragment Len extension equal FragmentSize to 2048-ssl]
+server = 17-Maximum Fragment Len extension equal FragmentSize to 2048-server
+client = 17-Maximum Fragment Len extension equal FragmentSize to 2048-client
+
+[17-Maximum Fragment Len extension equal FragmentSize to 2048-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-Maximum Fragment Len extension equal FragmentSize to 2048-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+ApplicationData = 3072
+MaxFragmentSize = 2048
+client = 17-Maximum Fragment Len extension equal FragmentSize to 2048-client-extra
+
+[17-Maximum Fragment Len extension equal FragmentSize to 2048-client-extra]
+MaxFragmentLenExt = 2048
+
+
+# ===========================================================
+
+[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024]
+ssl_conf = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-ssl
+
+[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-ssl]
+server = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-server
+client = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client
+
+[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ApplicationData = 3072
+MaxFragmentSize = 1024
+client = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client-extra
+
+[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client-extra]
+MaxFragmentLenExt = 512
+
+
+# ===========================================================
+
+[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024]
+ssl_conf = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-ssl
+
+[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-ssl]
+server = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-server
+client = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client
+
+[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+ApplicationData = 3072
+MaxFragmentSize = 1024
+client = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client-extra
+
+[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client-extra]
+MaxFragmentLenExt = 2048
+
+
+# ===========================================================
+
+[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048]
+ssl_conf = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-ssl
+
+[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-ssl]
+server = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-server
+client = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client
+
+[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-20]
+ApplicationData = 8196
+MaxFragmentSize = 2048
+client = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client-extra
+
+[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client-extra]
+MaxFragmentLenExt = 4096
+
+
+# ===========================================================
+
+[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024]
+ssl_conf = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-ssl
+
+[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-ssl]
+server = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-server
+client = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client
+
+[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-21]
+ApplicationData = 3072
+MaxFragmentSize = 1024
+client = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client-extra
+
+[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client-extra]
+MaxFragmentLenExt = 2048
+
+
diff --git a/test/ssl-tests/13-fragmentation.cnf.in b/test/ssl-tests/13-fragmentation.cnf.in

new file mode 100644 (file)

index 0000000..ea20839
--- /dev/null
+++ b/test/ssl-tests/13-fragmentation.cnf.in
@@ -0,0 +1,268 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test packet fragmentation
+
+use strict;
+use warnings;
+
+package ssltests;
+
+
+our @tests = (
+    # Default fragment size is 512.
+    {
+        name => "one-fragment-minus-app-data",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 511,
+        }
+    },
+    {
+        name => "one-fragment-app-data",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 512,
+        }
+    },
+    {
+        name => "one-fragment-plus-app-data",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 513,
+        }
+    },
+    {
+        name => "small-app-data",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 4 * 1024 + 1,
+        }
+    },
+    {
+        name => "small-app-data-large-fragment-size",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 4 * 1024 + 1,
+            MaxFragmentSize => 16384,
+        }
+    },
+    {
+        name => "medium-app-data",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 32 * 1024 + 7,
+        }
+    },
+    # Exceeds the 64kB write buffer size.
+    {
+        name => "medium-plus-app-data",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 128 * 1024 - 3,
+        }
+    },
+    {
+        name => "large-app-data",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 1024 * 1024,
+        }
+    },
+    {
+        name => "large-app-data-large-fragment-size",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 1024 * 1024,
+            MaxFragmentSize => 16384,
+        }
+    },
+    {
+        name => "large-app-data-odd-fragment-size",
+        server => { },
+        client => { },
+        test => {
+            ApplicationData => 1024 * 1024,
+            MaxFragmentSize => 5 * 1024 - 5,
+        }
+    },
+    # When the buffer / fragment size ratio is sufficiently large,
+    # multi-buffer code kicks in on some platforms for AES-SHA.  The
+    # exact minimum ratio depends on the platform, and is usually
+    # around 4. Since the test buffer is 64kB, a 4kB fragment is
+    # easily sufficient.
+    #
+    # (We run this test on all platforms though it's only true multibuffer
+    #  on some of them.)
+    {
+        name => "large-app-data-aes-sha1-multibuffer",
+        server => { },
+        client => {
+            CipherString => "AES128-SHA",
+            MaxProtocol => "TLSv1.2"
+        },
+        test => {
+            ApplicationData => 1024 * 1024,
+            MaxFragmentSize => 4 * 1024,
+        }
+    },
+    {
+        name => "large-app-data-aes-sha2-multibuffer",
+        server => { },
+        client => {
+            CipherString => "AES128-SHA256",
+            MaxProtocol => "TLSv1.2"
+        },
+        test => {
+            ApplicationData => 1024 * 1024,
+            MaxFragmentSize => 4 * 1024,
+        }
+    },
+        {
+        name => "large-app-data-aes-sha1-multibuffer-odd-fragment",
+        server => { },
+        client => {
+            CipherString => "AES128-SHA",
+            MaxProtocol => "TLSv1.2"
+        },
+        test => {
+            ApplicationData => 1024 * 1024 + 3,
+            MaxFragmentSize => 5 * 1024 - 5,
+        }
+    },
+    {
+        name => "large-app-data-aes-sha2-multibuffer-odd-fragment",
+        server => { },
+        client => {
+            CipherString => "AES128-SHA256",
+            MaxProtocol => "TLSv1.2"
+        },
+        test => {
+            ApplicationData => 1024 * 1024 - 3,
+            MaxFragmentSize => 5 * 1024 + 5,
+        }
+    },
+    # Test that multibuffer-capable code also handles small data correctly.
+    # Here fragment size == app data size < buffer size,
+    # so no multibuffering should happen.
+    {
+        name => "small-app-data-aes-sha1-multibuffer",
+        server => { },
+        client => {
+            CipherString => "AES128-SHA",
+            MaxProtocol => "TLSv1.2"
+        },
+        test => {
+            ApplicationData => 4 * 1024,
+            MaxFragmentSize => 4 * 1024,
+        }
+    },
+    {
+        name => "small-app-data-aes-sha2-multibuffer",
+        server => { },
+        client => {
+            CipherString => "AES128-SHA256",
+            MaxProtocol => "TLSv1.2"
+        },
+        test => {
+            ApplicationData => 4 * 1024,
+            MaxFragmentSize => 4 * 1024,
+        }
+    },
+    ############################################
+    # Default (Max) Fragment Size is 512.
+    # Default Application data size is 256.
+    {
+        name => "Maximum Fragment Len extension set to 1024 w. FragmentSize disabled",
+        server => { },
+        client => {
+            extra => {
+                MaxFragmentLenExt => 1024,
+            },
+        },
+        test => {
+            ApplicationData => 3072,
+            MaxFragmentSize => 16384,
+        }
+    },
+    {
+        name => "Maximum Fragment Len extension equal FragmentSize to 2048",
+        server => { },
+        client => {
+            extra => {
+                MaxFragmentLenExt => 2048,
+            },
+        },
+        test => {
+            ApplicationData => 3072,
+            MaxFragmentSize => 2048,
+        }
+    },
+    {
+        name => "Maximum Fragment Len extension 512 lower than FragmentSize 1024",
+        server => { },
+        client => {
+            extra => {
+                MaxFragmentLenExt => 512,
+            },
+        },
+        test => {
+            ApplicationData => 3072,
+            MaxFragmentSize => 1024,
+        }
+    },
+    {
+        name => "Maximum Fragment Len extension 1024 lower than FragmentSize 1024",
+        server => { },
+        client => {
+            extra => {
+                MaxFragmentLenExt => 2048,
+            },
+        },
+        test => {
+            ApplicationData => 3072,
+            MaxFragmentSize => 1024,
+        }
+    },
+    {
+        name => "Maximum Fragment Len extension 4096 greater than FragmentSize 2048",
+        server => { },
+        client => {
+            extra => {
+                MaxFragmentLenExt => 4096,
+            },
+        },
+        test => {
+            ApplicationData => 8196,
+            MaxFragmentSize => 2048,
+        }
+    },
+    {
+        name => "Maximum Fragment Len extension 2048 greater than FragmentSize 1024",
+        server => { },
+        client => {
+            extra => {
+                MaxFragmentLenExt => 2048,
+            },
+        },
+        test => {
+            ApplicationData => 3072,
+            MaxFragmentSize => 1024,
+        }
+    },
+);
diff --git a/test/ssl-tests/13-fragmentation.conf b/test/ssl-tests/13-fragmentation.conf

deleted file mode 100644 (file)

index 649387c..0000000
--- a/test/ssl-tests/13-fragmentation.conf
+++ /dev/null
@@ -1,577 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 22
-
-test-0 = 0-one-fragment-minus-app-data
-test-1 = 1-one-fragment-app-data
-test-2 = 2-one-fragment-plus-app-data
-test-3 = 3-small-app-data
-test-4 = 4-small-app-data-large-fragment-size
-test-5 = 5-medium-app-data
-test-6 = 6-medium-plus-app-data
-test-7 = 7-large-app-data
-test-8 = 8-large-app-data-large-fragment-size
-test-9 = 9-large-app-data-odd-fragment-size
-test-10 = 10-large-app-data-aes-sha1-multibuffer
-test-11 = 11-large-app-data-aes-sha2-multibuffer
-test-12 = 12-large-app-data-aes-sha1-multibuffer-odd-fragment
-test-13 = 13-large-app-data-aes-sha2-multibuffer-odd-fragment
-test-14 = 14-small-app-data-aes-sha1-multibuffer
-test-15 = 15-small-app-data-aes-sha2-multibuffer
-test-16 = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled
-test-17 = 17-Maximum Fragment Len extension equal FragmentSize to 2048
-test-18 = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024
-test-19 = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024
-test-20 = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048
-test-21 = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024
-# ===========================================================
-
-[0-one-fragment-minus-app-data]
-ssl_conf = 0-one-fragment-minus-app-data-ssl
-
-[0-one-fragment-minus-app-data-ssl]
-server = 0-one-fragment-minus-app-data-server
-client = 0-one-fragment-minus-app-data-client
-
-[0-one-fragment-minus-app-data-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-one-fragment-minus-app-data-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ApplicationData = 511
-
-
-# ===========================================================
-
-[1-one-fragment-app-data]
-ssl_conf = 1-one-fragment-app-data-ssl
-
-[1-one-fragment-app-data-ssl]
-server = 1-one-fragment-app-data-server
-client = 1-one-fragment-app-data-client
-
-[1-one-fragment-app-data-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-one-fragment-app-data-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ApplicationData = 512
-
-
-# ===========================================================
-
-[2-one-fragment-plus-app-data]
-ssl_conf = 2-one-fragment-plus-app-data-ssl
-
-[2-one-fragment-plus-app-data-ssl]
-server = 2-one-fragment-plus-app-data-server
-client = 2-one-fragment-plus-app-data-client
-
-[2-one-fragment-plus-app-data-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-one-fragment-plus-app-data-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ApplicationData = 513
-
-
-# ===========================================================
-
-[3-small-app-data]
-ssl_conf = 3-small-app-data-ssl
-
-[3-small-app-data-ssl]
-server = 3-small-app-data-server
-client = 3-small-app-data-client
-
-[3-small-app-data-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-small-app-data-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ApplicationData = 4097
-
-
-# ===========================================================
-
-[4-small-app-data-large-fragment-size]
-ssl_conf = 4-small-app-data-large-fragment-size-ssl
-
-[4-small-app-data-large-fragment-size-ssl]
-server = 4-small-app-data-large-fragment-size-server
-client = 4-small-app-data-large-fragment-size-client
-
-[4-small-app-data-large-fragment-size-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-small-app-data-large-fragment-size-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-ApplicationData = 4097
-MaxFragmentSize = 16384
-
-
-# ===========================================================
-
-[5-medium-app-data]
-ssl_conf = 5-medium-app-data-ssl
-
-[5-medium-app-data-ssl]
-server = 5-medium-app-data-server
-client = 5-medium-app-data-client
-
-[5-medium-app-data-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-medium-app-data-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ApplicationData = 32775
-
-
-# ===========================================================
-
-[6-medium-plus-app-data]
-ssl_conf = 6-medium-plus-app-data-ssl
-
-[6-medium-plus-app-data-ssl]
-server = 6-medium-plus-app-data-server
-client = 6-medium-plus-app-data-client
-
-[6-medium-plus-app-data-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-medium-plus-app-data-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ApplicationData = 131069
-
-
-# ===========================================================
-
-[7-large-app-data]
-ssl_conf = 7-large-app-data-ssl
-
-[7-large-app-data-ssl]
-server = 7-large-app-data-server
-client = 7-large-app-data-client
-
-[7-large-app-data-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-large-app-data-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-ApplicationData = 1048576
-
-
-# ===========================================================
-
-[8-large-app-data-large-fragment-size]
-ssl_conf = 8-large-app-data-large-fragment-size-ssl
-
-[8-large-app-data-large-fragment-size-ssl]
-server = 8-large-app-data-large-fragment-size-server
-client = 8-large-app-data-large-fragment-size-client
-
-[8-large-app-data-large-fragment-size-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-large-app-data-large-fragment-size-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-8]
-ApplicationData = 1048576
-MaxFragmentSize = 16384
-
-
-# ===========================================================
-
-[9-large-app-data-odd-fragment-size]
-ssl_conf = 9-large-app-data-odd-fragment-size-ssl
-
-[9-large-app-data-odd-fragment-size-ssl]
-server = 9-large-app-data-odd-fragment-size-server
-client = 9-large-app-data-odd-fragment-size-client
-
-[9-large-app-data-odd-fragment-size-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[9-large-app-data-odd-fragment-size-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-9]
-ApplicationData = 1048576
-MaxFragmentSize = 5115
-
-
-# ===========================================================
-
-[10-large-app-data-aes-sha1-multibuffer]
-ssl_conf = 10-large-app-data-aes-sha1-multibuffer-ssl
-
-[10-large-app-data-aes-sha1-multibuffer-ssl]
-server = 10-large-app-data-aes-sha1-multibuffer-server
-client = 10-large-app-data-aes-sha1-multibuffer-client
-
-[10-large-app-data-aes-sha1-multibuffer-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[10-large-app-data-aes-sha1-multibuffer-client]
-CipherString = AES128-SHA
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-10]
-ApplicationData = 1048576
-MaxFragmentSize = 4096
-
-
-# ===========================================================
-
-[11-large-app-data-aes-sha2-multibuffer]
-ssl_conf = 11-large-app-data-aes-sha2-multibuffer-ssl
-
-[11-large-app-data-aes-sha2-multibuffer-ssl]
-server = 11-large-app-data-aes-sha2-multibuffer-server
-client = 11-large-app-data-aes-sha2-multibuffer-client
-
-[11-large-app-data-aes-sha2-multibuffer-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[11-large-app-data-aes-sha2-multibuffer-client]
-CipherString = AES128-SHA256
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-11]
-ApplicationData = 1048576
-MaxFragmentSize = 4096
-
-
-# ===========================================================
-
-[12-large-app-data-aes-sha1-multibuffer-odd-fragment]
-ssl_conf = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl
-
-[12-large-app-data-aes-sha1-multibuffer-odd-fragment-ssl]
-server = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-server
-client = 12-large-app-data-aes-sha1-multibuffer-odd-fragment-client
-
-[12-large-app-data-aes-sha1-multibuffer-odd-fragment-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[12-large-app-data-aes-sha1-multibuffer-odd-fragment-client]
-CipherString = AES128-SHA
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-12]
-ApplicationData = 1048579
-MaxFragmentSize = 5115
-
-
-# ===========================================================
-
-[13-large-app-data-aes-sha2-multibuffer-odd-fragment]
-ssl_conf = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl
-
-[13-large-app-data-aes-sha2-multibuffer-odd-fragment-ssl]
-server = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-server
-client = 13-large-app-data-aes-sha2-multibuffer-odd-fragment-client
-
-[13-large-app-data-aes-sha2-multibuffer-odd-fragment-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[13-large-app-data-aes-sha2-multibuffer-odd-fragment-client]
-CipherString = AES128-SHA256
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-13]
-ApplicationData = 1048573
-MaxFragmentSize = 5125
-
-
-# ===========================================================
-
-[14-small-app-data-aes-sha1-multibuffer]
-ssl_conf = 14-small-app-data-aes-sha1-multibuffer-ssl
-
-[14-small-app-data-aes-sha1-multibuffer-ssl]
-server = 14-small-app-data-aes-sha1-multibuffer-server
-client = 14-small-app-data-aes-sha1-multibuffer-client
-
-[14-small-app-data-aes-sha1-multibuffer-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[14-small-app-data-aes-sha1-multibuffer-client]
-CipherString = AES128-SHA
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-14]
-ApplicationData = 4096
-MaxFragmentSize = 4096
-
-
-# ===========================================================
-
-[15-small-app-data-aes-sha2-multibuffer]
-ssl_conf = 15-small-app-data-aes-sha2-multibuffer-ssl
-
-[15-small-app-data-aes-sha2-multibuffer-ssl]
-server = 15-small-app-data-aes-sha2-multibuffer-server
-client = 15-small-app-data-aes-sha2-multibuffer-client
-
-[15-small-app-data-aes-sha2-multibuffer-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[15-small-app-data-aes-sha2-multibuffer-client]
-CipherString = AES128-SHA256
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-15]
-ApplicationData = 4096
-MaxFragmentSize = 4096
-
-
-# ===========================================================
-
-[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled]
-ssl_conf = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-ssl
-
-[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-ssl]
-server = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-server
-client = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client
-
-[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-16]
-ApplicationData = 3072
-MaxFragmentSize = 16384
-client = 16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client-extra
-
-[16-Maximum Fragment Len extension set to 1024 w. FragmentSize disabled-client-extra]
-MaxFragmentLenExt = 1024
-
-
-# ===========================================================
-
-[17-Maximum Fragment Len extension equal FragmentSize to 2048]
-ssl_conf = 17-Maximum Fragment Len extension equal FragmentSize to 2048-ssl
-
-[17-Maximum Fragment Len extension equal FragmentSize to 2048-ssl]
-server = 17-Maximum Fragment Len extension equal FragmentSize to 2048-server
-client = 17-Maximum Fragment Len extension equal FragmentSize to 2048-client
-
-[17-Maximum Fragment Len extension equal FragmentSize to 2048-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[17-Maximum Fragment Len extension equal FragmentSize to 2048-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-17]
-ApplicationData = 3072
-MaxFragmentSize = 2048
-client = 17-Maximum Fragment Len extension equal FragmentSize to 2048-client-extra
-
-[17-Maximum Fragment Len extension equal FragmentSize to 2048-client-extra]
-MaxFragmentLenExt = 2048
-
-
-# ===========================================================
-
-[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024]
-ssl_conf = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-ssl
-
-[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-ssl]
-server = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-server
-client = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client
-
-[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-18]
-ApplicationData = 3072
-MaxFragmentSize = 1024
-client = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client-extra
-
-[18-Maximum Fragment Len extension 512 lower than FragmentSize 1024-client-extra]
-MaxFragmentLenExt = 512
-
-
-# ===========================================================
-
-[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024]
-ssl_conf = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-ssl
-
-[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-ssl]
-server = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-server
-client = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client
-
-[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-19]
-ApplicationData = 3072
-MaxFragmentSize = 1024
-client = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client-extra
-
-[19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024-client-extra]
-MaxFragmentLenExt = 2048
-
-
-# ===========================================================
-
-[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048]
-ssl_conf = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-ssl
-
-[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-ssl]
-server = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-server
-client = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client
-
-[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-20]
-ApplicationData = 8196
-MaxFragmentSize = 2048
-client = 20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client-extra
-
-[20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048-client-extra]
-MaxFragmentLenExt = 4096
-
-
-# ===========================================================
-
-[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024]
-ssl_conf = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-ssl
-
-[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-ssl]
-server = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-server
-client = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client
-
-[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-21]
-ApplicationData = 3072
-MaxFragmentSize = 1024
-client = 21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client-extra
-
-[21-Maximum Fragment Len extension 2048 greater than FragmentSize 1024-client-extra]
-MaxFragmentLenExt = 2048
-
-
diff --git a/test/ssl-tests/13-fragmentation.conf.in b/test/ssl-tests/13-fragmentation.conf.in

deleted file mode 100644 (file)

index ea20839..0000000
--- a/test/ssl-tests/13-fragmentation.conf.in
+++ /dev/null
@@ -1,268 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test packet fragmentation
-
-use strict;
-use warnings;
-
-package ssltests;
-
-
-our @tests = (
-    # Default fragment size is 512.
-    {
-        name => "one-fragment-minus-app-data",
-        server => { },
-        client => { },
-        test => {
-            ApplicationData => 511,
-        }
-    },
-    {
-        name => "one-fragment-app-data",
-        server => { },
-        client => { },
-        test => {
-            ApplicationData => 512,
-        }
-    },
-    {
-        name => "one-fragment-plus-app-data",
-        server => { },
-        client => { },
-        test => {
-            ApplicationData => 513,
-        }
-    },
-    {
-        name => "small-app-data",
-        server => { },
-        client => { },
-        test => {
-            ApplicationData => 4 * 1024 + 1,
-        }
-    },
-    {
-        name => "small-app-data-large-fragment-size",
-        server => { },
-        client => { },
-        test => {
-            ApplicationData => 4 * 1024 + 1,
-            MaxFragmentSize => 16384,
-        }
-    },
-    {
-        name => "medium-app-data",
-        server => { },
-        client => { },
-        test => {
-            ApplicationData => 32 * 1024 + 7,
-        }
-    },
-    # Exceeds the 64kB write buffer size.
-    {
-        name => "medium-plus-app-data",
-        server => { },
-        client => { },
-        test => {
-            ApplicationData => 128 * 1024 - 3,
-        }
-    },
-    {
-        name => "large-app-data",
-        server => { },
-        client => { },
-        test => {
-            ApplicationData => 1024 * 1024,
-        }
-    },
-    {
-        name => "large-app-data-large-fragment-size",
-        server => { },
-        client => { },
-        test => {
-            ApplicationData => 1024 * 1024,
-            MaxFragmentSize => 16384,
-        }
-    },
-    {
-        name => "large-app-data-odd-fragment-size",
-        server => { },
-        client => { },
-        test => {
-            ApplicationData => 1024 * 1024,
-            MaxFragmentSize => 5 * 1024 - 5,
-        }
-    },
-    # When the buffer / fragment size ratio is sufficiently large,
-    # multi-buffer code kicks in on some platforms for AES-SHA.  The
-    # exact minimum ratio depends on the platform, and is usually
-    # around 4. Since the test buffer is 64kB, a 4kB fragment is
-    # easily sufficient.
-    #
-    # (We run this test on all platforms though it's only true multibuffer
-    #  on some of them.)
-    {
-        name => "large-app-data-aes-sha1-multibuffer",
-        server => { },
-        client => {
-            CipherString => "AES128-SHA",
-            MaxProtocol => "TLSv1.2"
-        },
-        test => {
-            ApplicationData => 1024 * 1024,
-            MaxFragmentSize => 4 * 1024,
-        }
-    },
-    {
-        name => "large-app-data-aes-sha2-multibuffer",
-        server => { },
-        client => {
-            CipherString => "AES128-SHA256",
-            MaxProtocol => "TLSv1.2"
-        },
-        test => {
-            ApplicationData => 1024 * 1024,
-            MaxFragmentSize => 4 * 1024,
-        }
-    },
-        {
-        name => "large-app-data-aes-sha1-multibuffer-odd-fragment",
-        server => { },
-        client => {
-            CipherString => "AES128-SHA",
-            MaxProtocol => "TLSv1.2"
-        },
-        test => {
-            ApplicationData => 1024 * 1024 + 3,
-            MaxFragmentSize => 5 * 1024 - 5,
-        }
-    },
-    {
-        name => "large-app-data-aes-sha2-multibuffer-odd-fragment",
-        server => { },
-        client => {
-            CipherString => "AES128-SHA256",
-            MaxProtocol => "TLSv1.2"
-        },
-        test => {
-            ApplicationData => 1024 * 1024 - 3,
-            MaxFragmentSize => 5 * 1024 + 5,
-        }
-    },
-    # Test that multibuffer-capable code also handles small data correctly.
-    # Here fragment size == app data size < buffer size,
-    # so no multibuffering should happen.
-    {
-        name => "small-app-data-aes-sha1-multibuffer",
-        server => { },
-        client => {
-            CipherString => "AES128-SHA",
-            MaxProtocol => "TLSv1.2"
-        },
-        test => {
-            ApplicationData => 4 * 1024,
-            MaxFragmentSize => 4 * 1024,
-        }
-    },
-    {
-        name => "small-app-data-aes-sha2-multibuffer",
-        server => { },
-        client => {
-            CipherString => "AES128-SHA256",
-            MaxProtocol => "TLSv1.2"
-        },
-        test => {
-            ApplicationData => 4 * 1024,
-            MaxFragmentSize => 4 * 1024,
-        }
-    },
-    ############################################
-    # Default (Max) Fragment Size is 512.
-    # Default Application data size is 256.
-    {
-        name => "Maximum Fragment Len extension set to 1024 w. FragmentSize disabled",
-        server => { },
-        client => {
-            extra => {
-                MaxFragmentLenExt => 1024,
-            },
-        },
-        test => {
-            ApplicationData => 3072,
-            MaxFragmentSize => 16384,
-        }
-    },
-    {
-        name => "Maximum Fragment Len extension equal FragmentSize to 2048",
-        server => { },
-        client => {
-            extra => {
-                MaxFragmentLenExt => 2048,
-            },
-        },
-        test => {
-            ApplicationData => 3072,
-            MaxFragmentSize => 2048,
-        }
-    },
-    {
-        name => "Maximum Fragment Len extension 512 lower than FragmentSize 1024",
-        server => { },
-        client => {
-            extra => {
-                MaxFragmentLenExt => 512,
-            },
-        },
-        test => {
-            ApplicationData => 3072,
-            MaxFragmentSize => 1024,
-        }
-    },
-    {
-        name => "Maximum Fragment Len extension 1024 lower than FragmentSize 1024",
-        server => { },
-        client => {
-            extra => {
-                MaxFragmentLenExt => 2048,
-            },
-        },
-        test => {
-            ApplicationData => 3072,
-            MaxFragmentSize => 1024,
-        }
-    },
-    {
-        name => "Maximum Fragment Len extension 4096 greater than FragmentSize 2048",
-        server => { },
-        client => {
-            extra => {
-                MaxFragmentLenExt => 4096,
-            },
-        },
-        test => {
-            ApplicationData => 8196,
-            MaxFragmentSize => 2048,
-        }
-    },
-    {
-        name => "Maximum Fragment Len extension 2048 greater than FragmentSize 1024",
-        server => { },
-        client => {
-            extra => {
-                MaxFragmentLenExt => 2048,
-            },
-        },
-        test => {
-            ApplicationData => 3072,
-            MaxFragmentSize => 1024,
-        }
-    },
-);
diff --git a/test/ssl-tests/14-curves.cnf b/test/ssl-tests/14-curves.cnf

new file mode 100644 (file)

index 0000000..f76f08f
--- /dev/null
+++ b/test/ssl-tests/14-curves.cnf
@@ -0,0 +1,874 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 30
+
+test-0 = 0-curve-sect163k1
+test-1 = 1-curve-sect163r1
+test-2 = 2-curve-sect163r2
+test-3 = 3-curve-sect193r1
+test-4 = 4-curve-sect193r2
+test-5 = 5-curve-sect233k1
+test-6 = 6-curve-sect233r1
+test-7 = 7-curve-sect239k1
+test-8 = 8-curve-sect283k1
+test-9 = 9-curve-sect283r1
+test-10 = 10-curve-sect409k1
+test-11 = 11-curve-sect409r1
+test-12 = 12-curve-sect571k1
+test-13 = 13-curve-sect571r1
+test-14 = 14-curve-secp160k1
+test-15 = 15-curve-secp160r1
+test-16 = 16-curve-secp160r2
+test-17 = 17-curve-secp192k1
+test-18 = 18-curve-prime192v1
+test-19 = 19-curve-secp224k1
+test-20 = 20-curve-secp224r1
+test-21 = 21-curve-secp256k1
+test-22 = 22-curve-prime256v1
+test-23 = 23-curve-secp384r1
+test-24 = 24-curve-secp521r1
+test-25 = 25-curve-brainpoolP256r1
+test-26 = 26-curve-brainpoolP384r1
+test-27 = 27-curve-brainpoolP512r1
+test-28 = 28-curve-X25519
+test-29 = 29-curve-X448
+# ===========================================================
+
+[0-curve-sect163k1]
+ssl_conf = 0-curve-sect163k1-ssl
+
+[0-curve-sect163k1-ssl]
+server = 0-curve-sect163k1-server
+client = 0-curve-sect163k1-client
+
+[0-curve-sect163k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect163k1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-curve-sect163k1-client]
+CipherString = ECDHE
+Curves = sect163k1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect163k1
+
+
+# ===========================================================
+
+[1-curve-sect163r1]
+ssl_conf = 1-curve-sect163r1-ssl
+
+[1-curve-sect163r1-ssl]
+server = 1-curve-sect163r1-server
+client = 1-curve-sect163r1-client
+
+[1-curve-sect163r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect163r1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-curve-sect163r1-client]
+CipherString = ECDHE
+Curves = sect163r1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect163r1
+
+
+# ===========================================================
+
+[2-curve-sect163r2]
+ssl_conf = 2-curve-sect163r2-ssl
+
+[2-curve-sect163r2-ssl]
+server = 2-curve-sect163r2-server
+client = 2-curve-sect163r2-client
+
+[2-curve-sect163r2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect163r2
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-curve-sect163r2-client]
+CipherString = ECDHE
+Curves = sect163r2
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect163r2
+
+
+# ===========================================================
+
+[3-curve-sect193r1]
+ssl_conf = 3-curve-sect193r1-ssl
+
+[3-curve-sect193r1-ssl]
+server = 3-curve-sect193r1-server
+client = 3-curve-sect193r1-client
+
+[3-curve-sect193r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect193r1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-curve-sect193r1-client]
+CipherString = ECDHE
+Curves = sect193r1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect193r1
+
+
+# ===========================================================
+
+[4-curve-sect193r2]
+ssl_conf = 4-curve-sect193r2-ssl
+
+[4-curve-sect193r2-ssl]
+server = 4-curve-sect193r2-server
+client = 4-curve-sect193r2-client
+
+[4-curve-sect193r2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect193r2
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-curve-sect193r2-client]
+CipherString = ECDHE
+Curves = sect193r2
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect193r2
+
+
+# ===========================================================
+
+[5-curve-sect233k1]
+ssl_conf = 5-curve-sect233k1-ssl
+
+[5-curve-sect233k1-ssl]
+server = 5-curve-sect233k1-server
+client = 5-curve-sect233k1-client
+
+[5-curve-sect233k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect233k1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-curve-sect233k1-client]
+CipherString = ECDHE
+Curves = sect233k1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect233k1
+
+
+# ===========================================================
+
+[6-curve-sect233r1]
+ssl_conf = 6-curve-sect233r1-ssl
+
+[6-curve-sect233r1-ssl]
+server = 6-curve-sect233r1-server
+client = 6-curve-sect233r1-client
+
+[6-curve-sect233r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect233r1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-curve-sect233r1-client]
+CipherString = ECDHE
+Curves = sect233r1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect233r1
+
+
+# ===========================================================
+
+[7-curve-sect239k1]
+ssl_conf = 7-curve-sect239k1-ssl
+
+[7-curve-sect239k1-ssl]
+server = 7-curve-sect239k1-server
+client = 7-curve-sect239k1-client
+
+[7-curve-sect239k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect239k1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-curve-sect239k1-client]
+CipherString = ECDHE
+Curves = sect239k1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect239k1
+
+
+# ===========================================================
+
+[8-curve-sect283k1]
+ssl_conf = 8-curve-sect283k1-ssl
+
+[8-curve-sect283k1-ssl]
+server = 8-curve-sect283k1-server
+client = 8-curve-sect283k1-client
+
+[8-curve-sect283k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect283k1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-curve-sect283k1-client]
+CipherString = ECDHE
+Curves = sect283k1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect283k1
+
+
+# ===========================================================
+
+[9-curve-sect283r1]
+ssl_conf = 9-curve-sect283r1-ssl
+
+[9-curve-sect283r1-ssl]
+server = 9-curve-sect283r1-server
+client = 9-curve-sect283r1-client
+
+[9-curve-sect283r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect283r1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-curve-sect283r1-client]
+CipherString = ECDHE
+Curves = sect283r1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect283r1
+
+
+# ===========================================================
+
+[10-curve-sect409k1]
+ssl_conf = 10-curve-sect409k1-ssl
+
+[10-curve-sect409k1-ssl]
+server = 10-curve-sect409k1-server
+client = 10-curve-sect409k1-client
+
+[10-curve-sect409k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect409k1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-curve-sect409k1-client]
+CipherString = ECDHE
+Curves = sect409k1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect409k1
+
+
+# ===========================================================
+
+[11-curve-sect409r1]
+ssl_conf = 11-curve-sect409r1-ssl
+
+[11-curve-sect409r1-ssl]
+server = 11-curve-sect409r1-server
+client = 11-curve-sect409r1-client
+
+[11-curve-sect409r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect409r1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-curve-sect409r1-client]
+CipherString = ECDHE
+Curves = sect409r1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect409r1
+
+
+# ===========================================================
+
+[12-curve-sect571k1]
+ssl_conf = 12-curve-sect571k1-ssl
+
+[12-curve-sect571k1-ssl]
+server = 12-curve-sect571k1-server
+client = 12-curve-sect571k1-client
+
+[12-curve-sect571k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect571k1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-curve-sect571k1-client]
+CipherString = ECDHE
+Curves = sect571k1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect571k1
+
+
+# ===========================================================
+
+[13-curve-sect571r1]
+ssl_conf = 13-curve-sect571r1-ssl
+
+[13-curve-sect571r1-ssl]
+server = 13-curve-sect571r1-server
+client = 13-curve-sect571r1-client
+
+[13-curve-sect571r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = sect571r1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-curve-sect571r1-client]
+CipherString = ECDHE
+Curves = sect571r1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedResult = Success
+ExpectedTmpKeyType = sect571r1
+
+
+# ===========================================================
+
+[14-curve-secp160k1]
+ssl_conf = 14-curve-secp160k1-ssl
+
+[14-curve-secp160k1-ssl]
+server = 14-curve-secp160k1-server
+client = 14-curve-secp160k1-client
+
+[14-curve-secp160k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp160k1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-curve-secp160k1-client]
+CipherString = ECDHE
+Curves = secp160k1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp160k1
+
+
+# ===========================================================
+
+[15-curve-secp160r1]
+ssl_conf = 15-curve-secp160r1-ssl
+
+[15-curve-secp160r1-ssl]
+server = 15-curve-secp160r1-server
+client = 15-curve-secp160r1-client
+
+[15-curve-secp160r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp160r1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-curve-secp160r1-client]
+CipherString = ECDHE
+Curves = secp160r1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp160r1
+
+
+# ===========================================================
+
+[16-curve-secp160r2]
+ssl_conf = 16-curve-secp160r2-ssl
+
+[16-curve-secp160r2-ssl]
+server = 16-curve-secp160r2-server
+client = 16-curve-secp160r2-client
+
+[16-curve-secp160r2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp160r2
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-curve-secp160r2-client]
+CipherString = ECDHE
+Curves = secp160r2
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp160r2
+
+
+# ===========================================================
+
+[17-curve-secp192k1]
+ssl_conf = 17-curve-secp192k1-ssl
+
+[17-curve-secp192k1-ssl]
+server = 17-curve-secp192k1-server
+client = 17-curve-secp192k1-client
+
+[17-curve-secp192k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp192k1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-curve-secp192k1-client]
+CipherString = ECDHE
+Curves = secp192k1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp192k1
+
+
+# ===========================================================
+
+[18-curve-prime192v1]
+ssl_conf = 18-curve-prime192v1-ssl
+
+[18-curve-prime192v1-ssl]
+server = 18-curve-prime192v1-server
+client = 18-curve-prime192v1-client
+
+[18-curve-prime192v1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = prime192v1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-curve-prime192v1-client]
+CipherString = ECDHE
+Curves = prime192v1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ExpectedResult = Success
+ExpectedTmpKeyType = prime192v1
+
+
+# ===========================================================
+
+[19-curve-secp224k1]
+ssl_conf = 19-curve-secp224k1-ssl
+
+[19-curve-secp224k1-ssl]
+server = 19-curve-secp224k1-server
+client = 19-curve-secp224k1-client
+
+[19-curve-secp224k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp224k1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-curve-secp224k1-client]
+CipherString = ECDHE
+Curves = secp224k1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp224k1
+
+
+# ===========================================================
+
+[20-curve-secp224r1]
+ssl_conf = 20-curve-secp224r1-ssl
+
+[20-curve-secp224r1-ssl]
+server = 20-curve-secp224r1-server
+client = 20-curve-secp224r1-client
+
+[20-curve-secp224r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp224r1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[20-curve-secp224r1-client]
+CipherString = ECDHE
+Curves = secp224r1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-20]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp224r1
+
+
+# ===========================================================
+
+[21-curve-secp256k1]
+ssl_conf = 21-curve-secp256k1-ssl
+
+[21-curve-secp256k1-ssl]
+server = 21-curve-secp256k1-server
+client = 21-curve-secp256k1-client
+
+[21-curve-secp256k1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp256k1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[21-curve-secp256k1-client]
+CipherString = ECDHE
+Curves = secp256k1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-21]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp256k1
+
+
+# ===========================================================
+
+[22-curve-prime256v1]
+ssl_conf = 22-curve-prime256v1-ssl
+
+[22-curve-prime256v1-ssl]
+server = 22-curve-prime256v1-server
+client = 22-curve-prime256v1-client
+
+[22-curve-prime256v1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = prime256v1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[22-curve-prime256v1-client]
+CipherString = ECDHE
+Curves = prime256v1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-22]
+ExpectedResult = Success
+ExpectedTmpKeyType = prime256v1
+
+
+# ===========================================================
+
+[23-curve-secp384r1]
+ssl_conf = 23-curve-secp384r1-ssl
+
+[23-curve-secp384r1-ssl]
+server = 23-curve-secp384r1-server
+client = 23-curve-secp384r1-client
+
+[23-curve-secp384r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp384r1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[23-curve-secp384r1-client]
+CipherString = ECDHE
+Curves = secp384r1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-23]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp384r1
+
+
+# ===========================================================
+
+[24-curve-secp521r1]
+ssl_conf = 24-curve-secp521r1-ssl
+
+[24-curve-secp521r1-ssl]
+server = 24-curve-secp521r1-server
+client = 24-curve-secp521r1-client
+
+[24-curve-secp521r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = secp521r1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[24-curve-secp521r1-client]
+CipherString = ECDHE
+Curves = secp521r1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-24]
+ExpectedResult = Success
+ExpectedTmpKeyType = secp521r1
+
+
+# ===========================================================
+
+[25-curve-brainpoolP256r1]
+ssl_conf = 25-curve-brainpoolP256r1-ssl
+
+[25-curve-brainpoolP256r1-ssl]
+server = 25-curve-brainpoolP256r1-server
+client = 25-curve-brainpoolP256r1-client
+
+[25-curve-brainpoolP256r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = brainpoolP256r1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[25-curve-brainpoolP256r1-client]
+CipherString = ECDHE
+Curves = brainpoolP256r1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-25]
+ExpectedResult = Success
+ExpectedTmpKeyType = brainpoolP256r1
+
+
+# ===========================================================
+
+[26-curve-brainpoolP384r1]
+ssl_conf = 26-curve-brainpoolP384r1-ssl
+
+[26-curve-brainpoolP384r1-ssl]
+server = 26-curve-brainpoolP384r1-server
+client = 26-curve-brainpoolP384r1-client
+
+[26-curve-brainpoolP384r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = brainpoolP384r1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[26-curve-brainpoolP384r1-client]
+CipherString = ECDHE
+Curves = brainpoolP384r1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-26]
+ExpectedResult = Success
+ExpectedTmpKeyType = brainpoolP384r1
+
+
+# ===========================================================
+
+[27-curve-brainpoolP512r1]
+ssl_conf = 27-curve-brainpoolP512r1-ssl
+
+[27-curve-brainpoolP512r1-ssl]
+server = 27-curve-brainpoolP512r1-server
+client = 27-curve-brainpoolP512r1-client
+
+[27-curve-brainpoolP512r1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = brainpoolP512r1
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[27-curve-brainpoolP512r1-client]
+CipherString = ECDHE
+Curves = brainpoolP512r1
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-27]
+ExpectedResult = Success
+ExpectedTmpKeyType = brainpoolP512r1
+
+
+# ===========================================================
+
+[28-curve-X25519]
+ssl_conf = 28-curve-X25519-ssl
+
+[28-curve-X25519-ssl]
+server = 28-curve-X25519-server
+client = 28-curve-X25519-client
+
+[28-curve-X25519-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = X25519
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[28-curve-X25519-client]
+CipherString = ECDHE
+Curves = X25519
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-28]
+ExpectedResult = Success
+ExpectedTmpKeyType = X25519
+
+
+# ===========================================================
+
+[29-curve-X448]
+ssl_conf = 29-curve-X448-ssl
+
+[29-curve-X448-ssl]
+server = 29-curve-X448-server
+client = 29-curve-X448-client
+
+[29-curve-X448-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Curves = X448
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[29-curve-X448-client]
+CipherString = ECDHE
+Curves = X448
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-29]
+ExpectedResult = Success
+ExpectedTmpKeyType = X448
+
+
diff --git a/test/ssl-tests/14-curves.cnf.in b/test/ssl-tests/14-curves.cnf.in

new file mode 100644 (file)

index 0000000..2f8077c
--- /dev/null
+++ b/test/ssl-tests/14-curves.cnf.in
@@ -0,0 +1,47 @@
+# -*- mode: perl; -*-
+
+## SSL test configurations
+
+package ssltests;
+
+use strict;
+use warnings;
+
+use OpenSSL::Test;
+use OpenSSL::Test::Utils qw(anydisabled);
+
+my @curves = ("sect163k1", "sect163r1", "sect163r2", "sect193r1",
+              "sect193r2", "sect233k1", "sect233r1", "sect239k1",
+              "sect283k1", "sect283r1", "sect409k1", "sect409r1",
+              "sect571k1", "sect571r1", "secp160k1", "secp160r1",
+              "secp160r2", "secp192k1", "prime192v1", "secp224k1",
+              "secp224r1", "secp256k1", "prime256v1", "secp384r1",
+              "secp521r1", "brainpoolP256r1", "brainpoolP384r1",
+              "brainpoolP512r1", "X25519", "X448");
+
+our @tests = ();
+
+sub generate_tests() {
+    foreach (0..$#curves) {
+        my $curve = $curves[$_];
+        push @tests, {
+            name => "curve-${curve}",
+            server => {
+                "Curves" => $curve,
+                # TODO(TLS1.3): Can we get this to work for TLSv1.3?
+                "MaxProtocol" => "TLSv1.2"
+            },
+            client => {
+                "CipherString" => "ECDHE",
+                "MaxProtocol" => "TLSv1.2",
+                "Curves" => $curve
+            },
+            test   => {
+                "ExpectedTmpKeyType" => $curve,
+                "ExpectedResult" => "Success"
+            },
+        };
+    }
+}
+
+generate_tests();
diff --git a/test/ssl-tests/14-curves.conf b/test/ssl-tests/14-curves.conf

deleted file mode 100644 (file)

index f76f08f..0000000
--- a/test/ssl-tests/14-curves.conf
+++ /dev/null
@@ -1,874 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 30
-
-test-0 = 0-curve-sect163k1
-test-1 = 1-curve-sect163r1
-test-2 = 2-curve-sect163r2
-test-3 = 3-curve-sect193r1
-test-4 = 4-curve-sect193r2
-test-5 = 5-curve-sect233k1
-test-6 = 6-curve-sect233r1
-test-7 = 7-curve-sect239k1
-test-8 = 8-curve-sect283k1
-test-9 = 9-curve-sect283r1
-test-10 = 10-curve-sect409k1
-test-11 = 11-curve-sect409r1
-test-12 = 12-curve-sect571k1
-test-13 = 13-curve-sect571r1
-test-14 = 14-curve-secp160k1
-test-15 = 15-curve-secp160r1
-test-16 = 16-curve-secp160r2
-test-17 = 17-curve-secp192k1
-test-18 = 18-curve-prime192v1
-test-19 = 19-curve-secp224k1
-test-20 = 20-curve-secp224r1
-test-21 = 21-curve-secp256k1
-test-22 = 22-curve-prime256v1
-test-23 = 23-curve-secp384r1
-test-24 = 24-curve-secp521r1
-test-25 = 25-curve-brainpoolP256r1
-test-26 = 26-curve-brainpoolP384r1
-test-27 = 27-curve-brainpoolP512r1
-test-28 = 28-curve-X25519
-test-29 = 29-curve-X448
-# ===========================================================
-
-[0-curve-sect163k1]
-ssl_conf = 0-curve-sect163k1-ssl
-
-[0-curve-sect163k1-ssl]
-server = 0-curve-sect163k1-server
-client = 0-curve-sect163k1-client
-
-[0-curve-sect163k1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = sect163k1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-curve-sect163k1-client]
-CipherString = ECDHE
-Curves = sect163k1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-ExpectedTmpKeyType = sect163k1
-
-
-# ===========================================================
-
-[1-curve-sect163r1]
-ssl_conf = 1-curve-sect163r1-ssl
-
-[1-curve-sect163r1-ssl]
-server = 1-curve-sect163r1-server
-client = 1-curve-sect163r1-client
-
-[1-curve-sect163r1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = sect163r1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-curve-sect163r1-client]
-CipherString = ECDHE
-Curves = sect163r1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = Success
-ExpectedTmpKeyType = sect163r1
-
-
-# ===========================================================
-
-[2-curve-sect163r2]
-ssl_conf = 2-curve-sect163r2-ssl
-
-[2-curve-sect163r2-ssl]
-server = 2-curve-sect163r2-server
-client = 2-curve-sect163r2-client
-
-[2-curve-sect163r2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = sect163r2
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-curve-sect163r2-client]
-CipherString = ECDHE
-Curves = sect163r2
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedResult = Success
-ExpectedTmpKeyType = sect163r2
-
-
-# ===========================================================
-
-[3-curve-sect193r1]
-ssl_conf = 3-curve-sect193r1-ssl
-
-[3-curve-sect193r1-ssl]
-server = 3-curve-sect193r1-server
-client = 3-curve-sect193r1-client
-
-[3-curve-sect193r1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = sect193r1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-curve-sect193r1-client]
-CipherString = ECDHE
-Curves = sect193r1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedResult = Success
-ExpectedTmpKeyType = sect193r1
-
-
-# ===========================================================
-
-[4-curve-sect193r2]
-ssl_conf = 4-curve-sect193r2-ssl
-
-[4-curve-sect193r2-ssl]
-server = 4-curve-sect193r2-server
-client = 4-curve-sect193r2-client
-
-[4-curve-sect193r2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = sect193r2
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-curve-sect193r2-client]
-CipherString = ECDHE
-Curves = sect193r2
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedResult = Success
-ExpectedTmpKeyType = sect193r2
-
-
-# ===========================================================
-
-[5-curve-sect233k1]
-ssl_conf = 5-curve-sect233k1-ssl
-
-[5-curve-sect233k1-ssl]
-server = 5-curve-sect233k1-server
-client = 5-curve-sect233k1-client
-
-[5-curve-sect233k1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = sect233k1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-curve-sect233k1-client]
-CipherString = ECDHE
-Curves = sect233k1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedResult = Success
-ExpectedTmpKeyType = sect233k1
-
-
-# ===========================================================
-
-[6-curve-sect233r1]
-ssl_conf = 6-curve-sect233r1-ssl
-
-[6-curve-sect233r1-ssl]
-server = 6-curve-sect233r1-server
-client = 6-curve-sect233r1-client
-
-[6-curve-sect233r1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = sect233r1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-curve-sect233r1-client]
-CipherString = ECDHE
-Curves = sect233r1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ExpectedResult = Success
-ExpectedTmpKeyType = sect233r1
-
-
-# ===========================================================
-
-[7-curve-sect239k1]
-ssl_conf = 7-curve-sect239k1-ssl
-
-[7-curve-sect239k1-ssl]
-server = 7-curve-sect239k1-server
-client = 7-curve-sect239k1-client
-
-[7-curve-sect239k1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = sect239k1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-curve-sect239k1-client]
-CipherString = ECDHE
-Curves = sect239k1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-ExpectedResult = Success
-ExpectedTmpKeyType = sect239k1
-
-
-# ===========================================================
-
-[8-curve-sect283k1]
-ssl_conf = 8-curve-sect283k1-ssl
-
-[8-curve-sect283k1-ssl]
-server = 8-curve-sect283k1-server
-client = 8-curve-sect283k1-client
-
-[8-curve-sect283k1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = sect283k1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-curve-sect283k1-client]
-CipherString = ECDHE
-Curves = sect283k1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-8]
-ExpectedResult = Success
-ExpectedTmpKeyType = sect283k1
-
-
-# ===========================================================
-
-[9-curve-sect283r1]
-ssl_conf = 9-curve-sect283r1-ssl
-
-[9-curve-sect283r1-ssl]
-server = 9-curve-sect283r1-server
-client = 9-curve-sect283r1-client
-
-[9-curve-sect283r1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = sect283r1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[9-curve-sect283r1-client]
-CipherString = ECDHE
-Curves = sect283r1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-9]
-ExpectedResult = Success
-ExpectedTmpKeyType = sect283r1
-
-
-# ===========================================================
-
-[10-curve-sect409k1]
-ssl_conf = 10-curve-sect409k1-ssl
-
-[10-curve-sect409k1-ssl]
-server = 10-curve-sect409k1-server
-client = 10-curve-sect409k1-client
-
-[10-curve-sect409k1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = sect409k1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[10-curve-sect409k1-client]
-CipherString = ECDHE
-Curves = sect409k1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-10]
-ExpectedResult = Success
-ExpectedTmpKeyType = sect409k1
-
-
-# ===========================================================
-
-[11-curve-sect409r1]
-ssl_conf = 11-curve-sect409r1-ssl
-
-[11-curve-sect409r1-ssl]
-server = 11-curve-sect409r1-server
-client = 11-curve-sect409r1-client
-
-[11-curve-sect409r1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = sect409r1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[11-curve-sect409r1-client]
-CipherString = ECDHE
-Curves = sect409r1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-11]
-ExpectedResult = Success
-ExpectedTmpKeyType = sect409r1
-
-
-# ===========================================================
-
-[12-curve-sect571k1]
-ssl_conf = 12-curve-sect571k1-ssl
-
-[12-curve-sect571k1-ssl]
-server = 12-curve-sect571k1-server
-client = 12-curve-sect571k1-client
-
-[12-curve-sect571k1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = sect571k1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[12-curve-sect571k1-client]
-CipherString = ECDHE
-Curves = sect571k1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-12]
-ExpectedResult = Success
-ExpectedTmpKeyType = sect571k1
-
-
-# ===========================================================
-
-[13-curve-sect571r1]
-ssl_conf = 13-curve-sect571r1-ssl
-
-[13-curve-sect571r1-ssl]
-server = 13-curve-sect571r1-server
-client = 13-curve-sect571r1-client
-
-[13-curve-sect571r1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = sect571r1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[13-curve-sect571r1-client]
-CipherString = ECDHE
-Curves = sect571r1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-13]
-ExpectedResult = Success
-ExpectedTmpKeyType = sect571r1
-
-
-# ===========================================================
-
-[14-curve-secp160k1]
-ssl_conf = 14-curve-secp160k1-ssl
-
-[14-curve-secp160k1-ssl]
-server = 14-curve-secp160k1-server
-client = 14-curve-secp160k1-client
-
-[14-curve-secp160k1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = secp160k1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[14-curve-secp160k1-client]
-CipherString = ECDHE
-Curves = secp160k1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-14]
-ExpectedResult = Success
-ExpectedTmpKeyType = secp160k1
-
-
-# ===========================================================
-
-[15-curve-secp160r1]
-ssl_conf = 15-curve-secp160r1-ssl
-
-[15-curve-secp160r1-ssl]
-server = 15-curve-secp160r1-server
-client = 15-curve-secp160r1-client
-
-[15-curve-secp160r1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = secp160r1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[15-curve-secp160r1-client]
-CipherString = ECDHE
-Curves = secp160r1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-15]
-ExpectedResult = Success
-ExpectedTmpKeyType = secp160r1
-
-
-# ===========================================================
-
-[16-curve-secp160r2]
-ssl_conf = 16-curve-secp160r2-ssl
-
-[16-curve-secp160r2-ssl]
-server = 16-curve-secp160r2-server
-client = 16-curve-secp160r2-client
-
-[16-curve-secp160r2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = secp160r2
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[16-curve-secp160r2-client]
-CipherString = ECDHE
-Curves = secp160r2
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-16]
-ExpectedResult = Success
-ExpectedTmpKeyType = secp160r2
-
-
-# ===========================================================
-
-[17-curve-secp192k1]
-ssl_conf = 17-curve-secp192k1-ssl
-
-[17-curve-secp192k1-ssl]
-server = 17-curve-secp192k1-server
-client = 17-curve-secp192k1-client
-
-[17-curve-secp192k1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = secp192k1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[17-curve-secp192k1-client]
-CipherString = ECDHE
-Curves = secp192k1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-17]
-ExpectedResult = Success
-ExpectedTmpKeyType = secp192k1
-
-
-# ===========================================================
-
-[18-curve-prime192v1]
-ssl_conf = 18-curve-prime192v1-ssl
-
-[18-curve-prime192v1-ssl]
-server = 18-curve-prime192v1-server
-client = 18-curve-prime192v1-client
-
-[18-curve-prime192v1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = prime192v1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[18-curve-prime192v1-client]
-CipherString = ECDHE
-Curves = prime192v1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-18]
-ExpectedResult = Success
-ExpectedTmpKeyType = prime192v1
-
-
-# ===========================================================
-
-[19-curve-secp224k1]
-ssl_conf = 19-curve-secp224k1-ssl
-
-[19-curve-secp224k1-ssl]
-server = 19-curve-secp224k1-server
-client = 19-curve-secp224k1-client
-
-[19-curve-secp224k1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = secp224k1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[19-curve-secp224k1-client]
-CipherString = ECDHE
-Curves = secp224k1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-19]
-ExpectedResult = Success
-ExpectedTmpKeyType = secp224k1
-
-
-# ===========================================================
-
-[20-curve-secp224r1]
-ssl_conf = 20-curve-secp224r1-ssl
-
-[20-curve-secp224r1-ssl]
-server = 20-curve-secp224r1-server
-client = 20-curve-secp224r1-client
-
-[20-curve-secp224r1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = secp224r1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[20-curve-secp224r1-client]
-CipherString = ECDHE
-Curves = secp224r1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-20]
-ExpectedResult = Success
-ExpectedTmpKeyType = secp224r1
-
-
-# ===========================================================
-
-[21-curve-secp256k1]
-ssl_conf = 21-curve-secp256k1-ssl
-
-[21-curve-secp256k1-ssl]
-server = 21-curve-secp256k1-server
-client = 21-curve-secp256k1-client
-
-[21-curve-secp256k1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = secp256k1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[21-curve-secp256k1-client]
-CipherString = ECDHE
-Curves = secp256k1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-21]
-ExpectedResult = Success
-ExpectedTmpKeyType = secp256k1
-
-
-# ===========================================================
-
-[22-curve-prime256v1]
-ssl_conf = 22-curve-prime256v1-ssl
-
-[22-curve-prime256v1-ssl]
-server = 22-curve-prime256v1-server
-client = 22-curve-prime256v1-client
-
-[22-curve-prime256v1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = prime256v1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[22-curve-prime256v1-client]
-CipherString = ECDHE
-Curves = prime256v1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-22]
-ExpectedResult = Success
-ExpectedTmpKeyType = prime256v1
-
-
-# ===========================================================
-
-[23-curve-secp384r1]
-ssl_conf = 23-curve-secp384r1-ssl
-
-[23-curve-secp384r1-ssl]
-server = 23-curve-secp384r1-server
-client = 23-curve-secp384r1-client
-
-[23-curve-secp384r1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = secp384r1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[23-curve-secp384r1-client]
-CipherString = ECDHE
-Curves = secp384r1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-23]
-ExpectedResult = Success
-ExpectedTmpKeyType = secp384r1
-
-
-# ===========================================================
-
-[24-curve-secp521r1]
-ssl_conf = 24-curve-secp521r1-ssl
-
-[24-curve-secp521r1-ssl]
-server = 24-curve-secp521r1-server
-client = 24-curve-secp521r1-client
-
-[24-curve-secp521r1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = secp521r1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[24-curve-secp521r1-client]
-CipherString = ECDHE
-Curves = secp521r1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-24]
-ExpectedResult = Success
-ExpectedTmpKeyType = secp521r1
-
-
-# ===========================================================
-
-[25-curve-brainpoolP256r1]
-ssl_conf = 25-curve-brainpoolP256r1-ssl
-
-[25-curve-brainpoolP256r1-ssl]
-server = 25-curve-brainpoolP256r1-server
-client = 25-curve-brainpoolP256r1-client
-
-[25-curve-brainpoolP256r1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = brainpoolP256r1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[25-curve-brainpoolP256r1-client]
-CipherString = ECDHE
-Curves = brainpoolP256r1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-25]
-ExpectedResult = Success
-ExpectedTmpKeyType = brainpoolP256r1
-
-
-# ===========================================================
-
-[26-curve-brainpoolP384r1]
-ssl_conf = 26-curve-brainpoolP384r1-ssl
-
-[26-curve-brainpoolP384r1-ssl]
-server = 26-curve-brainpoolP384r1-server
-client = 26-curve-brainpoolP384r1-client
-
-[26-curve-brainpoolP384r1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = brainpoolP384r1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[26-curve-brainpoolP384r1-client]
-CipherString = ECDHE
-Curves = brainpoolP384r1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-26]
-ExpectedResult = Success
-ExpectedTmpKeyType = brainpoolP384r1
-
-
-# ===========================================================
-
-[27-curve-brainpoolP512r1]
-ssl_conf = 27-curve-brainpoolP512r1-ssl
-
-[27-curve-brainpoolP512r1-ssl]
-server = 27-curve-brainpoolP512r1-server
-client = 27-curve-brainpoolP512r1-client
-
-[27-curve-brainpoolP512r1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = brainpoolP512r1
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[27-curve-brainpoolP512r1-client]
-CipherString = ECDHE
-Curves = brainpoolP512r1
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-27]
-ExpectedResult = Success
-ExpectedTmpKeyType = brainpoolP512r1
-
-
-# ===========================================================
-
-[28-curve-X25519]
-ssl_conf = 28-curve-X25519-ssl
-
-[28-curve-X25519-ssl]
-server = 28-curve-X25519-server
-client = 28-curve-X25519-client
-
-[28-curve-X25519-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = X25519
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[28-curve-X25519-client]
-CipherString = ECDHE
-Curves = X25519
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-28]
-ExpectedResult = Success
-ExpectedTmpKeyType = X25519
-
-
-# ===========================================================
-
-[29-curve-X448]
-ssl_conf = 29-curve-X448-ssl
-
-[29-curve-X448-ssl]
-server = 29-curve-X448-server
-client = 29-curve-X448-client
-
-[29-curve-X448-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Curves = X448
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[29-curve-X448-client]
-CipherString = ECDHE
-Curves = X448
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-29]
-ExpectedResult = Success
-ExpectedTmpKeyType = X448
-
-
diff --git a/test/ssl-tests/14-curves.conf.in b/test/ssl-tests/14-curves.conf.in

deleted file mode 100644 (file)

index 2f8077c..0000000
--- a/test/ssl-tests/14-curves.conf.in
+++ /dev/null
@@ -1,47 +0,0 @@
-# -*- mode: perl; -*-
-
-## SSL test configurations
-
-package ssltests;
-
-use strict;
-use warnings;
-
-use OpenSSL::Test;
-use OpenSSL::Test::Utils qw(anydisabled);
-
-my @curves = ("sect163k1", "sect163r1", "sect163r2", "sect193r1",
-              "sect193r2", "sect233k1", "sect233r1", "sect239k1",
-              "sect283k1", "sect283r1", "sect409k1", "sect409r1",
-              "sect571k1", "sect571r1", "secp160k1", "secp160r1",
-              "secp160r2", "secp192k1", "prime192v1", "secp224k1",
-              "secp224r1", "secp256k1", "prime256v1", "secp384r1",
-              "secp521r1", "brainpoolP256r1", "brainpoolP384r1",
-              "brainpoolP512r1", "X25519", "X448");
-
-our @tests = ();
-
-sub generate_tests() {
-    foreach (0..$#curves) {
-        my $curve = $curves[$_];
-        push @tests, {
-            name => "curve-${curve}",
-            server => {
-                "Curves" => $curve,
-                # TODO(TLS1.3): Can we get this to work for TLSv1.3?
-                "MaxProtocol" => "TLSv1.2"
-            },
-            client => {
-                "CipherString" => "ECDHE",
-                "MaxProtocol" => "TLSv1.2",
-                "Curves" => $curve
-            },
-            test   => {
-                "ExpectedTmpKeyType" => $curve,
-                "ExpectedResult" => "Success"
-            },
-        };
-    }
-}
-
-generate_tests();
diff --git a/test/ssl-tests/15-certstatus.cnf b/test/ssl-tests/15-certstatus.cnf

new file mode 100644 (file)

index 0000000..bf6c41c
--- /dev/null
+++ b/test/ssl-tests/15-certstatus.cnf
@@ -0,0 +1,62 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 2
+
+test-0 = 0-certstatus-good
+test-1 = 1-certstatus-bad
+# ===========================================================
+
+[0-certstatus-good]
+ssl_conf = 0-certstatus-good-ssl
+
+[0-certstatus-good-ssl]
+server = 0-certstatus-good-server
+client = 0-certstatus-good-client
+
+[0-certstatus-good-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-certstatus-good-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+Method = TLS
+server = 0-certstatus-good-server-extra
+
+[0-certstatus-good-server-extra]
+CertStatus = GoodResponse
+
+
+# ===========================================================
+
+[1-certstatus-bad]
+ssl_conf = 1-certstatus-bad-ssl
+
+[1-certstatus-bad-ssl]
+server = 1-certstatus-bad-server
+client = 1-certstatus-bad-client
+
+[1-certstatus-bad-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-certstatus-bad-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = ClientFail
+Method = TLS
+server = 1-certstatus-bad-server-extra
+
+[1-certstatus-bad-server-extra]
+CertStatus = BadResponse
+
+
diff --git a/test/ssl-tests/15-certstatus.cnf.in b/test/ssl-tests/15-certstatus.cnf.in

new file mode 100644 (file)

index 0000000..67b0602
--- /dev/null
+++ b/test/ssl-tests/15-certstatus.cnf.in
@@ -0,0 +1,45 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test CertStatus messages
+
+use strict;
+use warnings;
+
+package ssltests;
+
+
+our @tests = (
+    {
+        name => "certstatus-good",
+        server => {
+            extra => {
+                "CertStatus" => "GoodResponse",
+            },
+        },
+        client => {},
+        test => {
+            "Method" => "TLS",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "certstatus-bad",
+        server => {
+            extra => {
+                "CertStatus" => "BadResponse",
+            },
+        },
+        client => {},
+        test => {
+            "Method" => "TLS",
+            "ExpectedResult" => "ClientFail"
+        }
+    },
+);
diff --git a/test/ssl-tests/15-certstatus.conf b/test/ssl-tests/15-certstatus.conf

deleted file mode 100644 (file)

index bf6c41c..0000000
--- a/test/ssl-tests/15-certstatus.conf
+++ /dev/null
@@ -1,62 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 2
-
-test-0 = 0-certstatus-good
-test-1 = 1-certstatus-bad
-# ===========================================================
-
-[0-certstatus-good]
-ssl_conf = 0-certstatus-good-ssl
-
-[0-certstatus-good-ssl]
-server = 0-certstatus-good-server
-client = 0-certstatus-good-client
-
-[0-certstatus-good-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-certstatus-good-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-Method = TLS
-server = 0-certstatus-good-server-extra
-
-[0-certstatus-good-server-extra]
-CertStatus = GoodResponse
-
-
-# ===========================================================
-
-[1-certstatus-bad]
-ssl_conf = 1-certstatus-bad-ssl
-
-[1-certstatus-bad-ssl]
-server = 1-certstatus-bad-server
-client = 1-certstatus-bad-client
-
-[1-certstatus-bad-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-certstatus-bad-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = ClientFail
-Method = TLS
-server = 1-certstatus-bad-server-extra
-
-[1-certstatus-bad-server-extra]
-CertStatus = BadResponse
-
-
diff --git a/test/ssl-tests/15-certstatus.conf.in b/test/ssl-tests/15-certstatus.conf.in

deleted file mode 100644 (file)

index 67b0602..0000000
--- a/test/ssl-tests/15-certstatus.conf.in
+++ /dev/null
@@ -1,45 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test CertStatus messages
-
-use strict;
-use warnings;
-
-package ssltests;
-
-
-our @tests = (
-    {
-        name => "certstatus-good",
-        server => {
-            extra => {
-                "CertStatus" => "GoodResponse",
-            },
-        },
-        client => {},
-        test => {
-            "Method" => "TLS",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "certstatus-bad",
-        server => {
-            extra => {
-                "CertStatus" => "BadResponse",
-            },
-        },
-        client => {},
-        test => {
-            "Method" => "TLS",
-            "ExpectedResult" => "ClientFail"
-        }
-    },
-);
diff --git a/test/ssl-tests/16-dtls-certstatus.cnf b/test/ssl-tests/16-dtls-certstatus.cnf

new file mode 100644 (file)

index 0000000..a561803
--- /dev/null
+++ b/test/ssl-tests/16-dtls-certstatus.cnf
@@ -0,0 +1,62 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 2
+
+test-0 = 0-certstatus-good
+test-1 = 1-certstatus-bad
+# ===========================================================
+
+[0-certstatus-good]
+ssl_conf = 0-certstatus-good-ssl
+
+[0-certstatus-good-ssl]
+server = 0-certstatus-good-server
+client = 0-certstatus-good-client
+
+[0-certstatus-good-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-certstatus-good-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+Method = DTLS
+server = 0-certstatus-good-server-extra
+
+[0-certstatus-good-server-extra]
+CertStatus = GoodResponse
+
+
+# ===========================================================
+
+[1-certstatus-bad]
+ssl_conf = 1-certstatus-bad-ssl
+
+[1-certstatus-bad-ssl]
+server = 1-certstatus-bad-server
+client = 1-certstatus-bad-client
+
+[1-certstatus-bad-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-certstatus-bad-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = ClientFail
+Method = DTLS
+server = 1-certstatus-bad-server-extra
+
+[1-certstatus-bad-server-extra]
+CertStatus = BadResponse
+
+
diff --git a/test/ssl-tests/16-dtls-certstatus.cnf.in b/test/ssl-tests/16-dtls-certstatus.cnf.in

new file mode 100644 (file)

index 0000000..742de63
--- /dev/null
+++ b/test/ssl-tests/16-dtls-certstatus.cnf.in
@@ -0,0 +1,78 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test DTLS CertStatus messages
+
+use strict;
+use warnings;
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+our @tests = (
+    {
+        name => "certstatus-good",
+        server => {
+            extra => {
+                "CertStatus" => "GoodResponse",
+            },
+        },
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "certstatus-bad",
+        server => {
+            extra => {
+                "CertStatus" => "BadResponse",
+            },
+        },
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "ExpectedResult" => "ClientFail"
+        }
+    }
+);
+
+our @tests_sctp = (
+    {
+        name => "certstatus-good",
+        server => {
+            extra => {
+                "CertStatus" => "GoodResponse",
+            },
+        },
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "UseSCTP" => "Yes",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "certstatus-bad",
+        server => {
+            extra => {
+                "CertStatus" => "BadResponse",
+            },
+        },
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "UseSCTP" => "Yes",
+            "ExpectedResult" => "ClientFail"
+        }
+    },
+);
+
+push @tests, @tests_sctp unless disabled("sctp") || disabled("sock");
diff --git a/test/ssl-tests/16-dtls-certstatus.conf b/test/ssl-tests/16-dtls-certstatus.conf

deleted file mode 100644 (file)

index a561803..0000000
--- a/test/ssl-tests/16-dtls-certstatus.conf
+++ /dev/null
@@ -1,62 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 2
-
-test-0 = 0-certstatus-good
-test-1 = 1-certstatus-bad
-# ===========================================================
-
-[0-certstatus-good]
-ssl_conf = 0-certstatus-good-ssl
-
-[0-certstatus-good-ssl]
-server = 0-certstatus-good-server
-client = 0-certstatus-good-client
-
-[0-certstatus-good-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-certstatus-good-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-Method = DTLS
-server = 0-certstatus-good-server-extra
-
-[0-certstatus-good-server-extra]
-CertStatus = GoodResponse
-
-
-# ===========================================================
-
-[1-certstatus-bad]
-ssl_conf = 1-certstatus-bad-ssl
-
-[1-certstatus-bad-ssl]
-server = 1-certstatus-bad-server
-client = 1-certstatus-bad-client
-
-[1-certstatus-bad-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-certstatus-bad-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = ClientFail
-Method = DTLS
-server = 1-certstatus-bad-server-extra
-
-[1-certstatus-bad-server-extra]
-CertStatus = BadResponse
-
-
diff --git a/test/ssl-tests/16-dtls-certstatus.conf.in b/test/ssl-tests/16-dtls-certstatus.conf.in

deleted file mode 100644 (file)

index 742de63..0000000
--- a/test/ssl-tests/16-dtls-certstatus.conf.in
+++ /dev/null
@@ -1,78 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test DTLS CertStatus messages
-
-use strict;
-use warnings;
-
-package ssltests;
-use OpenSSL::Test::Utils;
-
-our @tests = (
-    {
-        name => "certstatus-good",
-        server => {
-            extra => {
-                "CertStatus" => "GoodResponse",
-            },
-        },
-        client => {},
-        test => {
-            "Method" => "DTLS",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "certstatus-bad",
-        server => {
-            extra => {
-                "CertStatus" => "BadResponse",
-            },
-        },
-        client => {},
-        test => {
-            "Method" => "DTLS",
-            "ExpectedResult" => "ClientFail"
-        }
-    }
-);
-
-our @tests_sctp = (
-    {
-        name => "certstatus-good",
-        server => {
-            extra => {
-                "CertStatus" => "GoodResponse",
-            },
-        },
-        client => {},
-        test => {
-            "Method" => "DTLS",
-            "UseSCTP" => "Yes",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "certstatus-bad",
-        server => {
-            extra => {
-                "CertStatus" => "BadResponse",
-            },
-        },
-        client => {},
-        test => {
-            "Method" => "DTLS",
-            "UseSCTP" => "Yes",
-            "ExpectedResult" => "ClientFail"
-        }
-    },
-);
-
-push @tests, @tests_sctp unless disabled("sctp") || disabled("sock");
diff --git a/test/ssl-tests/17-renegotiate.cnf b/test/ssl-tests/17-renegotiate.cnf

new file mode 100644 (file)

index 0000000..12cf791
--- /dev/null
+++ b/test/ssl-tests/17-renegotiate.cnf
@@ -0,0 +1,432 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 14
+
+test-0 = 0-renegotiate-client-no-resume
+test-1 = 1-renegotiate-client-resume
+test-2 = 2-renegotiate-server-no-resume
+test-3 = 3-renegotiate-server-resume
+test-4 = 4-renegotiate-client-auth-require
+test-5 = 5-renegotiate-client-auth-once
+test-6 = 6-renegotiate-aead-to-non-aead
+test-7 = 7-renegotiate-non-aead-to-aead
+test-8 = 8-renegotiate-non-aead-to-non-aead
+test-9 = 9-renegotiate-aead-to-aead
+test-10 = 10-no-renegotiation-server-by-client
+test-11 = 11-no-renegotiation-server-by-server
+test-12 = 12-no-renegotiation-client-by-server
+test-13 = 13-no-renegotiation-client-by-client
+# ===========================================================
+
+[0-renegotiate-client-no-resume]
+ssl_conf = 0-renegotiate-client-no-resume-ssl
+
+[0-renegotiate-client-no-resume-ssl]
+server = 0-renegotiate-client-no-resume-server
+client = 0-renegotiate-client-no-resume-client
+
+[0-renegotiate-client-no-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-renegotiate-client-no-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[1-renegotiate-client-resume]
+ssl_conf = 1-renegotiate-client-resume-ssl
+
+[1-renegotiate-client-resume-ssl]
+server = 1-renegotiate-client-resume-server
+client = 1-renegotiate-client-resume-client
+
+[1-renegotiate-client-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-renegotiate-client-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[2-renegotiate-server-no-resume]
+ssl_conf = 2-renegotiate-server-no-resume-ssl
+
+[2-renegotiate-server-no-resume-ssl]
+server = 2-renegotiate-server-no-resume-server
+client = 2-renegotiate-server-no-resume-client
+
+[2-renegotiate-server-no-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-renegotiate-server-no-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = TLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[3-renegotiate-server-resume]
+ssl_conf = 3-renegotiate-server-resume-ssl
+
+[3-renegotiate-server-resume-ssl]
+server = 3-renegotiate-server-resume-server
+client = 3-renegotiate-server-resume-client
+
+[3-renegotiate-server-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-renegotiate-server-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = TLS
+ResumptionExpected = Yes
+
+
+# ===========================================================
+
+[4-renegotiate-client-auth-require]
+ssl_conf = 4-renegotiate-client-auth-require-ssl
+
+[4-renegotiate-client-auth-require-ssl]
+server = 4-renegotiate-client-auth-require-server
+client = 4-renegotiate-client-auth-require-client
+
+[4-renegotiate-client-auth-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[4-renegotiate-client-auth-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = TLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[5-renegotiate-client-auth-once]
+ssl_conf = 5-renegotiate-client-auth-once-ssl
+
+[5-renegotiate-client-auth-once-ssl]
+server = 5-renegotiate-client-auth-once-server
+client = 5-renegotiate-client-auth-once-client
+
+[5-renegotiate-client-auth-once-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Once
+
+[5-renegotiate-client-auth-once-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = TLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[6-renegotiate-aead-to-non-aead]
+ssl_conf = 6-renegotiate-aead-to-non-aead-ssl
+
+[6-renegotiate-aead-to-non-aead-ssl]
+server = 6-renegotiate-aead-to-non-aead-server
+client = 6-renegotiate-aead-to-non-aead-client
+
+[6-renegotiate-aead-to-non-aead-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-renegotiate-aead-to-non-aead-client]
+CipherString = AES128-GCM-SHA256
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = No
+client = 6-renegotiate-aead-to-non-aead-client-extra
+
+[6-renegotiate-aead-to-non-aead-client-extra]
+RenegotiateCiphers = AES128-SHA
+
+
+# ===========================================================
+
+[7-renegotiate-non-aead-to-aead]
+ssl_conf = 7-renegotiate-non-aead-to-aead-ssl
+
+[7-renegotiate-non-aead-to-aead-ssl]
+server = 7-renegotiate-non-aead-to-aead-server
+client = 7-renegotiate-non-aead-to-aead-client
+
+[7-renegotiate-non-aead-to-aead-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-renegotiate-non-aead-to-aead-client]
+CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = No
+client = 7-renegotiate-non-aead-to-aead-client-extra
+
+[7-renegotiate-non-aead-to-aead-client-extra]
+RenegotiateCiphers = AES128-GCM-SHA256
+
+
+# ===========================================================
+
+[8-renegotiate-non-aead-to-non-aead]
+ssl_conf = 8-renegotiate-non-aead-to-non-aead-ssl
+
+[8-renegotiate-non-aead-to-non-aead-ssl]
+server = 8-renegotiate-non-aead-to-non-aead-server
+client = 8-renegotiate-non-aead-to-non-aead-client
+
+[8-renegotiate-non-aead-to-non-aead-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-renegotiate-non-aead-to-non-aead-client]
+CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = No
+client = 8-renegotiate-non-aead-to-non-aead-client-extra
+
+[8-renegotiate-non-aead-to-non-aead-client-extra]
+RenegotiateCiphers = AES256-SHA
+
+
+# ===========================================================
+
+[9-renegotiate-aead-to-aead]
+ssl_conf = 9-renegotiate-aead-to-aead-ssl
+
+[9-renegotiate-aead-to-aead-ssl]
+server = 9-renegotiate-aead-to-aead-server
+client = 9-renegotiate-aead-to-aead-client
+
+[9-renegotiate-aead-to-aead-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-renegotiate-aead-to-aead-client]
+CipherString = AES128-GCM-SHA256
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = No
+client = 9-renegotiate-aead-to-aead-client-extra
+
+[9-renegotiate-aead-to-aead-client-extra]
+RenegotiateCiphers = AES256-GCM-SHA384
+
+
+# ===========================================================
+
+[10-no-renegotiation-server-by-client]
+ssl_conf = 10-no-renegotiation-server-by-client-ssl
+
+[10-no-renegotiation-server-by-client-ssl]
+server = 10-no-renegotiation-server-by-client-server
+client = 10-no-renegotiation-server-by-client-client
+
+[10-no-renegotiation-server-by-client-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-no-renegotiation-server-by-client-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedResult = ClientFail
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[11-no-renegotiation-server-by-server]
+ssl_conf = 11-no-renegotiation-server-by-server-ssl
+
+[11-no-renegotiation-server-by-server-ssl]
+server = 11-no-renegotiation-server-by-server-server
+client = 11-no-renegotiation-server-by-server-client
+
+[11-no-renegotiation-server-by-server-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = NoRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-no-renegotiation-server-by-server-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedResult = ServerFail
+HandshakeMode = RenegotiateServer
+Method = TLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[12-no-renegotiation-client-by-server]
+ssl_conf = 12-no-renegotiation-client-by-server-ssl
+
+[12-no-renegotiation-client-by-server-ssl]
+server = 12-no-renegotiation-client-by-server-server
+client = 12-no-renegotiation-client-by-server-client
+
+[12-no-renegotiation-client-by-server-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-no-renegotiation-client-by-server-client]
+CipherString = DEFAULT
+Options = NoRenegotiation
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedResult = ServerFail
+HandshakeMode = RenegotiateServer
+Method = TLS
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[13-no-renegotiation-client-by-client]
+ssl_conf = 13-no-renegotiation-client-by-client-ssl
+
+[13-no-renegotiation-client-by-client-ssl]
+server = 13-no-renegotiation-client-by-client-server
+client = 13-no-renegotiation-client-by-client-client
+
+[13-no-renegotiation-client-by-client-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-no-renegotiation-client-by-client-client]
+CipherString = DEFAULT
+Options = NoRenegotiation
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedResult = ClientFail
+HandshakeMode = RenegotiateClient
+Method = TLS
+ResumptionExpected = No
+
+
diff --git a/test/ssl-tests/17-renegotiate.cnf.in b/test/ssl-tests/17-renegotiate.cnf.in

new file mode 100644 (file)

index 0000000..636f9fb
--- /dev/null
+++ b/test/ssl-tests/17-renegotiate.cnf.in
@@ -0,0 +1,249 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test Renegotiation
+
+use strict;
+use warnings;
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+our @tests = (
+    {
+        name => "renegotiate-client-no-resume",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => {},
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-resume",
+        server => {
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => {},
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "Yes",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-server-no-resume",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => {},
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-server-resume",
+        server => {
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => {},
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "Yes",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-auth-require",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+            "MaxProtocol" => "TLSv1.2",
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require",
+        },
+        client => {
+            "Certificate" => test_pem("ee-client-chain.pem"),
+            "PrivateKey"  => test_pem("ee-key.pem"),
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-client-auth-once",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+            "MaxProtocol" => "TLSv1.2",
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Once",
+        },
+        client => {
+            "Certificate" => test_pem("ee-client-chain.pem"),
+            "PrivateKey"  => test_pem("ee-key.pem"),
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    }
+);
+our @tests_tls1_2 = (
+    {
+        name => "renegotiate-aead-to-non-aead",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+        },
+        client => {
+            "CipherString" => "AES128-GCM-SHA256",
+            "MaxProtocol" => "TLSv1.2",
+            extra => {
+                "RenegotiateCiphers" => "AES128-SHA"
+            }
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-non-aead-to-aead",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+        },
+        client => {
+            "CipherString" => "AES128-SHA",
+            "MaxProtocol" => "TLSv1.2",
+            extra => {
+                "RenegotiateCiphers" => "AES128-GCM-SHA256"
+            }
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-non-aead-to-non-aead",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+        },
+        client => {
+            "CipherString" => "AES128-SHA",
+            "MaxProtocol" => "TLSv1.2",
+            extra => {
+                "RenegotiateCiphers" => "AES256-SHA"
+            }
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "renegotiate-aead-to-aead",
+        server => {
+            "Options" => "NoResumptionOnRenegotiation",
+        },
+        client => {
+            "CipherString" => "AES128-GCM-SHA256",
+            "MaxProtocol" => "TLSv1.2",
+            extra => {
+                "RenegotiateCiphers" => "AES256-GCM-SHA384"
+            }
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "no-renegotiation-server-by-client",
+        server => {
+            "Options" => "NoRenegotiation",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => { },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "ClientFail"
+        }
+    },
+    {
+        name => "no-renegotiation-server-by-server",
+        server => {
+            "Options" => "NoRenegotiation",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => { },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "ServerFail"
+        }
+    },
+    {
+        name => "no-renegotiation-client-by-server",
+        server => {
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => {
+            "Options" => "NoRenegotiation",
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateServer",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "ServerFail"
+        }
+    },
+    {
+        name => "no-renegotiation-client-by-client",
+        server => {
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => {
+            "Options" => "NoRenegotiation",
+        },
+        test => {
+            "Method" => "TLS",
+            "HandshakeMode" => "RenegotiateClient",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "ClientFail"
+        }
+    }
+);
+
+push @tests, @tests_tls1_2 unless disabled("tls1_2");
diff --git a/test/ssl-tests/17-renegotiate.conf b/test/ssl-tests/17-renegotiate.conf

deleted file mode 100644 (file)

index 12cf791..0000000
--- a/test/ssl-tests/17-renegotiate.conf
+++ /dev/null
@@ -1,432 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 14
-
-test-0 = 0-renegotiate-client-no-resume
-test-1 = 1-renegotiate-client-resume
-test-2 = 2-renegotiate-server-no-resume
-test-3 = 3-renegotiate-server-resume
-test-4 = 4-renegotiate-client-auth-require
-test-5 = 5-renegotiate-client-auth-once
-test-6 = 6-renegotiate-aead-to-non-aead
-test-7 = 7-renegotiate-non-aead-to-aead
-test-8 = 8-renegotiate-non-aead-to-non-aead
-test-9 = 9-renegotiate-aead-to-aead
-test-10 = 10-no-renegotiation-server-by-client
-test-11 = 11-no-renegotiation-server-by-server
-test-12 = 12-no-renegotiation-client-by-server
-test-13 = 13-no-renegotiation-client-by-client
-# ===========================================================
-
-[0-renegotiate-client-no-resume]
-ssl_conf = 0-renegotiate-client-no-resume-ssl
-
-[0-renegotiate-client-no-resume-ssl]
-server = 0-renegotiate-client-no-resume-server
-client = 0-renegotiate-client-no-resume-client
-
-[0-renegotiate-client-no-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = NoResumptionOnRenegotiation
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-renegotiate-client-no-resume-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-HandshakeMode = RenegotiateClient
-Method = TLS
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[1-renegotiate-client-resume]
-ssl_conf = 1-renegotiate-client-resume-ssl
-
-[1-renegotiate-client-resume-ssl]
-server = 1-renegotiate-client-resume-server
-client = 1-renegotiate-client-resume-client
-
-[1-renegotiate-client-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-renegotiate-client-resume-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = Success
-HandshakeMode = RenegotiateClient
-Method = TLS
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[2-renegotiate-server-no-resume]
-ssl_conf = 2-renegotiate-server-no-resume-ssl
-
-[2-renegotiate-server-no-resume-ssl]
-server = 2-renegotiate-server-no-resume-server
-client = 2-renegotiate-server-no-resume-client
-
-[2-renegotiate-server-no-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = NoResumptionOnRenegotiation
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-renegotiate-server-no-resume-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedResult = Success
-HandshakeMode = RenegotiateServer
-Method = TLS
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[3-renegotiate-server-resume]
-ssl_conf = 3-renegotiate-server-resume-ssl
-
-[3-renegotiate-server-resume-ssl]
-server = 3-renegotiate-server-resume-server
-client = 3-renegotiate-server-resume-client
-
-[3-renegotiate-server-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-renegotiate-server-resume-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedResult = Success
-HandshakeMode = RenegotiateServer
-Method = TLS
-ResumptionExpected = Yes
-
-
-# ===========================================================
-
-[4-renegotiate-client-auth-require]
-ssl_conf = 4-renegotiate-client-auth-require-ssl
-
-[4-renegotiate-client-auth-require-ssl]
-server = 4-renegotiate-client-auth-require-server
-client = 4-renegotiate-client-auth-require-client
-
-[4-renegotiate-client-auth-require-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = NoResumptionOnRenegotiation
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-[4-renegotiate-client-auth-require-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedResult = Success
-HandshakeMode = RenegotiateServer
-Method = TLS
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[5-renegotiate-client-auth-once]
-ssl_conf = 5-renegotiate-client-auth-once-ssl
-
-[5-renegotiate-client-auth-once-ssl]
-server = 5-renegotiate-client-auth-once-server
-client = 5-renegotiate-client-auth-once-client
-
-[5-renegotiate-client-auth-once-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = NoResumptionOnRenegotiation
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Once
-
-[5-renegotiate-client-auth-once-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedResult = Success
-HandshakeMode = RenegotiateServer
-Method = TLS
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[6-renegotiate-aead-to-non-aead]
-ssl_conf = 6-renegotiate-aead-to-non-aead-ssl
-
-[6-renegotiate-aead-to-non-aead-ssl]
-server = 6-renegotiate-aead-to-non-aead-server
-client = 6-renegotiate-aead-to-non-aead-client
-
-[6-renegotiate-aead-to-non-aead-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = NoResumptionOnRenegotiation
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-renegotiate-aead-to-non-aead-client]
-CipherString = AES128-GCM-SHA256
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ExpectedResult = Success
-HandshakeMode = RenegotiateClient
-Method = TLS
-ResumptionExpected = No
-client = 6-renegotiate-aead-to-non-aead-client-extra
-
-[6-renegotiate-aead-to-non-aead-client-extra]
-RenegotiateCiphers = AES128-SHA
-
-
-# ===========================================================
-
-[7-renegotiate-non-aead-to-aead]
-ssl_conf = 7-renegotiate-non-aead-to-aead-ssl
-
-[7-renegotiate-non-aead-to-aead-ssl]
-server = 7-renegotiate-non-aead-to-aead-server
-client = 7-renegotiate-non-aead-to-aead-client
-
-[7-renegotiate-non-aead-to-aead-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = NoResumptionOnRenegotiation
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-renegotiate-non-aead-to-aead-client]
-CipherString = AES128-SHA
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-ExpectedResult = Success
-HandshakeMode = RenegotiateClient
-Method = TLS
-ResumptionExpected = No
-client = 7-renegotiate-non-aead-to-aead-client-extra
-
-[7-renegotiate-non-aead-to-aead-client-extra]
-RenegotiateCiphers = AES128-GCM-SHA256
-
-
-# ===========================================================
-
-[8-renegotiate-non-aead-to-non-aead]
-ssl_conf = 8-renegotiate-non-aead-to-non-aead-ssl
-
-[8-renegotiate-non-aead-to-non-aead-ssl]
-server = 8-renegotiate-non-aead-to-non-aead-server
-client = 8-renegotiate-non-aead-to-non-aead-client
-
-[8-renegotiate-non-aead-to-non-aead-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = NoResumptionOnRenegotiation
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-renegotiate-non-aead-to-non-aead-client]
-CipherString = AES128-SHA
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-8]
-ExpectedResult = Success
-HandshakeMode = RenegotiateClient
-Method = TLS
-ResumptionExpected = No
-client = 8-renegotiate-non-aead-to-non-aead-client-extra
-
-[8-renegotiate-non-aead-to-non-aead-client-extra]
-RenegotiateCiphers = AES256-SHA
-
-
-# ===========================================================
-
-[9-renegotiate-aead-to-aead]
-ssl_conf = 9-renegotiate-aead-to-aead-ssl
-
-[9-renegotiate-aead-to-aead-ssl]
-server = 9-renegotiate-aead-to-aead-server
-client = 9-renegotiate-aead-to-aead-client
-
-[9-renegotiate-aead-to-aead-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = NoResumptionOnRenegotiation
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[9-renegotiate-aead-to-aead-client]
-CipherString = AES128-GCM-SHA256
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-9]
-ExpectedResult = Success
-HandshakeMode = RenegotiateClient
-Method = TLS
-ResumptionExpected = No
-client = 9-renegotiate-aead-to-aead-client-extra
-
-[9-renegotiate-aead-to-aead-client-extra]
-RenegotiateCiphers = AES256-GCM-SHA384
-
-
-# ===========================================================
-
-[10-no-renegotiation-server-by-client]
-ssl_conf = 10-no-renegotiation-server-by-client-ssl
-
-[10-no-renegotiation-server-by-client-ssl]
-server = 10-no-renegotiation-server-by-client-server
-client = 10-no-renegotiation-server-by-client-client
-
-[10-no-renegotiation-server-by-client-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = NoRenegotiation
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[10-no-renegotiation-server-by-client-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-10]
-ExpectedResult = ClientFail
-HandshakeMode = RenegotiateClient
-Method = TLS
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[11-no-renegotiation-server-by-server]
-ssl_conf = 11-no-renegotiation-server-by-server-ssl
-
-[11-no-renegotiation-server-by-server-ssl]
-server = 11-no-renegotiation-server-by-server-server
-client = 11-no-renegotiation-server-by-server-client
-
-[11-no-renegotiation-server-by-server-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = NoRenegotiation
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[11-no-renegotiation-server-by-server-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-11]
-ExpectedResult = ServerFail
-HandshakeMode = RenegotiateServer
-Method = TLS
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[12-no-renegotiation-client-by-server]
-ssl_conf = 12-no-renegotiation-client-by-server-ssl
-
-[12-no-renegotiation-client-by-server-ssl]
-server = 12-no-renegotiation-client-by-server-server
-client = 12-no-renegotiation-client-by-server-client
-
-[12-no-renegotiation-client-by-server-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[12-no-renegotiation-client-by-server-client]
-CipherString = DEFAULT
-Options = NoRenegotiation
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-12]
-ExpectedResult = ServerFail
-HandshakeMode = RenegotiateServer
-Method = TLS
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[13-no-renegotiation-client-by-client]
-ssl_conf = 13-no-renegotiation-client-by-client-ssl
-
-[13-no-renegotiation-client-by-client-ssl]
-server = 13-no-renegotiation-client-by-client-server
-client = 13-no-renegotiation-client-by-client-client
-
-[13-no-renegotiation-client-by-client-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[13-no-renegotiation-client-by-client-client]
-CipherString = DEFAULT
-Options = NoRenegotiation
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-13]
-ExpectedResult = ClientFail
-HandshakeMode = RenegotiateClient
-Method = TLS
-ResumptionExpected = No
-
-
diff --git a/test/ssl-tests/17-renegotiate.conf.in b/test/ssl-tests/17-renegotiate.conf.in

deleted file mode 100644 (file)

index 636f9fb..0000000
--- a/test/ssl-tests/17-renegotiate.conf.in
+++ /dev/null
@@ -1,249 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test Renegotiation
-
-use strict;
-use warnings;
-
-package ssltests;
-use OpenSSL::Test::Utils;
-
-our @tests = (
-    {
-        name => "renegotiate-client-no-resume",
-        server => {
-            "Options" => "NoResumptionOnRenegotiation",
-            "MaxProtocol" => "TLSv1.2"
-        },
-        client => {},
-        test => {
-            "Method" => "TLS",
-            "HandshakeMode" => "RenegotiateClient",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "renegotiate-client-resume",
-        server => {
-            "MaxProtocol" => "TLSv1.2"
-        },
-        client => {},
-        test => {
-            "Method" => "TLS",
-            "HandshakeMode" => "RenegotiateClient",
-            "ResumptionExpected" => "Yes",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "renegotiate-server-no-resume",
-        server => {
-            "Options" => "NoResumptionOnRenegotiation",
-            "MaxProtocol" => "TLSv1.2"
-        },
-        client => {},
-        test => {
-            "Method" => "TLS",
-            "HandshakeMode" => "RenegotiateServer",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "renegotiate-server-resume",
-        server => {
-            "MaxProtocol" => "TLSv1.2"
-        },
-        client => {},
-        test => {
-            "Method" => "TLS",
-            "HandshakeMode" => "RenegotiateServer",
-            "ResumptionExpected" => "Yes",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "renegotiate-client-auth-require",
-        server => {
-            "Options" => "NoResumptionOnRenegotiation",
-            "MaxProtocol" => "TLSv1.2",
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "Require",
-        },
-        client => {
-            "Certificate" => test_pem("ee-client-chain.pem"),
-            "PrivateKey"  => test_pem("ee-key.pem"),
-        },
-        test => {
-            "Method" => "TLS",
-            "HandshakeMode" => "RenegotiateServer",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "renegotiate-client-auth-once",
-        server => {
-            "Options" => "NoResumptionOnRenegotiation",
-            "MaxProtocol" => "TLSv1.2",
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "Once",
-        },
-        client => {
-            "Certificate" => test_pem("ee-client-chain.pem"),
-            "PrivateKey"  => test_pem("ee-key.pem"),
-        },
-        test => {
-            "Method" => "TLS",
-            "HandshakeMode" => "RenegotiateServer",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    }
-);
-our @tests_tls1_2 = (
-    {
-        name => "renegotiate-aead-to-non-aead",
-        server => {
-            "Options" => "NoResumptionOnRenegotiation",
-        },
-        client => {
-            "CipherString" => "AES128-GCM-SHA256",
-            "MaxProtocol" => "TLSv1.2",
-            extra => {
-                "RenegotiateCiphers" => "AES128-SHA"
-            }
-        },
-        test => {
-            "Method" => "TLS",
-            "HandshakeMode" => "RenegotiateClient",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "renegotiate-non-aead-to-aead",
-        server => {
-            "Options" => "NoResumptionOnRenegotiation",
-        },
-        client => {
-            "CipherString" => "AES128-SHA",
-            "MaxProtocol" => "TLSv1.2",
-            extra => {
-                "RenegotiateCiphers" => "AES128-GCM-SHA256"
-            }
-        },
-        test => {
-            "Method" => "TLS",
-            "HandshakeMode" => "RenegotiateClient",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "renegotiate-non-aead-to-non-aead",
-        server => {
-            "Options" => "NoResumptionOnRenegotiation",
-        },
-        client => {
-            "CipherString" => "AES128-SHA",
-            "MaxProtocol" => "TLSv1.2",
-            extra => {
-                "RenegotiateCiphers" => "AES256-SHA"
-            }
-        },
-        test => {
-            "Method" => "TLS",
-            "HandshakeMode" => "RenegotiateClient",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "renegotiate-aead-to-aead",
-        server => {
-            "Options" => "NoResumptionOnRenegotiation",
-        },
-        client => {
-            "CipherString" => "AES128-GCM-SHA256",
-            "MaxProtocol" => "TLSv1.2",
-            extra => {
-                "RenegotiateCiphers" => "AES256-GCM-SHA384"
-            }
-        },
-        test => {
-            "Method" => "TLS",
-            "HandshakeMode" => "RenegotiateClient",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "no-renegotiation-server-by-client",
-        server => {
-            "Options" => "NoRenegotiation",
-            "MaxProtocol" => "TLSv1.2"
-        },
-        client => { },
-        test => {
-            "Method" => "TLS",
-            "HandshakeMode" => "RenegotiateClient",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "ClientFail"
-        }
-    },
-    {
-        name => "no-renegotiation-server-by-server",
-        server => {
-            "Options" => "NoRenegotiation",
-            "MaxProtocol" => "TLSv1.2"
-        },
-        client => { },
-        test => {
-            "Method" => "TLS",
-            "HandshakeMode" => "RenegotiateServer",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "ServerFail"
-        }
-    },
-    {
-        name => "no-renegotiation-client-by-server",
-        server => {
-            "MaxProtocol" => "TLSv1.2"
-        },
-        client => {
-            "Options" => "NoRenegotiation",
-        },
-        test => {
-            "Method" => "TLS",
-            "HandshakeMode" => "RenegotiateServer",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "ServerFail"
-        }
-    },
-    {
-        name => "no-renegotiation-client-by-client",
-        server => {
-            "MaxProtocol" => "TLSv1.2"
-        },
-        client => {
-            "Options" => "NoRenegotiation",
-        },
-        test => {
-            "Method" => "TLS",
-            "HandshakeMode" => "RenegotiateClient",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "ClientFail"
-        }
-    }
-);
-
-push @tests, @tests_tls1_2 unless disabled("tls1_2");
diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf b/test/ssl-tests/18-dtls-renegotiate.cnf

new file mode 100644 (file)

index 0000000..9204dd2
--- /dev/null
+++ b/test/ssl-tests/18-dtls-renegotiate.cnf
@@ -0,0 +1,285 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 9
+
+test-0 = 0-renegotiate-client-no-resume
+test-1 = 1-renegotiate-client-resume
+test-2 = 2-renegotiate-server-resume
+test-3 = 3-renegotiate-client-auth-require
+test-4 = 4-renegotiate-client-auth-once
+test-5 = 5-renegotiate-aead-to-non-aead
+test-6 = 6-renegotiate-non-aead-to-aead
+test-7 = 7-renegotiate-non-aead-to-non-aead
+test-8 = 8-renegotiate-aead-to-aead
+# ===========================================================
+
+[0-renegotiate-client-no-resume]
+ssl_conf = 0-renegotiate-client-no-resume-ssl
+
+[0-renegotiate-client-no-resume-ssl]
+server = 0-renegotiate-client-no-resume-server
+client = 0-renegotiate-client-no-resume-client
+
+[0-renegotiate-client-no-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-renegotiate-client-no-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = DTLS
+ResumptionExpected = No
+UseSCTP = No
+
+
+# ===========================================================
+
+[1-renegotiate-client-resume]
+ssl_conf = 1-renegotiate-client-resume-ssl
+
+[1-renegotiate-client-resume-ssl]
+server = 1-renegotiate-client-resume-server
+client = 1-renegotiate-client-resume-client
+
+[1-renegotiate-client-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-renegotiate-client-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = DTLS
+ResumptionExpected = Yes
+UseSCTP = No
+
+
+# ===========================================================
+
+[2-renegotiate-server-resume]
+ssl_conf = 2-renegotiate-server-resume-ssl
+
+[2-renegotiate-server-resume-ssl]
+server = 2-renegotiate-server-resume-server
+client = 2-renegotiate-server-resume-client
+
+[2-renegotiate-server-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-renegotiate-server-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = DTLS
+ResumptionExpected = No
+UseSCTP = No
+
+
+# ===========================================================
+
+[3-renegotiate-client-auth-require]
+ssl_conf = 3-renegotiate-client-auth-require-ssl
+
+[3-renegotiate-client-auth-require-ssl]
+server = 3-renegotiate-client-auth-require-server
+client = 3-renegotiate-client-auth-require-client
+
+[3-renegotiate-client-auth-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[3-renegotiate-client-auth-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = DTLS
+ResumptionExpected = No
+UseSCTP = No
+
+
+# ===========================================================
+
+[4-renegotiate-client-auth-once]
+ssl_conf = 4-renegotiate-client-auth-once-ssl
+
+[4-renegotiate-client-auth-once-ssl]
+server = 4-renegotiate-client-auth-once-server
+client = 4-renegotiate-client-auth-once-client
+
+[4-renegotiate-client-auth-once-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Once
+
+[4-renegotiate-client-auth-once-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+HandshakeMode = RenegotiateServer
+Method = DTLS
+ResumptionExpected = No
+UseSCTP = No
+
+
+# ===========================================================
+
+[5-renegotiate-aead-to-non-aead]
+ssl_conf = 5-renegotiate-aead-to-non-aead-ssl
+
+[5-renegotiate-aead-to-non-aead-ssl]
+server = 5-renegotiate-aead-to-non-aead-server
+client = 5-renegotiate-aead-to-non-aead-client
+
+[5-renegotiate-aead-to-non-aead-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-renegotiate-aead-to-non-aead-client]
+CipherString = AES128-GCM-SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = DTLS
+ResumptionExpected = No
+UseSCTP = No
+client = 5-renegotiate-aead-to-non-aead-client-extra
+
+[5-renegotiate-aead-to-non-aead-client-extra]
+RenegotiateCiphers = AES128-SHA
+
+
+# ===========================================================
+
+[6-renegotiate-non-aead-to-aead]
+ssl_conf = 6-renegotiate-non-aead-to-aead-ssl
+
+[6-renegotiate-non-aead-to-aead-ssl]
+server = 6-renegotiate-non-aead-to-aead-server
+client = 6-renegotiate-non-aead-to-aead-client
+
+[6-renegotiate-non-aead-to-aead-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-renegotiate-non-aead-to-aead-client]
+CipherString = AES128-SHA
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = DTLS
+ResumptionExpected = No
+UseSCTP = No
+client = 6-renegotiate-non-aead-to-aead-client-extra
+
+[6-renegotiate-non-aead-to-aead-client-extra]
+RenegotiateCiphers = AES128-GCM-SHA256
+
+
+# ===========================================================
+
+[7-renegotiate-non-aead-to-non-aead]
+ssl_conf = 7-renegotiate-non-aead-to-non-aead-ssl
+
+[7-renegotiate-non-aead-to-non-aead-ssl]
+server = 7-renegotiate-non-aead-to-non-aead-server
+client = 7-renegotiate-non-aead-to-non-aead-client
+
+[7-renegotiate-non-aead-to-non-aead-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-renegotiate-non-aead-to-non-aead-client]
+CipherString = AES128-SHA
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = DTLS
+ResumptionExpected = No
+UseSCTP = No
+client = 7-renegotiate-non-aead-to-non-aead-client-extra
+
+[7-renegotiate-non-aead-to-non-aead-client-extra]
+RenegotiateCiphers = AES256-SHA
+
+
+# ===========================================================
+
+[8-renegotiate-aead-to-aead]
+ssl_conf = 8-renegotiate-aead-to-aead-ssl
+
+[8-renegotiate-aead-to-aead-ssl]
+server = 8-renegotiate-aead-to-aead-server
+client = 8-renegotiate-aead-to-aead-client
+
+[8-renegotiate-aead-to-aead-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = NoResumptionOnRenegotiation
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-renegotiate-aead-to-aead-client]
+CipherString = AES128-GCM-SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedResult = Success
+HandshakeMode = RenegotiateClient
+Method = DTLS
+ResumptionExpected = No
+UseSCTP = No
+client = 8-renegotiate-aead-to-aead-client-extra
+
+[8-renegotiate-aead-to-aead-client-extra]
+RenegotiateCiphers = AES256-GCM-SHA384
+
+
diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf.in b/test/ssl-tests/18-dtls-renegotiate.cnf.in

new file mode 100644 (file)

index 0000000..56623b4
--- /dev/null
+++ b/test/ssl-tests/18-dtls-renegotiate.cnf.in
@@ -0,0 +1,192 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test Renegotiation
+
+use strict;
+use warnings;
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+our @tests = ();
+
+foreach my $sctp ("No", "Yes")
+{
+    next if disabled("sctp") && $sctp eq "Yes";
+
+    my $suffix = ($sctp eq "No") ? "" : "-sctp";
+    our @tests_basic = (
+        {
+            name => "renegotiate-client-no-resume".$suffix,
+            server => {
+                "Options" => "NoResumptionOnRenegotiation"
+            },
+            client => {},
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateClient",
+                "ResumptionExpected" => "No",
+                "ExpectedResult" => "Success"
+            }
+        },
+        {
+            name => "renegotiate-client-resume".$suffix,
+            server => {},
+            client => {},
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateClient",
+                "ResumptionExpected" => "Yes",
+                "ExpectedResult" => "Success"
+            }
+        },
+        # Note: Unlike the TLS tests, we will never do resumption with server
+        # initiated reneg. This is because an OpenSSL DTLS client will always do a full
+        # handshake (i.e. it doesn't supply a session id) when it receives a
+        # HelloRequest. This is different to the OpenSSL TLS implementation where an
+        # OpenSSL client will always try an abbreviated handshake (i.e. it will supply
+        # the session id). This goes all the way to commit 48ae85b6f when abbreviated
+        # handshake support was first added. Neither behaviour is wrong, but the
+        # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
+        # and if so, what to?
+        {
+            name => "renegotiate-server-resume".$suffix,
+            server => {},
+            client => {},
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateServer",
+                "ResumptionExpected" => "No",
+                "ExpectedResult" => "Success"
+            }
+        },
+        {
+            name => "renegotiate-client-auth-require".$suffix,
+            server => {
+                "VerifyCAFile" => test_pem("root-cert.pem"),
+                "VerifyMode" => "Require",
+            },
+            client => {
+                "Certificate" => test_pem("ee-client-chain.pem"),
+                "PrivateKey"  => test_pem("ee-key.pem"),
+            },
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateServer",
+                "ResumptionExpected" => "No",
+                "ExpectedResult" => "Success"
+            }
+        },
+        {
+            name => "renegotiate-client-auth-once".$suffix,
+            server => {
+                "VerifyCAFile" => test_pem("root-cert.pem"),
+                "VerifyMode" => "Once",
+            },
+            client => {
+                "Certificate" => test_pem("ee-client-chain.pem"),
+                "PrivateKey"  => test_pem("ee-key.pem"),
+            },
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateServer",
+                "ResumptionExpected" => "No",
+                "ExpectedResult" => "Success"
+            }
+        }
+    );
+    push @tests, @tests_basic;
+
+    next if disabled("dtls1_2");
+    our @tests_dtls1_2 = (
+        {
+            name => "renegotiate-aead-to-non-aead".$suffix,
+            server => {
+                "Options" => "NoResumptionOnRenegotiation"
+            },
+            client => {
+                "CipherString" => "AES128-GCM-SHA256",
+                extra => {
+                    "RenegotiateCiphers" => "AES128-SHA"
+                }
+            },
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateClient",
+                "ResumptionExpected" => "No",
+                "ExpectedResult" => "Success"
+            }
+        },
+        {
+            name => "renegotiate-non-aead-to-aead".$suffix,
+            server => {
+                "Options" => "NoResumptionOnRenegotiation"
+            },
+            client => {
+                "CipherString" => "AES128-SHA",
+                extra => {
+                    "RenegotiateCiphers" => "AES128-GCM-SHA256"
+                }
+            },
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateClient",
+                "ResumptionExpected" => "No",
+                "ExpectedResult" => "Success"
+            }
+        },
+        {
+            name => "renegotiate-non-aead-to-non-aead".$suffix,
+            server => {
+                "Options" => "NoResumptionOnRenegotiation"
+            },
+            client => {
+                "CipherString" => "AES128-SHA",
+                extra => {
+                    "RenegotiateCiphers" => "AES256-SHA"
+                }
+            },
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateClient",
+                "ResumptionExpected" => "No",
+                "ExpectedResult" => "Success"
+            }
+        },
+        {
+            name => "renegotiate-aead-to-aead".$suffix,
+            server => {
+                "Options" => "NoResumptionOnRenegotiation"
+            },
+            client => {
+                "CipherString" => "AES128-GCM-SHA256",
+                extra => {
+                    "RenegotiateCiphers" => "AES256-GCM-SHA384"
+                }
+            },
+            test => {
+                "Method" => "DTLS",
+                "UseSCTP" => $sctp,
+                "HandshakeMode" => "RenegotiateClient",
+                "ResumptionExpected" => "No",
+                "ExpectedResult" => "Success"
+            }
+        },
+    );
+    push @tests, @tests_dtls1_2;
+}
diff --git a/test/ssl-tests/18-dtls-renegotiate.conf b/test/ssl-tests/18-dtls-renegotiate.conf

deleted file mode 100644 (file)

index 9204dd2..0000000
--- a/test/ssl-tests/18-dtls-renegotiate.conf
+++ /dev/null
@@ -1,285 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 9
-
-test-0 = 0-renegotiate-client-no-resume
-test-1 = 1-renegotiate-client-resume
-test-2 = 2-renegotiate-server-resume
-test-3 = 3-renegotiate-client-auth-require
-test-4 = 4-renegotiate-client-auth-once
-test-5 = 5-renegotiate-aead-to-non-aead
-test-6 = 6-renegotiate-non-aead-to-aead
-test-7 = 7-renegotiate-non-aead-to-non-aead
-test-8 = 8-renegotiate-aead-to-aead
-# ===========================================================
-
-[0-renegotiate-client-no-resume]
-ssl_conf = 0-renegotiate-client-no-resume-ssl
-
-[0-renegotiate-client-no-resume-ssl]
-server = 0-renegotiate-client-no-resume-server
-client = 0-renegotiate-client-no-resume-client
-
-[0-renegotiate-client-no-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = NoResumptionOnRenegotiation
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-renegotiate-client-no-resume-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-HandshakeMode = RenegotiateClient
-Method = DTLS
-ResumptionExpected = No
-UseSCTP = No
-
-
-# ===========================================================
-
-[1-renegotiate-client-resume]
-ssl_conf = 1-renegotiate-client-resume-ssl
-
-[1-renegotiate-client-resume-ssl]
-server = 1-renegotiate-client-resume-server
-client = 1-renegotiate-client-resume-client
-
-[1-renegotiate-client-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-renegotiate-client-resume-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = Success
-HandshakeMode = RenegotiateClient
-Method = DTLS
-ResumptionExpected = Yes
-UseSCTP = No
-
-
-# ===========================================================
-
-[2-renegotiate-server-resume]
-ssl_conf = 2-renegotiate-server-resume-ssl
-
-[2-renegotiate-server-resume-ssl]
-server = 2-renegotiate-server-resume-server
-client = 2-renegotiate-server-resume-client
-
-[2-renegotiate-server-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-renegotiate-server-resume-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedResult = Success
-HandshakeMode = RenegotiateServer
-Method = DTLS
-ResumptionExpected = No
-UseSCTP = No
-
-
-# ===========================================================
-
-[3-renegotiate-client-auth-require]
-ssl_conf = 3-renegotiate-client-auth-require-ssl
-
-[3-renegotiate-client-auth-require-ssl]
-server = 3-renegotiate-client-auth-require-server
-client = 3-renegotiate-client-auth-require-client
-
-[3-renegotiate-client-auth-require-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-[3-renegotiate-client-auth-require-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedResult = Success
-HandshakeMode = RenegotiateServer
-Method = DTLS
-ResumptionExpected = No
-UseSCTP = No
-
-
-# ===========================================================
-
-[4-renegotiate-client-auth-once]
-ssl_conf = 4-renegotiate-client-auth-once-ssl
-
-[4-renegotiate-client-auth-once-ssl]
-server = 4-renegotiate-client-auth-once-server
-client = 4-renegotiate-client-auth-once-client
-
-[4-renegotiate-client-auth-once-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Once
-
-[4-renegotiate-client-auth-once-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedResult = Success
-HandshakeMode = RenegotiateServer
-Method = DTLS
-ResumptionExpected = No
-UseSCTP = No
-
-
-# ===========================================================
-
-[5-renegotiate-aead-to-non-aead]
-ssl_conf = 5-renegotiate-aead-to-non-aead-ssl
-
-[5-renegotiate-aead-to-non-aead-ssl]
-server = 5-renegotiate-aead-to-non-aead-server
-client = 5-renegotiate-aead-to-non-aead-client
-
-[5-renegotiate-aead-to-non-aead-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = NoResumptionOnRenegotiation
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-renegotiate-aead-to-non-aead-client]
-CipherString = AES128-GCM-SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedResult = Success
-HandshakeMode = RenegotiateClient
-Method = DTLS
-ResumptionExpected = No
-UseSCTP = No
-client = 5-renegotiate-aead-to-non-aead-client-extra
-
-[5-renegotiate-aead-to-non-aead-client-extra]
-RenegotiateCiphers = AES128-SHA
-
-
-# ===========================================================
-
-[6-renegotiate-non-aead-to-aead]
-ssl_conf = 6-renegotiate-non-aead-to-aead-ssl
-
-[6-renegotiate-non-aead-to-aead-ssl]
-server = 6-renegotiate-non-aead-to-aead-server
-client = 6-renegotiate-non-aead-to-aead-client
-
-[6-renegotiate-non-aead-to-aead-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = NoResumptionOnRenegotiation
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-renegotiate-non-aead-to-aead-client]
-CipherString = AES128-SHA
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ExpectedResult = Success
-HandshakeMode = RenegotiateClient
-Method = DTLS
-ResumptionExpected = No
-UseSCTP = No
-client = 6-renegotiate-non-aead-to-aead-client-extra
-
-[6-renegotiate-non-aead-to-aead-client-extra]
-RenegotiateCiphers = AES128-GCM-SHA256
-
-
-# ===========================================================
-
-[7-renegotiate-non-aead-to-non-aead]
-ssl_conf = 7-renegotiate-non-aead-to-non-aead-ssl
-
-[7-renegotiate-non-aead-to-non-aead-ssl]
-server = 7-renegotiate-non-aead-to-non-aead-server
-client = 7-renegotiate-non-aead-to-non-aead-client
-
-[7-renegotiate-non-aead-to-non-aead-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = NoResumptionOnRenegotiation
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-renegotiate-non-aead-to-non-aead-client]
-CipherString = AES128-SHA
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-ExpectedResult = Success
-HandshakeMode = RenegotiateClient
-Method = DTLS
-ResumptionExpected = No
-UseSCTP = No
-client = 7-renegotiate-non-aead-to-non-aead-client-extra
-
-[7-renegotiate-non-aead-to-non-aead-client-extra]
-RenegotiateCiphers = AES256-SHA
-
-
-# ===========================================================
-
-[8-renegotiate-aead-to-aead]
-ssl_conf = 8-renegotiate-aead-to-aead-ssl
-
-[8-renegotiate-aead-to-aead-ssl]
-server = 8-renegotiate-aead-to-aead-server
-client = 8-renegotiate-aead-to-aead-client
-
-[8-renegotiate-aead-to-aead-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = NoResumptionOnRenegotiation
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-renegotiate-aead-to-aead-client]
-CipherString = AES128-GCM-SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-8]
-ExpectedResult = Success
-HandshakeMode = RenegotiateClient
-Method = DTLS
-ResumptionExpected = No
-UseSCTP = No
-client = 8-renegotiate-aead-to-aead-client-extra
-
-[8-renegotiate-aead-to-aead-client-extra]
-RenegotiateCiphers = AES256-GCM-SHA384
-
-
diff --git a/test/ssl-tests/18-dtls-renegotiate.conf.in b/test/ssl-tests/18-dtls-renegotiate.conf.in

deleted file mode 100644 (file)

index 56623b4..0000000
--- a/test/ssl-tests/18-dtls-renegotiate.conf.in
+++ /dev/null
@@ -1,192 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test Renegotiation
-
-use strict;
-use warnings;
-
-package ssltests;
-use OpenSSL::Test::Utils;
-
-our @tests = ();
-
-foreach my $sctp ("No", "Yes")
-{
-    next if disabled("sctp") && $sctp eq "Yes";
-
-    my $suffix = ($sctp eq "No") ? "" : "-sctp";
-    our @tests_basic = (
-        {
-            name => "renegotiate-client-no-resume".$suffix,
-            server => {
-                "Options" => "NoResumptionOnRenegotiation"
-            },
-            client => {},
-            test => {
-                "Method" => "DTLS",
-                "UseSCTP" => $sctp,
-                "HandshakeMode" => "RenegotiateClient",
-                "ResumptionExpected" => "No",
-                "ExpectedResult" => "Success"
-            }
-        },
-        {
-            name => "renegotiate-client-resume".$suffix,
-            server => {},
-            client => {},
-            test => {
-                "Method" => "DTLS",
-                "UseSCTP" => $sctp,
-                "HandshakeMode" => "RenegotiateClient",
-                "ResumptionExpected" => "Yes",
-                "ExpectedResult" => "Success"
-            }
-        },
-        # Note: Unlike the TLS tests, we will never do resumption with server
-        # initiated reneg. This is because an OpenSSL DTLS client will always do a full
-        # handshake (i.e. it doesn't supply a session id) when it receives a
-        # HelloRequest. This is different to the OpenSSL TLS implementation where an
-        # OpenSSL client will always try an abbreviated handshake (i.e. it will supply
-        # the session id). This goes all the way to commit 48ae85b6f when abbreviated
-        # handshake support was first added. Neither behaviour is wrong, but the
-        # discrepancy is strange. TODO: Should we harmonise the TLS and DTLS behaviour,
-        # and if so, what to?
-        {
-            name => "renegotiate-server-resume".$suffix,
-            server => {},
-            client => {},
-            test => {
-                "Method" => "DTLS",
-                "UseSCTP" => $sctp,
-                "HandshakeMode" => "RenegotiateServer",
-                "ResumptionExpected" => "No",
-                "ExpectedResult" => "Success"
-            }
-        },
-        {
-            name => "renegotiate-client-auth-require".$suffix,
-            server => {
-                "VerifyCAFile" => test_pem("root-cert.pem"),
-                "VerifyMode" => "Require",
-            },
-            client => {
-                "Certificate" => test_pem("ee-client-chain.pem"),
-                "PrivateKey"  => test_pem("ee-key.pem"),
-            },
-            test => {
-                "Method" => "DTLS",
-                "UseSCTP" => $sctp,
-                "HandshakeMode" => "RenegotiateServer",
-                "ResumptionExpected" => "No",
-                "ExpectedResult" => "Success"
-            }
-        },
-        {
-            name => "renegotiate-client-auth-once".$suffix,
-            server => {
-                "VerifyCAFile" => test_pem("root-cert.pem"),
-                "VerifyMode" => "Once",
-            },
-            client => {
-                "Certificate" => test_pem("ee-client-chain.pem"),
-                "PrivateKey"  => test_pem("ee-key.pem"),
-            },
-            test => {
-                "Method" => "DTLS",
-                "UseSCTP" => $sctp,
-                "HandshakeMode" => "RenegotiateServer",
-                "ResumptionExpected" => "No",
-                "ExpectedResult" => "Success"
-            }
-        }
-    );
-    push @tests, @tests_basic;
-
-    next if disabled("dtls1_2");
-    our @tests_dtls1_2 = (
-        {
-            name => "renegotiate-aead-to-non-aead".$suffix,
-            server => {
-                "Options" => "NoResumptionOnRenegotiation"
-            },
-            client => {
-                "CipherString" => "AES128-GCM-SHA256",
-                extra => {
-                    "RenegotiateCiphers" => "AES128-SHA"
-                }
-            },
-            test => {
-                "Method" => "DTLS",
-                "UseSCTP" => $sctp,
-                "HandshakeMode" => "RenegotiateClient",
-                "ResumptionExpected" => "No",
-                "ExpectedResult" => "Success"
-            }
-        },
-        {
-            name => "renegotiate-non-aead-to-aead".$suffix,
-            server => {
-                "Options" => "NoResumptionOnRenegotiation"
-            },
-            client => {
-                "CipherString" => "AES128-SHA",
-                extra => {
-                    "RenegotiateCiphers" => "AES128-GCM-SHA256"
-                }
-            },
-            test => {
-                "Method" => "DTLS",
-                "UseSCTP" => $sctp,
-                "HandshakeMode" => "RenegotiateClient",
-                "ResumptionExpected" => "No",
-                "ExpectedResult" => "Success"
-            }
-        },
-        {
-            name => "renegotiate-non-aead-to-non-aead".$suffix,
-            server => {
-                "Options" => "NoResumptionOnRenegotiation"
-            },
-            client => {
-                "CipherString" => "AES128-SHA",
-                extra => {
-                    "RenegotiateCiphers" => "AES256-SHA"
-                }
-            },
-            test => {
-                "Method" => "DTLS",
-                "UseSCTP" => $sctp,
-                "HandshakeMode" => "RenegotiateClient",
-                "ResumptionExpected" => "No",
-                "ExpectedResult" => "Success"
-            }
-        },
-        {
-            name => "renegotiate-aead-to-aead".$suffix,
-            server => {
-                "Options" => "NoResumptionOnRenegotiation"
-            },
-            client => {
-                "CipherString" => "AES128-GCM-SHA256",
-                extra => {
-                    "RenegotiateCiphers" => "AES256-GCM-SHA384"
-                }
-            },
-            test => {
-                "Method" => "DTLS",
-                "UseSCTP" => $sctp,
-                "HandshakeMode" => "RenegotiateClient",
-                "ResumptionExpected" => "No",
-                "ExpectedResult" => "Success"
-            }
-        },
-    );
-    push @tests, @tests_dtls1_2;
-}
diff --git a/test/ssl-tests/19-mac-then-encrypt.cnf b/test/ssl-tests/19-mac-then-encrypt.cnf

new file mode 100644 (file)

index 0000000..0dd384e
--- /dev/null
+++ b/test/ssl-tests/19-mac-then-encrypt.cnf
@@ -0,0 +1,162 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 6
+
+test-0 = 0-disable-encrypt-then-mac-server-sha
+test-1 = 1-disable-encrypt-then-mac-client-sha
+test-2 = 2-disable-encrypt-then-mac-both-sha
+test-3 = 3-disable-encrypt-then-mac-server-sha2
+test-4 = 4-disable-encrypt-then-mac-client-sha2
+test-5 = 5-disable-encrypt-then-mac-both-sha2
+# ===========================================================
+
+[0-disable-encrypt-then-mac-server-sha]
+ssl_conf = 0-disable-encrypt-then-mac-server-sha-ssl
+
+[0-disable-encrypt-then-mac-server-sha-ssl]
+server = 0-disable-encrypt-then-mac-server-sha-server
+client = 0-disable-encrypt-then-mac-server-sha-client
+
+[0-disable-encrypt-then-mac-server-sha-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -EncryptThenMac
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-disable-encrypt-then-mac-server-sha-client]
+CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[1-disable-encrypt-then-mac-client-sha]
+ssl_conf = 1-disable-encrypt-then-mac-client-sha-ssl
+
+[1-disable-encrypt-then-mac-client-sha-ssl]
+server = 1-disable-encrypt-then-mac-client-sha-server
+client = 1-disable-encrypt-then-mac-client-sha-client
+
+[1-disable-encrypt-then-mac-client-sha-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-disable-encrypt-then-mac-client-sha-client]
+CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
+Options = -EncryptThenMac
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[2-disable-encrypt-then-mac-both-sha]
+ssl_conf = 2-disable-encrypt-then-mac-both-sha-ssl
+
+[2-disable-encrypt-then-mac-both-sha-ssl]
+server = 2-disable-encrypt-then-mac-both-sha-server
+client = 2-disable-encrypt-then-mac-both-sha-client
+
+[2-disable-encrypt-then-mac-both-sha-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -EncryptThenMac
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-disable-encrypt-then-mac-both-sha-client]
+CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
+Options = -EncryptThenMac
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[3-disable-encrypt-then-mac-server-sha2]
+ssl_conf = 3-disable-encrypt-then-mac-server-sha2-ssl
+
+[3-disable-encrypt-then-mac-server-sha2-ssl]
+server = 3-disable-encrypt-then-mac-server-sha2-server
+client = 3-disable-encrypt-then-mac-server-sha2-client
+
+[3-disable-encrypt-then-mac-server-sha2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -EncryptThenMac
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-disable-encrypt-then-mac-server-sha2-client]
+CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[4-disable-encrypt-then-mac-client-sha2]
+ssl_conf = 4-disable-encrypt-then-mac-client-sha2-ssl
+
+[4-disable-encrypt-then-mac-client-sha2-ssl]
+server = 4-disable-encrypt-then-mac-client-sha2-server
+client = 4-disable-encrypt-then-mac-client-sha2-client
+
+[4-disable-encrypt-then-mac-client-sha2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-disable-encrypt-then-mac-client-sha2-client]
+CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
+Options = -EncryptThenMac
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[5-disable-encrypt-then-mac-both-sha2]
+ssl_conf = 5-disable-encrypt-then-mac-both-sha2-ssl
+
+[5-disable-encrypt-then-mac-both-sha2-ssl]
+server = 5-disable-encrypt-then-mac-both-sha2-server
+client = 5-disable-encrypt-then-mac-both-sha2-client
+
+[5-disable-encrypt-then-mac-both-sha2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -EncryptThenMac
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-disable-encrypt-then-mac-both-sha2-client]
+CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
+Options = -EncryptThenMac
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+
+
diff --git a/test/ssl-tests/19-mac-then-encrypt.cnf.in b/test/ssl-tests/19-mac-then-encrypt.cnf.in

new file mode 100644 (file)

index 0000000..968f5ac
--- /dev/null
+++ b/test/ssl-tests/19-mac-then-encrypt.cnf.in
@@ -0,0 +1,102 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## SSL test configurations
+
+package ssltests;
+
+use OpenSSL::Test::Utils;
+
+our @tests = (
+    {
+        name => "disable-encrypt-then-mac-server-sha",
+        server => {
+          "Options" => "-EncryptThenMac",
+        },
+        client => {
+          "CipherString" => "AES128-SHA",
+          "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "disable-encrypt-then-mac-client-sha",
+        server => {
+        },
+        client => {
+          "CipherString" => "AES128-SHA",
+          "Options" => "-EncryptThenMac",
+          "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "disable-encrypt-then-mac-both-sha",
+        server => {
+          "Options" => "-EncryptThenMac",
+        },
+        client => {
+          "CipherString" => "AES128-SHA",
+          "Options" => "-EncryptThenMac",
+          "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+);
+
+my @tests_tls1_2 = (
+    {
+        name => "disable-encrypt-then-mac-server-sha2",
+        server => {
+          "Options" => "-EncryptThenMac",
+        },
+        client => {
+          "CipherString" => "AES128-SHA256",
+          "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "disable-encrypt-then-mac-client-sha2",
+        server => {
+        },
+        client => {
+          "CipherString" => "AES128-SHA256",
+          "Options" => "-EncryptThenMac",
+          "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "disable-encrypt-then-mac-both-sha2",
+        server => {
+          "Options" => "-EncryptThenMac",
+        },
+        client => {
+          "CipherString" => "AES128-SHA256",
+          "Options" => "-EncryptThenMac",
+          "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+);
+
+push @tests, @tests_tls1_2 unless disabled("tls1_2");
diff --git a/test/ssl-tests/19-mac-then-encrypt.conf b/test/ssl-tests/19-mac-then-encrypt.conf

deleted file mode 100644 (file)

index 0dd384e..0000000
--- a/test/ssl-tests/19-mac-then-encrypt.conf
+++ /dev/null
@@ -1,162 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 6
-
-test-0 = 0-disable-encrypt-then-mac-server-sha
-test-1 = 1-disable-encrypt-then-mac-client-sha
-test-2 = 2-disable-encrypt-then-mac-both-sha
-test-3 = 3-disable-encrypt-then-mac-server-sha2
-test-4 = 4-disable-encrypt-then-mac-client-sha2
-test-5 = 5-disable-encrypt-then-mac-both-sha2
-# ===========================================================
-
-[0-disable-encrypt-then-mac-server-sha]
-ssl_conf = 0-disable-encrypt-then-mac-server-sha-ssl
-
-[0-disable-encrypt-then-mac-server-sha-ssl]
-server = 0-disable-encrypt-then-mac-server-sha-server
-client = 0-disable-encrypt-then-mac-server-sha-client
-
-[0-disable-encrypt-then-mac-server-sha-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -EncryptThenMac
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-disable-encrypt-then-mac-server-sha-client]
-CipherString = AES128-SHA
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[1-disable-encrypt-then-mac-client-sha]
-ssl_conf = 1-disable-encrypt-then-mac-client-sha-ssl
-
-[1-disable-encrypt-then-mac-client-sha-ssl]
-server = 1-disable-encrypt-then-mac-client-sha-server
-client = 1-disable-encrypt-then-mac-client-sha-client
-
-[1-disable-encrypt-then-mac-client-sha-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-disable-encrypt-then-mac-client-sha-client]
-CipherString = AES128-SHA
-MaxProtocol = TLSv1.2
-Options = -EncryptThenMac
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[2-disable-encrypt-then-mac-both-sha]
-ssl_conf = 2-disable-encrypt-then-mac-both-sha-ssl
-
-[2-disable-encrypt-then-mac-both-sha-ssl]
-server = 2-disable-encrypt-then-mac-both-sha-server
-client = 2-disable-encrypt-then-mac-both-sha-client
-
-[2-disable-encrypt-then-mac-both-sha-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -EncryptThenMac
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-disable-encrypt-then-mac-both-sha-client]
-CipherString = AES128-SHA
-MaxProtocol = TLSv1.2
-Options = -EncryptThenMac
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[3-disable-encrypt-then-mac-server-sha2]
-ssl_conf = 3-disable-encrypt-then-mac-server-sha2-ssl
-
-[3-disable-encrypt-then-mac-server-sha2-ssl]
-server = 3-disable-encrypt-then-mac-server-sha2-server
-client = 3-disable-encrypt-then-mac-server-sha2-client
-
-[3-disable-encrypt-then-mac-server-sha2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -EncryptThenMac
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-disable-encrypt-then-mac-server-sha2-client]
-CipherString = AES128-SHA256
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[4-disable-encrypt-then-mac-client-sha2]
-ssl_conf = 4-disable-encrypt-then-mac-client-sha2-ssl
-
-[4-disable-encrypt-then-mac-client-sha2-ssl]
-server = 4-disable-encrypt-then-mac-client-sha2-server
-client = 4-disable-encrypt-then-mac-client-sha2-client
-
-[4-disable-encrypt-then-mac-client-sha2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-disable-encrypt-then-mac-client-sha2-client]
-CipherString = AES128-SHA256
-MaxProtocol = TLSv1.2
-Options = -EncryptThenMac
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[5-disable-encrypt-then-mac-both-sha2]
-ssl_conf = 5-disable-encrypt-then-mac-both-sha2-ssl
-
-[5-disable-encrypt-then-mac-both-sha2-ssl]
-server = 5-disable-encrypt-then-mac-both-sha2-server
-client = 5-disable-encrypt-then-mac-both-sha2-client
-
-[5-disable-encrypt-then-mac-both-sha2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -EncryptThenMac
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-disable-encrypt-then-mac-both-sha2-client]
-CipherString = AES128-SHA256
-MaxProtocol = TLSv1.2
-Options = -EncryptThenMac
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedResult = Success
-
-
diff --git a/test/ssl-tests/19-mac-then-encrypt.conf.in b/test/ssl-tests/19-mac-then-encrypt.conf.in

deleted file mode 100644 (file)

index 968f5ac..0000000
--- a/test/ssl-tests/19-mac-then-encrypt.conf.in
+++ /dev/null
@@ -1,102 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## SSL test configurations
-
-package ssltests;
-
-use OpenSSL::Test::Utils;
-
-our @tests = (
-    {
-        name => "disable-encrypt-then-mac-server-sha",
-        server => {
-          "Options" => "-EncryptThenMac",
-        },
-        client => {
-          "CipherString" => "AES128-SHA",
-          "MaxProtocol" => "TLSv1.2"
-        },
-        test   => {
-          "ExpectedResult" => "Success",
-        },
-    },
-    {
-        name => "disable-encrypt-then-mac-client-sha",
-        server => {
-        },
-        client => {
-          "CipherString" => "AES128-SHA",
-          "Options" => "-EncryptThenMac",
-          "MaxProtocol" => "TLSv1.2"
-        },
-        test   => {
-          "ExpectedResult" => "Success",
-        },
-    },
-    {
-        name => "disable-encrypt-then-mac-both-sha",
-        server => {
-          "Options" => "-EncryptThenMac",
-        },
-        client => {
-          "CipherString" => "AES128-SHA",
-          "Options" => "-EncryptThenMac",
-          "MaxProtocol" => "TLSv1.2"
-        },
-        test   => {
-          "ExpectedResult" => "Success",
-        },
-    },
-);
-
-my @tests_tls1_2 = (
-    {
-        name => "disable-encrypt-then-mac-server-sha2",
-        server => {
-          "Options" => "-EncryptThenMac",
-        },
-        client => {
-          "CipherString" => "AES128-SHA256",
-          "MaxProtocol" => "TLSv1.2"
-        },
-        test   => {
-          "ExpectedResult" => "Success",
-        },
-    },
-    {
-        name => "disable-encrypt-then-mac-client-sha2",
-        server => {
-        },
-        client => {
-          "CipherString" => "AES128-SHA256",
-          "Options" => "-EncryptThenMac",
-          "MaxProtocol" => "TLSv1.2"
-        },
-        test   => {
-          "ExpectedResult" => "Success",
-        },
-    },
-    {
-        name => "disable-encrypt-then-mac-both-sha2",
-        server => {
-          "Options" => "-EncryptThenMac",
-        },
-        client => {
-          "CipherString" => "AES128-SHA256",
-          "Options" => "-EncryptThenMac",
-          "MaxProtocol" => "TLSv1.2"
-        },
-        test   => {
-          "ExpectedResult" => "Success",
-        },
-    },
-);
-
-push @tests, @tests_tls1_2 unless disabled("tls1_2");
diff --git a/test/ssl-tests/20-cert-select.cnf b/test/ssl-tests/20-cert-select.cnf

new file mode 100644 (file)

index 0000000..757b973
--- /dev/null
+++ b/test/ssl-tests/20-cert-select.cnf
@@ -0,0 +1,1816 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 56
+
+test-0 = 0-ECDSA CipherString Selection
+test-1 = 1-ECDSA CipherString Selection
+test-2 = 2-ECDSA CipherString Selection
+test-3 = 3-Ed25519 CipherString and Signature Algorithm Selection
+test-4 = 4-Ed448 CipherString and Signature Algorithm Selection
+test-5 = 5-ECDSA with brainpool
+test-6 = 6-RSA CipherString Selection
+test-7 = 7-RSA-PSS Certificate CipherString Selection
+test-8 = 8-P-256 CipherString and Signature Algorithm Selection
+test-9 = 9-Ed25519 CipherString and Curves Selection
+test-10 = 10-Ed448 CipherString and Curves Selection
+test-11 = 11-ECDSA CipherString Selection, no ECDSA certificate
+test-12 = 12-ECDSA Signature Algorithm Selection
+test-13 = 13-ECDSA Signature Algorithm Selection SHA384
+test-14 = 14-ECDSA Signature Algorithm Selection SHA1
+test-15 = 15-ECDSA Signature Algorithm Selection compressed point
+test-16 = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate
+test-17 = 17-RSA Signature Algorithm Selection
+test-18 = 18-RSA-PSS Signature Algorithm Selection
+test-19 = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection
+test-20 = 20-RSA-PSS Certificate Unified Signature Algorithm Selection
+test-21 = 21-Only RSA-PSS Certificate
+test-22 = 22-Only RSA-PSS Certificate Valid Signature Algorithms
+test-23 = 23-RSA-PSS Certificate, no PSS signature algorithms
+test-24 = 24-Only RSA-PSS Restricted Certificate
+test-25 = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms
+test-26 = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm
+test-27 = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms
+test-28 = 28-RSA key exchange with all RSA certificate types
+test-29 = 29-RSA key exchange with only RSA-PSS certificate
+test-30 = 30-Suite B P-256 Hash Algorithm Selection
+test-31 = 31-Suite B P-384 Hash Algorithm Selection
+test-32 = 32-TLS 1.2 Ed25519 Client Auth
+test-33 = 33-TLS 1.2 Ed448 Client Auth
+test-34 = 34-Only RSA-PSS Certificate, TLS v1.1
+test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection
+test-36 = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
+test-37 = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
+test-38 = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
+test-39 = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
+test-40 = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
+test-41 = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS
+test-42 = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection
+test-43 = 43-TLS 1.3 Ed25519 Signature Algorithm Selection
+test-44 = 44-TLS 1.3 Ed448 Signature Algorithm Selection
+test-45 = 45-TLS 1.3 Ed25519 CipherString and Groups Selection
+test-46 = 46-TLS 1.3 Ed448 CipherString and Groups Selection
+test-47 = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection
+test-48 = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names
+test-49 = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
+test-50 = 50-TLS 1.3 Ed25519 Client Auth
+test-51 = 51-TLS 1.3 Ed448 Client Auth
+test-52 = 52-TLS 1.3 ECDSA with brainpool
+test-53 = 53-TLS 1.2 DSA Certificate Test
+test-54 = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
+test-55 = 55-TLS 1.3 DSA Certificate Test
+# ===========================================================
+
+[0-ECDSA CipherString Selection]
+ssl_conf = 0-ECDSA CipherString Selection-ssl
+
+[0-ECDSA CipherString Selection-ssl]
+server = 0-ECDSA CipherString Selection-server
+client = 0-ECDSA CipherString Selection-client
+
+[0-ECDSA CipherString Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-ECDSA CipherString Selection-client]
+CipherString = aECDSA
+MaxProtocol = TLSv1.2
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+ExpectedServerCANames = empty
+ExpectedServerCertType = P-256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[1-ECDSA CipherString Selection]
+ssl_conf = 1-ECDSA CipherString Selection-ssl
+
+[1-ECDSA CipherString Selection-ssl]
+server = 1-ECDSA CipherString Selection-server
+client = 1-ECDSA CipherString Selection-client
+
+[1-ECDSA CipherString Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Groups = P-384
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-ECDSA CipherString Selection-client]
+CipherString = aECDSA
+Groups = P-256:P-384
+MaxProtocol = TLSv1.2
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+ExpectedServerCANames = empty
+ExpectedServerCertType = P-256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[2-ECDSA CipherString Selection]
+ssl_conf = 2-ECDSA CipherString Selection-ssl
+
+[2-ECDSA CipherString Selection-ssl]
+server = 2-ECDSA CipherString Selection-server
+client = 2-ECDSA CipherString Selection-client
+
+[2-ECDSA CipherString Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Groups = P-256:P-384
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-ECDSA CipherString Selection-client]
+CipherString = aECDSA
+Groups = P-384
+MaxProtocol = TLSv1.2
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[3-Ed25519 CipherString and Signature Algorithm Selection]
+ssl_conf = 3-Ed25519 CipherString and Signature Algorithm Selection-ssl
+
+[3-Ed25519 CipherString and Signature Algorithm Selection-ssl]
+server = 3-Ed25519 CipherString and Signature Algorithm Selection-server
+client = 3-Ed25519 CipherString and Signature Algorithm Selection-client
+
+[3-Ed25519 CipherString and Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-Ed25519 CipherString and Signature Algorithm Selection-client]
+CipherString = aECDSA
+MaxProtocol = TLSv1.2
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+SignatureAlgorithms = ed25519:ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+ExpectedServerCANames = empty
+ExpectedServerCertType = Ed25519
+ExpectedServerSignType = Ed25519
+
+
+# ===========================================================
+
+[4-Ed448 CipherString and Signature Algorithm Selection]
+ssl_conf = 4-Ed448 CipherString and Signature Algorithm Selection-ssl
+
+[4-Ed448 CipherString and Signature Algorithm Selection-ssl]
+server = 4-Ed448 CipherString and Signature Algorithm Selection-server
+client = 4-Ed448 CipherString and Signature Algorithm Selection-client
+
+[4-Ed448 CipherString and Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-Ed448 CipherString and Signature Algorithm Selection-client]
+CipherString = aECDSA
+MaxProtocol = TLSv1.2
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
+SignatureAlgorithms = ed448:ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+ExpectedServerCANames = empty
+ExpectedServerCertType = Ed448
+ExpectedServerSignType = Ed448
+
+
+# ===========================================================
+
+[5-ECDSA with brainpool]
+ssl_conf = 5-ECDSA with brainpool-ssl
+
+[5-ECDSA with brainpool-ssl]
+server = 5-ECDSA with brainpool-server
+client = 5-ECDSA with brainpool-client
+
+[5-ECDSA with brainpool-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
+CipherString = DEFAULT
+Groups = brainpoolP256r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
+
+[5-ECDSA with brainpool-client]
+CipherString = aECDSA
+Groups = brainpoolP256r1
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+ExpectedServerCANames = empty
+ExpectedServerCertType = brainpoolP256r1
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[6-RSA CipherString Selection]
+ssl_conf = 6-RSA CipherString Selection-ssl
+
+[6-RSA CipherString Selection-ssl]
+server = 6-RSA CipherString Selection-server
+client = 6-RSA CipherString Selection-client
+
+[6-RSA CipherString Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-RSA CipherString Selection-client]
+CipherString = aRSA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = Success
+ExpectedServerCertType = RSA
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[7-RSA-PSS Certificate CipherString Selection]
+ssl_conf = 7-RSA-PSS Certificate CipherString Selection-ssl
+
+[7-RSA-PSS Certificate CipherString Selection-ssl]
+server = 7-RSA-PSS Certificate CipherString Selection-server
+client = 7-RSA-PSS Certificate CipherString Selection-client
+
+[7-RSA-PSS Certificate CipherString Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.2
+PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
+PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-RSA-PSS Certificate CipherString Selection-client]
+CipherString = aRSA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = Success
+ExpectedServerCertType = RSA-PSS
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[8-P-256 CipherString and Signature Algorithm Selection]
+ssl_conf = 8-P-256 CipherString and Signature Algorithm Selection-ssl
+
+[8-P-256 CipherString and Signature Algorithm Selection-ssl]
+server = 8-P-256 CipherString and Signature Algorithm Selection-server
+client = 8-P-256 CipherString and Signature Algorithm Selection-client
+
+[8-P-256 CipherString and Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-P-256 CipherString and Signature Algorithm Selection-client]
+CipherString = aECDSA
+MaxProtocol = TLSv1.2
+SignatureAlgorithms = ECDSA+SHA256:ed25519
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedResult = Success
+ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[9-Ed25519 CipherString and Curves Selection]
+ssl_conf = 9-Ed25519 CipherString and Curves Selection-ssl
+
+[9-Ed25519 CipherString and Curves Selection-ssl]
+server = 9-Ed25519 CipherString and Curves Selection-server
+client = 9-Ed25519 CipherString and Curves Selection-client
+
+[9-Ed25519 CipherString and Curves Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[9-Ed25519 CipherString and Curves Selection-client]
+CipherString = aECDSA
+Curves = X25519
+MaxProtocol = TLSv1.2
+SignatureAlgorithms = ECDSA+SHA256:ed25519
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedResult = Success
+ExpectedServerCertType = Ed25519
+ExpectedServerSignType = Ed25519
+
+
+# ===========================================================
+
+[10-Ed448 CipherString and Curves Selection]
+ssl_conf = 10-Ed448 CipherString and Curves Selection-ssl
+
+[10-Ed448 CipherString and Curves Selection-ssl]
+server = 10-Ed448 CipherString and Curves Selection-server
+client = 10-Ed448 CipherString and Curves Selection-client
+
+[10-Ed448 CipherString and Curves Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[10-Ed448 CipherString and Curves Selection-client]
+CipherString = aECDSA
+Curves = X448
+MaxProtocol = TLSv1.2
+SignatureAlgorithms = ECDSA+SHA256:ed448
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedResult = Success
+ExpectedServerCertType = Ed448
+ExpectedServerSignType = Ed448
+
+
+# ===========================================================
+
+[11-ECDSA CipherString Selection, no ECDSA certificate]
+ssl_conf = 11-ECDSA CipherString Selection, no ECDSA certificate-ssl
+
+[11-ECDSA CipherString Selection, no ECDSA certificate-ssl]
+server = 11-ECDSA CipherString Selection, no ECDSA certificate-server
+client = 11-ECDSA CipherString Selection, no ECDSA certificate-client
+
+[11-ECDSA CipherString Selection, no ECDSA certificate-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[11-ECDSA CipherString Selection, no ECDSA certificate-client]
+CipherString = aECDSA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[12-ECDSA Signature Algorithm Selection]
+ssl_conf = 12-ECDSA Signature Algorithm Selection-ssl
+
+[12-ECDSA Signature Algorithm Selection-ssl]
+server = 12-ECDSA Signature Algorithm Selection-server
+client = 12-ECDSA Signature Algorithm Selection-client
+
+[12-ECDSA Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[12-ECDSA Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedResult = Success
+ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[13-ECDSA Signature Algorithm Selection SHA384]
+ssl_conf = 13-ECDSA Signature Algorithm Selection SHA384-ssl
+
+[13-ECDSA Signature Algorithm Selection SHA384-ssl]
+server = 13-ECDSA Signature Algorithm Selection SHA384-server
+client = 13-ECDSA Signature Algorithm Selection SHA384-client
+
+[13-ECDSA Signature Algorithm Selection SHA384-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[13-ECDSA Signature Algorithm Selection SHA384-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA384
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedResult = Success
+ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA384
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[14-ECDSA Signature Algorithm Selection SHA1]
+ssl_conf = 14-ECDSA Signature Algorithm Selection SHA1-ssl
+
+[14-ECDSA Signature Algorithm Selection SHA1-ssl]
+server = 14-ECDSA Signature Algorithm Selection SHA1-server
+client = 14-ECDSA Signature Algorithm Selection SHA1-client
+
+[14-ECDSA Signature Algorithm Selection SHA1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[14-ECDSA Signature Algorithm Selection SHA1-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-14]
+ExpectedResult = Success
+ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA1
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[15-ECDSA Signature Algorithm Selection compressed point]
+ssl_conf = 15-ECDSA Signature Algorithm Selection compressed point-ssl
+
+[15-ECDSA Signature Algorithm Selection compressed point-ssl]
+server = 15-ECDSA Signature Algorithm Selection compressed point-server
+client = 15-ECDSA Signature Algorithm Selection compressed point-client
+
+[15-ECDSA Signature Algorithm Selection compressed point-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[15-ECDSA Signature Algorithm Selection compressed point-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-15]
+ExpectedResult = Success
+ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[16-ECDSA Signature Algorithm Selection, no ECDSA certificate]
+ssl_conf = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
+
+[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
+server = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
+client = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
+
+[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[17-RSA Signature Algorithm Selection]
+ssl_conf = 17-RSA Signature Algorithm Selection-ssl
+
+[17-RSA Signature Algorithm Selection-ssl]
+server = 17-RSA Signature Algorithm Selection-server
+client = 17-RSA Signature Algorithm Selection-client
+
+[17-RSA Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-RSA Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = RSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+ExpectedResult = Success
+ExpectedServerCertType = RSA
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA
+
+
+# ===========================================================
+
+[18-RSA-PSS Signature Algorithm Selection]
+ssl_conf = 18-RSA-PSS Signature Algorithm Selection-ssl
+
+[18-RSA-PSS Signature Algorithm Selection-ssl]
+server = 18-RSA-PSS Signature Algorithm Selection-server
+client = 18-RSA-PSS Signature Algorithm Selection-client
+
+[18-RSA-PSS Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-RSA-PSS Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = RSA-PSS+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ExpectedResult = Success
+ExpectedServerCertType = RSA
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[19-RSA-PSS Certificate Legacy Signature Algorithm Selection]
+ssl_conf = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl
+
+[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl]
+server = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server
+client = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client
+
+[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.2
+PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
+PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = RSA-PSS+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-19]
+ExpectedResult = Success
+ExpectedServerCertType = RSA
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[20-RSA-PSS Certificate Unified Signature Algorithm Selection]
+ssl_conf = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl
+
+[20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl]
+server = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-server
+client = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-client
+
+[20-RSA-PSS Certificate Unified Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.2
+PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
+PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[20-RSA-PSS Certificate Unified Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = rsa_pss_pss_sha256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-20]
+ExpectedResult = Success
+ExpectedServerCertType = RSA-PSS
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[21-Only RSA-PSS Certificate]
+ssl_conf = 21-Only RSA-PSS Certificate-ssl
+
+[21-Only RSA-PSS Certificate-ssl]
+server = 21-Only RSA-PSS Certificate-server
+client = 21-Only RSA-PSS Certificate-client
+
+[21-Only RSA-PSS Certificate-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
+
+[21-Only RSA-PSS Certificate-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-21]
+ExpectedResult = Success
+ExpectedServerCertType = RSA-PSS
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[22-Only RSA-PSS Certificate Valid Signature Algorithms]
+ssl_conf = 22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl
+
+[22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl]
+server = 22-Only RSA-PSS Certificate Valid Signature Algorithms-server
+client = 22-Only RSA-PSS Certificate Valid Signature Algorithms-client
+
+[22-Only RSA-PSS Certificate Valid Signature Algorithms-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
+
+[22-Only RSA-PSS Certificate Valid Signature Algorithms-client]
+CipherString = DEFAULT
+SignatureAlgorithms = rsa_pss_pss_sha512
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-22]
+ExpectedResult = Success
+ExpectedServerCertType = RSA-PSS
+ExpectedServerSignHash = SHA512
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[23-RSA-PSS Certificate, no PSS signature algorithms]
+ssl_conf = 23-RSA-PSS Certificate, no PSS signature algorithms-ssl
+
+[23-RSA-PSS Certificate, no PSS signature algorithms-ssl]
+server = 23-RSA-PSS Certificate, no PSS signature algorithms-server
+client = 23-RSA-PSS Certificate, no PSS signature algorithms-client
+
+[23-RSA-PSS Certificate, no PSS signature algorithms-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
+
+[23-RSA-PSS Certificate, no PSS signature algorithms-client]
+CipherString = DEFAULT
+SignatureAlgorithms = RSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-23]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[24-Only RSA-PSS Restricted Certificate]
+ssl_conf = 24-Only RSA-PSS Restricted Certificate-ssl
+
+[24-Only RSA-PSS Restricted Certificate-ssl]
+server = 24-Only RSA-PSS Restricted Certificate-server
+client = 24-Only RSA-PSS Restricted Certificate-client
+
+[24-Only RSA-PSS Restricted Certificate-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
+
+[24-Only RSA-PSS Restricted Certificate-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-24]
+ExpectedResult = Success
+ExpectedServerCertType = RSA-PSS
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[25-RSA-PSS Restricted Certificate Valid Signature Algorithms]
+ssl_conf = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl
+
+[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl]
+server = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server
+client = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client
+
+[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
+
+[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client]
+CipherString = DEFAULT
+SignatureAlgorithms = rsa_pss_pss_sha256:rsa_pss_pss_sha512
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-25]
+ExpectedResult = Success
+ExpectedServerCertType = RSA-PSS
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm]
+ssl_conf = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl
+
+[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl]
+server = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server
+client = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client
+
+[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
+
+[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client]
+CipherString = DEFAULT
+SignatureAlgorithms = rsa_pss_pss_sha512:rsa_pss_pss_sha256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-26]
+ExpectedResult = Success
+ExpectedServerCertType = RSA-PSS
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms]
+ssl_conf = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl
+
+[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl]
+server = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server
+client = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client
+
+[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
+
+[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client]
+CipherString = DEFAULT
+SignatureAlgorithms = rsa_pss_pss_sha512
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-27]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[28-RSA key exchange with all RSA certificate types]
+ssl_conf = 28-RSA key exchange with all RSA certificate types-ssl
+
+[28-RSA key exchange with all RSA certificate types-ssl]
+server = 28-RSA key exchange with all RSA certificate types-server
+client = 28-RSA key exchange with all RSA certificate types-client
+
+[28-RSA key exchange with all RSA certificate types-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
+PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[28-RSA key exchange with all RSA certificate types-client]
+CipherString = kRSA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-28]
+ExpectedResult = Success
+ExpectedServerCertType = RSA
+
+
+# ===========================================================
+
+[29-RSA key exchange with only RSA-PSS certificate]
+ssl_conf = 29-RSA key exchange with only RSA-PSS certificate-ssl
+
+[29-RSA key exchange with only RSA-PSS certificate-ssl]
+server = 29-RSA key exchange with only RSA-PSS certificate-server
+client = 29-RSA key exchange with only RSA-PSS certificate-client
+
+[29-RSA key exchange with only RSA-PSS certificate-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
+
+[29-RSA key exchange with only RSA-PSS certificate-client]
+CipherString = kRSA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-29]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[30-Suite B P-256 Hash Algorithm Selection]
+ssl_conf = 30-Suite B P-256 Hash Algorithm Selection-ssl
+
+[30-Suite B P-256 Hash Algorithm Selection-ssl]
+server = 30-Suite B P-256 Hash Algorithm Selection-server
+client = 30-Suite B P-256 Hash Algorithm Selection-client
+
+[30-Suite B P-256 Hash Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = SUITEB128
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[30-Suite B P-256 Hash Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
+VerifyMode = Peer
+
+[test-30]
+ExpectedResult = Success
+ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[31-Suite B P-384 Hash Algorithm Selection]
+ssl_conf = 31-Suite B P-384 Hash Algorithm Selection-ssl
+
+[31-Suite B P-384 Hash Algorithm Selection-ssl]
+server = 31-Suite B P-384 Hash Algorithm Selection-server
+client = 31-Suite B P-384 Hash Algorithm Selection-client
+
+[31-Suite B P-384 Hash Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = SUITEB128
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[31-Suite B P-384 Hash Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
+VerifyMode = Peer
+
+[test-31]
+ExpectedResult = Success
+ExpectedServerCertType = P-384
+ExpectedServerSignHash = SHA384
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[32-TLS 1.2 Ed25519 Client Auth]
+ssl_conf = 32-TLS 1.2 Ed25519 Client Auth-ssl
+
+[32-TLS 1.2 Ed25519 Client Auth-ssl]
+server = 32-TLS 1.2 Ed25519 Client Auth-server
+client = 32-TLS 1.2 Ed25519 Client Auth-client
+
+[32-TLS 1.2 Ed25519 Client Auth-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[32-TLS 1.2 Ed25519 Client Auth-client]
+CipherString = DEFAULT
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-32]
+ExpectedClientCertType = Ed25519
+ExpectedClientSignType = Ed25519
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[33-TLS 1.2 Ed448 Client Auth]
+ssl_conf = 33-TLS 1.2 Ed448 Client Auth-ssl
+
+[33-TLS 1.2 Ed448 Client Auth-ssl]
+server = 33-TLS 1.2 Ed448 Client Auth-server
+client = 33-TLS 1.2 Ed448 Client Auth-client
+
+[33-TLS 1.2 Ed448 Client Auth-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[33-TLS 1.2 Ed448 Client Auth-client]
+CipherString = DEFAULT
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-33]
+ExpectedClientCertType = Ed448
+ExpectedClientSignType = Ed448
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[34-Only RSA-PSS Certificate, TLS v1.1]
+ssl_conf = 34-Only RSA-PSS Certificate, TLS v1.1-ssl
+
+[34-Only RSA-PSS Certificate, TLS v1.1-ssl]
+server = 34-Only RSA-PSS Certificate, TLS v1.1-server
+client = 34-Only RSA-PSS Certificate, TLS v1.1-client
+
+[34-Only RSA-PSS Certificate, TLS v1.1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
+
+[34-Only RSA-PSS Certificate, TLS v1.1-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-34]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[35-TLS 1.3 ECDSA Signature Algorithm Selection]
+ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl
+
+[35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl]
+server = 35-TLS 1.3 ECDSA Signature Algorithm Selection-server
+client = 35-TLS 1.3 ECDSA Signature Algorithm Selection-client
+
+[35-TLS 1.3 ECDSA Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[35-TLS 1.3 ECDSA Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-35]
+ExpectedResult = Success
+ExpectedServerCANames = empty
+ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point]
+ssl_conf = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl
+
+[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl]
+server = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server
+client = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client
+
+[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-36]
+ExpectedResult = Success
+ExpectedServerCANames = empty
+ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1]
+ssl_conf = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl
+
+[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl]
+server = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server
+client = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
+
+[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-37]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS]
+ssl_conf = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl
+
+[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl]
+server = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server
+client = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client
+
+[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client]
+CipherString = DEFAULT
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-38]
+ExpectedResult = Success
+ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS]
+ssl_conf = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl
+
+[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl]
+server = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server
+client = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client
+
+[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-39]
+ExpectedResult = Success
+ExpectedServerCertType = RSA
+ExpectedServerSignHash = SHA384
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate]
+ssl_conf = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
+
+[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
+server = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server
+client = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client
+
+[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-40]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS]
+ssl_conf = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl
+
+[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl]
+server = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server
+client = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client
+
+[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client]
+CipherString = DEFAULT
+SignatureAlgorithms = RSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-41]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[42-TLS 1.3 RSA-PSS Signature Algorithm Selection]
+ssl_conf = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl
+
+[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl]
+server = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server
+client = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client
+
+[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = RSA-PSS+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-42]
+ExpectedResult = Success
+ExpectedServerCertType = RSA
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[43-TLS 1.3 Ed25519 Signature Algorithm Selection]
+ssl_conf = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl
+
+[43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl]
+server = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-server
+client = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-client
+
+[43-TLS 1.3 Ed25519 Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[43-TLS 1.3 Ed25519 Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ed25519
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-43]
+ExpectedResult = Success
+ExpectedServerCertType = Ed25519
+ExpectedServerSignType = Ed25519
+
+
+# ===========================================================
+
+[44-TLS 1.3 Ed448 Signature Algorithm Selection]
+ssl_conf = 44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl
+
+[44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl]
+server = 44-TLS 1.3 Ed448 Signature Algorithm Selection-server
+client = 44-TLS 1.3 Ed448 Signature Algorithm Selection-client
+
+[44-TLS 1.3 Ed448 Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[44-TLS 1.3 Ed448 Signature Algorithm Selection-client]
+CipherString = DEFAULT
+SignatureAlgorithms = ed448
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
+VerifyMode = Peer
+
+[test-44]
+ExpectedResult = Success
+ExpectedServerCertType = Ed448
+ExpectedServerSignType = Ed448
+
+
+# ===========================================================
+
+[45-TLS 1.3 Ed25519 CipherString and Groups Selection]
+ssl_conf = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl
+
+[45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl]
+server = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-server
+client = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-client
+
+[45-TLS 1.3 Ed25519 CipherString and Groups Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[45-TLS 1.3 Ed25519 CipherString and Groups Selection-client]
+CipherString = DEFAULT
+Groups = X25519
+SignatureAlgorithms = ECDSA+SHA256:ed25519
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-45]
+ExpectedResult = Success
+ExpectedServerCertType = P-256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[46-TLS 1.3 Ed448 CipherString and Groups Selection]
+ssl_conf = 46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl
+
+[46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl]
+server = 46-TLS 1.3 Ed448 CipherString and Groups Selection-server
+client = 46-TLS 1.3 Ed448 CipherString and Groups Selection-client
+
+[46-TLS 1.3 Ed448 CipherString and Groups Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
+Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
+Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
+Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[46-TLS 1.3 Ed448 CipherString and Groups Selection-client]
+CipherString = DEFAULT
+Groups = X448
+SignatureAlgorithms = ECDSA+SHA256:ed448
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-46]
+ExpectedResult = Success
+ExpectedServerCertType = P-256
+ExpectedServerSignType = EC
+
+
+# ===========================================================
+
+[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection]
+ssl_conf = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl
+
+[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl]
+server = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server
+client = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client
+
+[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = PSS+SHA256
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client]
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-47]
+ExpectedClientCANames = empty
+ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
+ExpectedClientSignType = RSA-PSS
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names]
+ssl_conf = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl
+
+[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl]
+server = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server
+client = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client
+
+[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = PSS+SHA256
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client]
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-48]
+ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
+ExpectedClientSignType = RSA-PSS
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection]
+ssl_conf = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl
+
+[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl]
+server = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server
+client = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client
+
+[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = ECDSA+SHA256
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client]
+CipherString = DEFAULT
+ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
+ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-49]
+ExpectedClientCertType = P-256
+ExpectedClientSignHash = SHA256
+ExpectedClientSignType = EC
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[50-TLS 1.3 Ed25519 Client Auth]
+ssl_conf = 50-TLS 1.3 Ed25519 Client Auth-ssl
+
+[50-TLS 1.3 Ed25519 Client Auth-ssl]
+server = 50-TLS 1.3 Ed25519 Client Auth-server
+client = 50-TLS 1.3 Ed25519 Client Auth-client
+
+[50-TLS 1.3 Ed25519 Client Auth-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[50-TLS 1.3 Ed25519 Client Auth-client]
+CipherString = DEFAULT
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-50]
+ExpectedClientCertType = Ed25519
+ExpectedClientSignType = Ed25519
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[51-TLS 1.3 Ed448 Client Auth]
+ssl_conf = 51-TLS 1.3 Ed448 Client Auth-ssl
+
+[51-TLS 1.3 Ed448 Client Auth-ssl]
+server = 51-TLS 1.3 Ed448 Client Auth-server
+client = 51-TLS 1.3 Ed448 Client Auth-client
+
+[51-TLS 1.3 Ed448 Client Auth-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[51-TLS 1.3 Ed448 Client Auth-client]
+CipherString = DEFAULT
+EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
+EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-51]
+ExpectedClientCertType = Ed448
+ExpectedClientSignType = Ed448
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[52-TLS 1.3 ECDSA with brainpool]
+ssl_conf = 52-TLS 1.3 ECDSA with brainpool-ssl
+
+[52-TLS 1.3 ECDSA with brainpool-ssl]
+server = 52-TLS 1.3 ECDSA with brainpool-server
+client = 52-TLS 1.3 ECDSA with brainpool-client
+
+[52-TLS 1.3 ECDSA with brainpool-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
+CipherString = DEFAULT
+Groups = brainpoolP256r1
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
+
+[52-TLS 1.3 ECDSA with brainpool-client]
+CipherString = DEFAULT
+Groups = brainpoolP256r1
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-52]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[53-TLS 1.2 DSA Certificate Test]
+ssl_conf = 53-TLS 1.2 DSA Certificate Test-ssl
+
+[53-TLS 1.2 DSA Certificate Test-ssl]
+server = 53-TLS 1.2 DSA Certificate Test-server
+client = 53-TLS 1.2 DSA Certificate Test-client
+
+[53-TLS 1.2 DSA Certificate Test-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = ALL
+DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
+DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
+DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
+MaxProtocol = TLSv1.2
+MinProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[53-TLS 1.2 DSA Certificate Test-client]
+CipherString = ALL
+SignatureAlgorithms = DSA+SHA256:DSA+SHA1
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-53]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms]
+ssl_conf = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl
+
+[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl]
+server = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server
+client = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client
+
+[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-54]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[55-TLS 1.3 DSA Certificate Test]
+ssl_conf = 55-TLS 1.3 DSA Certificate Test-ssl
+
+[55-TLS 1.3 DSA Certificate Test-ssl]
+server = 55-TLS 1.3 DSA Certificate Test-server
+client = 55-TLS 1.3 DSA Certificate Test-client
+
+[55-TLS 1.3 DSA Certificate Test-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = ALL
+DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
+DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[55-TLS 1.3 DSA Certificate Test-client]
+CipherString = ALL
+SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-55]
+ExpectedResult = ServerFail
+
+
diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in

new file mode 100644 (file)

index 0000000..2409354
--- /dev/null
+++ b/test/ssl-tests/20-cert-select.cnf.in
@@ -0,0 +1,933 @@
+# -*- mode: perl; -*-
+
+## SSL test configurations
+
+
+use strict;
+use warnings;
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+my $server = {
+    "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
+    "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
+    "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
+    "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
+    "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
+    "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
+    "MaxProtocol" => "TLSv1.2"
+};
+
+my $server_pss = {
+    "PSS.Certificate" => test_pem("server-pss-cert.pem"),
+    "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
+    "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
+    "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
+    "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
+    "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
+    "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
+    "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
+    "MaxProtocol" => "TLSv1.2"
+};
+
+my $server_pss_only = {
+    "Certificate" => test_pem("server-pss-cert.pem"),
+    "PrivateKey" => test_pem("server-pss-key.pem"),
+};
+
+my $server_pss_restrict_only = {
+    "Certificate" => test_pem("server-pss-restrict-cert.pem"),
+    "PrivateKey" => test_pem("server-pss-restrict-key.pem"),
+};
+
+
+my $server_rsa_all = {
+    "PSS.Certificate" => test_pem("server-pss-cert.pem"),
+    "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
+    "Certificate" => test_pem("servercert.pem"),
+    "PrivateKey" => test_pem("serverkey.pem"),
+};
+
+our @tests = (
+    {
+        name => "ECDSA CipherString Selection",
+        server => $server,
+        client => {
+            "CipherString" => "aECDSA",
+            "MaxProtocol" => "TLSv1.2",
+            "RequestCAFile" => test_pem("root-cert.pem"),
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "P-256",
+            "ExpectedServerSignType" =>, "EC",
+            # Note: certificate_authorities not sent for TLS < 1.3
+            "ExpectedServerCANames" =>, "empty",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "ECDSA CipherString Selection",
+        server => {
+            "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
+            "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
+            "MaxProtocol" => "TLSv1.2",
+            #Deliberately set supported_groups to one not in the cert. This
+            #should be tolerated
+            "Groups" => "P-384"
+        },
+        client => {
+            "CipherString" => "aECDSA",
+            "MaxProtocol" => "TLSv1.2",
+            "Groups" => "P-256:P-384",
+            "RequestCAFile" => test_pem("root-cert.pem"),
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "P-256",
+            "ExpectedServerSignType" =>, "EC",
+            # Note: certificate_authorities not sent for TLS < 1.3
+            "ExpectedServerCANames" =>, "empty",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "ECDSA CipherString Selection",
+        server => {
+            "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
+            "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
+            "MaxProtocol" => "TLSv1.2",
+            "Groups" => "P-256:P-384"
+        },
+        client => {
+            "CipherString" => "aECDSA",
+            "MaxProtocol" => "TLSv1.2",
+            #Deliberately set groups to not include the certificate group. This
+            #should fail
+            "Groups" => "P-384",
+            "RequestCAFile" => test_pem("root-cert.pem"),
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+    {
+        name => "Ed25519 CipherString and Signature Algorithm Selection",
+        server => $server,
+        client => {
+            "CipherString" => "aECDSA",
+            "MaxProtocol" => "TLSv1.2",
+            "SignatureAlgorithms" => "ed25519:ECDSA+SHA256",
+            "RequestCAFile" => test_pem("root-cert.pem"),
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "Ed25519",
+            "ExpectedServerSignType" =>, "Ed25519",
+            # Note: certificate_authorities not sent for TLS < 1.3
+            "ExpectedServerCANames" =>, "empty",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "Ed448 CipherString and Signature Algorithm Selection",
+        server => $server,
+        client => {
+            "CipherString" => "aECDSA",
+            "MaxProtocol" => "TLSv1.2",
+            "SignatureAlgorithms" => "ed448:ECDSA+SHA256",
+            "RequestCAFile" => test_pem("root-ed448-cert.pem"),
+            "VerifyCAFile" => test_pem("root-ed448-cert.pem"),
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "Ed448",
+            "ExpectedServerSignType" =>, "Ed448",
+            # Note: certificate_authorities not sent for TLS < 1.3
+            "ExpectedServerCANames" =>, "empty",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "ECDSA with brainpool",
+        server =>  {
+            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
+            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
+            "Groups" => "brainpoolP256r1",
+        },
+        client => {
+            #We don't restrict this to TLSv1.2, although use of brainpool
+            #should force this anyway so that this should succeed
+            "CipherString" => "aECDSA",
+            "RequestCAFile" => test_pem("root-cert.pem"),
+            "Groups" => "brainpoolP256r1",
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "brainpoolP256r1",
+            "ExpectedServerSignType" =>, "EC",
+            # Note: certificate_authorities not sent for TLS < 1.3
+            "ExpectedServerCANames" =>, "empty",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "RSA CipherString Selection",
+        server => $server,
+        client => {
+            "CipherString" => "aRSA",
+            "MaxProtocol" => "TLSv1.2",
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "RSA",
+            "ExpectedServerSignType" =>, "RSA-PSS",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "RSA-PSS Certificate CipherString Selection",
+        server => $server_pss,
+        client => {
+            "CipherString" => "aRSA",
+            "MaxProtocol" => "TLSv1.2",
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "RSA-PSS",
+            "ExpectedServerSignType" =>, "RSA-PSS",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "P-256 CipherString and Signature Algorithm Selection",
+        server => $server,
+        client => {
+            "CipherString" => "aECDSA",
+            "MaxProtocol" => "TLSv1.2",
+            "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
+        },
+        test   => {
+            "ExpectedServerCertType" => "P-256",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "Ed25519 CipherString and Curves Selection",
+        server => $server,
+        client => {
+            "CipherString" => "aECDSA",
+            "MaxProtocol" => "TLSv1.2",
+            "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
+            # Excluding P-256 from the supported curves list means server
+            # certificate should be Ed25519 and not P-256
+            "Curves" => "X25519"
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "Ed25519",
+            "ExpectedServerSignType" =>, "Ed25519",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "Ed448 CipherString and Curves Selection",
+        server => $server,
+        client => {
+            "CipherString" => "aECDSA",
+            "MaxProtocol" => "TLSv1.2",
+            "SignatureAlgorithms" => "ECDSA+SHA256:ed448",
+            "VerifyCAFile" => test_pem("root-ed448-cert.pem"),
+            # Excluding P-256 from the supported curves list means server
+            # certificate should be Ed25519 and not P-256
+            "Curves" => "X448"
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "Ed448",
+            "ExpectedServerSignType" =>, "Ed448",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "ECDSA CipherString Selection, no ECDSA certificate",
+        server => {
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => {
+            "CipherString" => "aECDSA",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+    {
+        name => "ECDSA Signature Algorithm Selection",
+        server => $server,
+        client => {
+            "SignatureAlgorithms" => "ECDSA+SHA256",
+        },
+        test   => {
+            "ExpectedServerCertType" => "P-256",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "ECDSA Signature Algorithm Selection SHA384",
+        server => $server,
+        client => {
+            "SignatureAlgorithms" => "ECDSA+SHA384",
+        },
+        test   => {
+            "ExpectedServerCertType" => "P-256",
+            "ExpectedServerSignHash" => "SHA384",
+            "ExpectedServerSignType" => "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "ECDSA Signature Algorithm Selection SHA1",
+        server => $server,
+        client => {
+            "SignatureAlgorithms" => "ECDSA+SHA1",
+        },
+        test   => {
+            "ExpectedServerCertType" => "P-256",
+            "ExpectedServerSignHash" => "SHA1",
+            "ExpectedServerSignType" => "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "ECDSA Signature Algorithm Selection compressed point",
+        server => {
+            "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
+            "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
+            "MaxProtocol" => "TLSv1.2"
+        },
+        client => {
+            "SignatureAlgorithms" => "ECDSA+SHA256",
+        },
+        test   => {
+            "ExpectedServerCertType" => "P-256",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
+        server => {
+             "MaxProtocol" => "TLSv1.2"
+        },
+        client => {
+            "SignatureAlgorithms" => "ECDSA+SHA256",
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+    {
+        name => "RSA Signature Algorithm Selection",
+        server => $server,
+        client => {
+            "SignatureAlgorithms" => "RSA+SHA256",
+        },
+        test   => {
+            "ExpectedServerCertType" => "RSA",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "RSA",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "RSA-PSS Signature Algorithm Selection",
+        server => $server,
+        client => {
+            "SignatureAlgorithms" => "RSA-PSS+SHA256",
+        },
+        test   => {
+            "ExpectedServerCertType" => "RSA",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "RSA-PSS",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "RSA-PSS Certificate Legacy Signature Algorithm Selection",
+        server => $server_pss,
+        client => {
+            "SignatureAlgorithms" => "RSA-PSS+SHA256",
+        },
+        test   => {
+            "ExpectedServerCertType" => "RSA",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "RSA-PSS",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "RSA-PSS Certificate Unified Signature Algorithm Selection",
+        server => $server_pss,
+        client => {
+            "SignatureAlgorithms" => "rsa_pss_pss_sha256",
+        },
+        test   => {
+            "ExpectedServerCertType" => "RSA-PSS",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "RSA-PSS",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "Only RSA-PSS Certificate",
+        server => $server_pss_only,
+        client => {},
+        test   => {
+            "ExpectedServerCertType" => "RSA-PSS",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "RSA-PSS",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "Only RSA-PSS Certificate Valid Signature Algorithms",
+        server => $server_pss_only,
+        client => {
+            "SignatureAlgorithms" => "rsa_pss_pss_sha512",
+        },
+        test   => {
+            "ExpectedServerCertType" => "RSA-PSS",
+            "ExpectedServerSignHash" => "SHA512",
+            "ExpectedServerSignType" => "RSA-PSS",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "RSA-PSS Certificate, no PSS signature algorithms",
+        server => $server_pss_only,
+        client => {
+            "SignatureAlgorithms" => "RSA+SHA256",
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+    {
+        name => "Only RSA-PSS Restricted Certificate",
+        server => $server_pss_restrict_only,
+        client => {},
+        test   => {
+            "ExpectedServerCertType" => "RSA-PSS",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "RSA-PSS",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "RSA-PSS Restricted Certificate Valid Signature Algorithms",
+        server => $server_pss_restrict_only,
+        client => {
+            "SignatureAlgorithms" => "rsa_pss_pss_sha256:rsa_pss_pss_sha512",
+        },
+        test   => {
+            "ExpectedServerCertType" => "RSA-PSS",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "RSA-PSS",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "RSA-PSS Restricted Cert client prefers invalid Signature Algorithm",
+        server => $server_pss_restrict_only,
+        client => {
+            "SignatureAlgorithms" => "rsa_pss_pss_sha512:rsa_pss_pss_sha256",
+        },
+        test   => {
+            "ExpectedServerCertType" => "RSA-PSS",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "RSA-PSS",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "RSA-PSS Restricted Certificate Invalid Signature Algorithms",
+        server => $server_pss_restrict_only,
+        client => {
+            "SignatureAlgorithms" => "rsa_pss_pss_sha512",
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+    {
+        name => "RSA key exchange with all RSA certificate types",
+        server => $server_rsa_all,
+        client => {
+            "CipherString" => "kRSA",
+            "MaxProtocol" => "TLSv1.2",
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "RSA",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "RSA key exchange with only RSA-PSS certificate",
+        server => $server_pss_only,
+        client => {
+            "CipherString" => "kRSA",
+            "MaxProtocol" => "TLSv1.2",
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+    {
+        name => "Suite B P-256 Hash Algorithm Selection",
+        server =>  {
+            "ECDSA.Certificate" => test_pem("p256-server-cert.pem"),
+            "ECDSA.PrivateKey" => test_pem("p256-server-key.pem"),
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "SUITEB128"
+        },
+        client => {
+            "VerifyCAFile" => test_pem("p384-root.pem"),
+            "SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256"
+        },
+        test   => {
+            "ExpectedServerCertType" => "P-256",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "Suite B P-384 Hash Algorithm Selection",
+        server =>  {
+            "ECDSA.Certificate" => test_pem("p384-server-cert.pem"),
+            "ECDSA.PrivateKey" => test_pem("p384-server-key.pem"),
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "SUITEB128"
+        },
+        client => {
+            "VerifyCAFile" => test_pem("p384-root.pem"),
+            "SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384"
+        },
+        test   => {
+            "ExpectedServerCertType" => "P-384",
+            "ExpectedServerSignHash" => "SHA384",
+            "ExpectedServerSignType" => "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.2 Ed25519 Client Auth",
+        server => {
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require"
+        },
+        client => {
+            "Ed25519.Certificate" => test_pem("client-ed25519-cert.pem"),
+            "Ed25519.PrivateKey" => test_pem("client-ed25519-key.pem"),
+            "MinProtocol" => "TLSv1.2",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+            "ExpectedClientCertType" => "Ed25519",
+            "ExpectedClientSignType" => "Ed25519",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.2 Ed448 Client Auth",
+        server => {
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require"
+        },
+        client => {
+            "Ed448.Certificate" => test_pem("client-ed448-cert.pem"),
+            "Ed448.PrivateKey" => test_pem("client-ed448-key.pem"),
+            "MinProtocol" => "TLSv1.2",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+            "ExpectedClientCertType" => "Ed448",
+            "ExpectedClientSignType" => "Ed448",
+            "ExpectedResult" => "Success"
+        },
+    },
+);
+
+my @tests_tls_1_1 = (
+    {
+        name => "Only RSA-PSS Certificate, TLS v1.1",
+        server => $server_pss_only,
+        client => {
+            "MaxProtocol" => "TLSv1.1",
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+);
+
+push @tests, @tests_tls_1_1 unless disabled("tls1_1");
+
+my $server_tls_1_3 = {
+    "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
+    "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
+    "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
+    "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
+    "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
+    "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
+    "MinProtocol" => "TLSv1.3",
+    "MaxProtocol" => "TLSv1.3"
+};
+
+my $server_tls_1_3_pss = {
+    "PSS.Certificate" => test_pem("server-pss-cert.pem"),
+    "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
+    "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
+    "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
+    "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
+    "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
+    "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
+    "Ed448.PrivateKey" => test_pem("server-ed449-key.pem"),
+    "MinProtocol" => "TLSv1.3",
+    "MaxProtocol" => "TLSv1.3"
+};
+
+my $client_tls_1_3 = {
+    "RSA.Certificate" => test_pem("ee-client-chain.pem"),
+    "RSA.PrivateKey" => test_pem("ee-key.pem"),
+    "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"),
+    "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"),
+    "MinProtocol" => "TLSv1.3",
+    "MaxProtocol" => "TLSv1.3"
+};
+
+my @tests_tls_1_3 = (
+    {
+        name => "TLS 1.3 ECDSA Signature Algorithm Selection",
+        server => $server_tls_1_3,
+        client => {
+            "SignatureAlgorithms" => "ECDSA+SHA256",
+        },
+        test   => {
+            "ExpectedServerCertType" => "P-256",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "EC",
+            "ExpectedServerCANames" => "empty",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 ECDSA Signature Algorithm Selection compressed point",
+        server => {
+            "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
+            "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3"
+        },
+        client => {
+            "SignatureAlgorithms" => "ECDSA+SHA256",
+        },
+        test   => {
+            "ExpectedServerCertType" => "P-256",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "EC",
+            "ExpectedServerCANames" => "empty",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 ECDSA Signature Algorithm Selection SHA1",
+        server => $server_tls_1_3,
+        client => {
+            "SignatureAlgorithms" => "ECDSA+SHA1",
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+    {
+        name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
+        server => $server_tls_1_3,
+        client => {
+            "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
+            "RequestCAFile" => test_pem("root-cert.pem"),
+        },
+        test   => {
+            "ExpectedServerCertType" => "P-256",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "EC",
+            "ExpectedServerCANames" => test_pem("root-cert.pem"),
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
+        server => $server_tls_1_3,
+        client => {
+            "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
+        },
+        test   => {
+            "ExpectedServerCertType" => "RSA",
+            "ExpectedServerSignHash" => "SHA384",
+            "ExpectedServerSignType" => "RSA-PSS",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3"
+        },
+        client => {
+            "SignatureAlgorithms" => "ECDSA+SHA256",
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+    {
+        name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
+        server => $server_tls_1_3,
+        client => {
+            "SignatureAlgorithms" => "RSA+SHA256",
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+    {
+        name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
+        server => $server_tls_1_3,
+        client => {
+            "SignatureAlgorithms" => "RSA-PSS+SHA256",
+        },
+        test   => {
+            "ExpectedServerCertType" => "RSA",
+            "ExpectedServerSignHash" => "SHA256",
+            "ExpectedServerSignType" => "RSA-PSS",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 Ed25519 Signature Algorithm Selection",
+        server => $server_tls_1_3,
+        client => {
+            "SignatureAlgorithms" => "ed25519",
+        },
+        test   => {
+            "ExpectedServerCertType" => "Ed25519",
+            "ExpectedServerSignType" => "Ed25519",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 Ed448 Signature Algorithm Selection",
+        server => $server_tls_1_3,
+        client => {
+            "SignatureAlgorithms" => "ed448",
+            "VerifyCAFile" => test_pem("root-ed448-cert.pem"),
+        },
+        test   => {
+            "ExpectedServerCertType" => "Ed448",
+            "ExpectedServerSignType" => "Ed448",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 Ed25519 CipherString and Groups Selection",
+        server => $server_tls_1_3,
+        client => {
+            "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
+            # Excluding P-256 from the supported groups list should
+            # mean server still uses a P-256 certificate because supported
+            # groups is not used in signature selection for TLS 1.3
+            "Groups" => "X25519"
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "P-256",
+            "ExpectedServerSignType" =>, "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 Ed448 CipherString and Groups Selection",
+        server => $server_tls_1_3,
+        client => {
+            "SignatureAlgorithms" => "ECDSA+SHA256:ed448",
+            # Excluding P-256 from the supported groups list should
+            # mean server still uses a P-256 certificate because supported
+            # groups is not used in signature selection for TLS 1.3
+            "Groups" => "X448"
+        },
+        test   => {
+            "ExpectedServerCertType" =>, "P-256",
+            "ExpectedServerSignType" =>, "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
+        server => {
+            "ClientSignatureAlgorithms" => "PSS+SHA256",
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require"
+        },
+        client => $client_tls_1_3,
+        test   => {
+            "ExpectedClientCertType" => "RSA",
+            "ExpectedClientSignHash" => "SHA256",
+            "ExpectedClientSignType" => "RSA-PSS",
+            "ExpectedClientCANames" => "empty",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names",
+        server => {
+            "ClientSignatureAlgorithms" => "PSS+SHA256",
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "RequestCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require"
+        },
+        client => $client_tls_1_3,
+        test   => {
+            "ExpectedClientCertType" => "RSA",
+            "ExpectedClientSignHash" => "SHA256",
+            "ExpectedClientSignType" => "RSA-PSS",
+            "ExpectedClientCANames" => test_pem("root-cert.pem"),
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
+        server => {
+            "ClientSignatureAlgorithms" => "ECDSA+SHA256",
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require"
+        },
+        client => $client_tls_1_3,
+        test   => {
+            "ExpectedClientCertType" => "P-256",
+            "ExpectedClientSignHash" => "SHA256",
+            "ExpectedClientSignType" => "EC",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 Ed25519 Client Auth",
+        server => {
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require"
+        },
+        client => {
+            "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"),
+            "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"),
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3"
+        },
+        test   => {
+            "ExpectedClientCertType" => "Ed25519",
+            "ExpectedClientSignType" => "Ed25519",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 Ed448 Client Auth",
+        server => {
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require"
+        },
+        client => {
+            "EdDSA.Certificate" => test_pem("client-ed448-cert.pem"),
+            "EdDSA.PrivateKey" => test_pem("client-ed448-key.pem"),
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3"
+        },
+        test   => {
+            "ExpectedClientCertType" => "Ed448",
+            "ExpectedClientSignType" => "Ed448",
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "TLS 1.3 ECDSA with brainpool",
+        server =>  {
+            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
+            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
+            "Groups" => "brainpoolP256r1",
+        },
+        client => {
+            "RequestCAFile" => test_pem("root-cert.pem"),
+            "Groups" => "brainpoolP256r1",
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3"
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+);
+
+push @tests, @tests_tls_1_3 unless disabled("tls1_3");
+
+my @tests_dsa_tls_1_2 = (
+    {
+        name => "TLS 1.2 DSA Certificate Test",
+        server => {
+            "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
+            "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
+            "DHParameters" => test_pem("dhp2048.pem"),
+            "MinProtocol" => "TLSv1.2",
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ALL",
+        },
+        client => {
+            "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1",
+            "CipherString" => "ALL",
+        },
+        test   => {
+            "ExpectedResult" => "Success"
+        },
+    },
+);
+
+my @tests_dsa_tls_1_3 = (
+    {
+        name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms",
+        server => {
+            "ClientSignatureAlgorithms" => "ECDSA+SHA1:DSA+SHA256:RSA+SHA256",
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Request"
+        },
+        client => {},
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+    {
+        name => "TLS 1.3 DSA Certificate Test",
+        server => {
+            "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
+            "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "CipherString" => "ALL",
+        },
+        client => {
+            "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256:ECDSA+SHA256",
+            "CipherString" => "ALL",
+        },
+        test   => {
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+);
+
+if (!disabled("dsa")) {
+    push @tests, @tests_dsa_tls_1_2 unless disabled("dh");
+    push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3");
+}
diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf

deleted file mode 100644 (file)

index 757b973..0000000
--- a/test/ssl-tests/20-cert-select.conf
+++ /dev/null
@@ -1,1816 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 56
-
-test-0 = 0-ECDSA CipherString Selection
-test-1 = 1-ECDSA CipherString Selection
-test-2 = 2-ECDSA CipherString Selection
-test-3 = 3-Ed25519 CipherString and Signature Algorithm Selection
-test-4 = 4-Ed448 CipherString and Signature Algorithm Selection
-test-5 = 5-ECDSA with brainpool
-test-6 = 6-RSA CipherString Selection
-test-7 = 7-RSA-PSS Certificate CipherString Selection
-test-8 = 8-P-256 CipherString and Signature Algorithm Selection
-test-9 = 9-Ed25519 CipherString and Curves Selection
-test-10 = 10-Ed448 CipherString and Curves Selection
-test-11 = 11-ECDSA CipherString Selection, no ECDSA certificate
-test-12 = 12-ECDSA Signature Algorithm Selection
-test-13 = 13-ECDSA Signature Algorithm Selection SHA384
-test-14 = 14-ECDSA Signature Algorithm Selection SHA1
-test-15 = 15-ECDSA Signature Algorithm Selection compressed point
-test-16 = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate
-test-17 = 17-RSA Signature Algorithm Selection
-test-18 = 18-RSA-PSS Signature Algorithm Selection
-test-19 = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection
-test-20 = 20-RSA-PSS Certificate Unified Signature Algorithm Selection
-test-21 = 21-Only RSA-PSS Certificate
-test-22 = 22-Only RSA-PSS Certificate Valid Signature Algorithms
-test-23 = 23-RSA-PSS Certificate, no PSS signature algorithms
-test-24 = 24-Only RSA-PSS Restricted Certificate
-test-25 = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms
-test-26 = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm
-test-27 = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms
-test-28 = 28-RSA key exchange with all RSA certificate types
-test-29 = 29-RSA key exchange with only RSA-PSS certificate
-test-30 = 30-Suite B P-256 Hash Algorithm Selection
-test-31 = 31-Suite B P-384 Hash Algorithm Selection
-test-32 = 32-TLS 1.2 Ed25519 Client Auth
-test-33 = 33-TLS 1.2 Ed448 Client Auth
-test-34 = 34-Only RSA-PSS Certificate, TLS v1.1
-test-35 = 35-TLS 1.3 ECDSA Signature Algorithm Selection
-test-36 = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point
-test-37 = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1
-test-38 = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS
-test-39 = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS
-test-40 = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate
-test-41 = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS
-test-42 = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection
-test-43 = 43-TLS 1.3 Ed25519 Signature Algorithm Selection
-test-44 = 44-TLS 1.3 Ed448 Signature Algorithm Selection
-test-45 = 45-TLS 1.3 Ed25519 CipherString and Groups Selection
-test-46 = 46-TLS 1.3 Ed448 CipherString and Groups Selection
-test-47 = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection
-test-48 = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names
-test-49 = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection
-test-50 = 50-TLS 1.3 Ed25519 Client Auth
-test-51 = 51-TLS 1.3 Ed448 Client Auth
-test-52 = 52-TLS 1.3 ECDSA with brainpool
-test-53 = 53-TLS 1.2 DSA Certificate Test
-test-54 = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms
-test-55 = 55-TLS 1.3 DSA Certificate Test
-# ===========================================================
-
-[0-ECDSA CipherString Selection]
-ssl_conf = 0-ECDSA CipherString Selection-ssl
-
-[0-ECDSA CipherString Selection-ssl]
-server = 0-ECDSA CipherString Selection-server
-client = 0-ECDSA CipherString Selection-client
-
-[0-ECDSA CipherString Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-ECDSA CipherString Selection-client]
-CipherString = aECDSA
-MaxProtocol = TLSv1.2
-RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-ExpectedServerCANames = empty
-ExpectedServerCertType = P-256
-ExpectedServerSignType = EC
-
-
-# ===========================================================
-
-[1-ECDSA CipherString Selection]
-ssl_conf = 1-ECDSA CipherString Selection-ssl
-
-[1-ECDSA CipherString Selection-ssl]
-server = 1-ECDSA CipherString Selection-server
-client = 1-ECDSA CipherString Selection-client
-
-[1-ECDSA CipherString Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Groups = P-384
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-ECDSA CipherString Selection-client]
-CipherString = aECDSA
-Groups = P-256:P-384
-MaxProtocol = TLSv1.2
-RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = Success
-ExpectedServerCANames = empty
-ExpectedServerCertType = P-256
-ExpectedServerSignType = EC
-
-
-# ===========================================================
-
-[2-ECDSA CipherString Selection]
-ssl_conf = 2-ECDSA CipherString Selection-ssl
-
-[2-ECDSA CipherString Selection-ssl]
-server = 2-ECDSA CipherString Selection-server
-client = 2-ECDSA CipherString Selection-client
-
-[2-ECDSA CipherString Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Groups = P-256:P-384
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-ECDSA CipherString Selection-client]
-CipherString = aECDSA
-Groups = P-384
-MaxProtocol = TLSv1.2
-RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[3-Ed25519 CipherString and Signature Algorithm Selection]
-ssl_conf = 3-Ed25519 CipherString and Signature Algorithm Selection-ssl
-
-[3-Ed25519 CipherString and Signature Algorithm Selection-ssl]
-server = 3-Ed25519 CipherString and Signature Algorithm Selection-server
-client = 3-Ed25519 CipherString and Signature Algorithm Selection-client
-
-[3-Ed25519 CipherString and Signature Algorithm Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-Ed25519 CipherString and Signature Algorithm Selection-client]
-CipherString = aECDSA
-MaxProtocol = TLSv1.2
-RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-SignatureAlgorithms = ed25519:ECDSA+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedResult = Success
-ExpectedServerCANames = empty
-ExpectedServerCertType = Ed25519
-ExpectedServerSignType = Ed25519
-
-
-# ===========================================================
-
-[4-Ed448 CipherString and Signature Algorithm Selection]
-ssl_conf = 4-Ed448 CipherString and Signature Algorithm Selection-ssl
-
-[4-Ed448 CipherString and Signature Algorithm Selection-ssl]
-server = 4-Ed448 CipherString and Signature Algorithm Selection-server
-client = 4-Ed448 CipherString and Signature Algorithm Selection-client
-
-[4-Ed448 CipherString and Signature Algorithm Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-Ed448 CipherString and Signature Algorithm Selection-client]
-CipherString = aECDSA
-MaxProtocol = TLSv1.2
-RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
-SignatureAlgorithms = ed448:ECDSA+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedResult = Success
-ExpectedServerCANames = empty
-ExpectedServerCertType = Ed448
-ExpectedServerSignType = Ed448
-
-
-# ===========================================================
-
-[5-ECDSA with brainpool]
-ssl_conf = 5-ECDSA with brainpool-ssl
-
-[5-ECDSA with brainpool-ssl]
-server = 5-ECDSA with brainpool-server
-client = 5-ECDSA with brainpool-client
-
-[5-ECDSA with brainpool-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
-CipherString = DEFAULT
-Groups = brainpoolP256r1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
-
-[5-ECDSA with brainpool-client]
-CipherString = aECDSA
-Groups = brainpoolP256r1
-RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedResult = Success
-ExpectedServerCANames = empty
-ExpectedServerCertType = brainpoolP256r1
-ExpectedServerSignType = EC
-
-
-# ===========================================================
-
-[6-RSA CipherString Selection]
-ssl_conf = 6-RSA CipherString Selection-ssl
-
-[6-RSA CipherString Selection-ssl]
-server = 6-RSA CipherString Selection-server
-client = 6-RSA CipherString Selection-client
-
-[6-RSA CipherString Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-RSA CipherString Selection-client]
-CipherString = aRSA
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ExpectedResult = Success
-ExpectedServerCertType = RSA
-ExpectedServerSignType = RSA-PSS
-
-
-# ===========================================================
-
-[7-RSA-PSS Certificate CipherString Selection]
-ssl_conf = 7-RSA-PSS Certificate CipherString Selection-ssl
-
-[7-RSA-PSS Certificate CipherString Selection-ssl]
-server = 7-RSA-PSS Certificate CipherString Selection-server
-client = 7-RSA-PSS Certificate CipherString Selection-client
-
-[7-RSA-PSS Certificate CipherString Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.2
-PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
-PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-RSA-PSS Certificate CipherString Selection-client]
-CipherString = aRSA
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-ExpectedResult = Success
-ExpectedServerCertType = RSA-PSS
-ExpectedServerSignType = RSA-PSS
-
-
-# ===========================================================
-
-[8-P-256 CipherString and Signature Algorithm Selection]
-ssl_conf = 8-P-256 CipherString and Signature Algorithm Selection-ssl
-
-[8-P-256 CipherString and Signature Algorithm Selection-ssl]
-server = 8-P-256 CipherString and Signature Algorithm Selection-server
-client = 8-P-256 CipherString and Signature Algorithm Selection-client
-
-[8-P-256 CipherString and Signature Algorithm Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-P-256 CipherString and Signature Algorithm Selection-client]
-CipherString = aECDSA
-MaxProtocol = TLSv1.2
-SignatureAlgorithms = ECDSA+SHA256:ed25519
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-8]
-ExpectedResult = Success
-ExpectedServerCertType = P-256
-ExpectedServerSignHash = SHA256
-ExpectedServerSignType = EC
-
-
-# ===========================================================
-
-[9-Ed25519 CipherString and Curves Selection]
-ssl_conf = 9-Ed25519 CipherString and Curves Selection-ssl
-
-[9-Ed25519 CipherString and Curves Selection-ssl]
-server = 9-Ed25519 CipherString and Curves Selection-server
-client = 9-Ed25519 CipherString and Curves Selection-client
-
-[9-Ed25519 CipherString and Curves Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[9-Ed25519 CipherString and Curves Selection-client]
-CipherString = aECDSA
-Curves = X25519
-MaxProtocol = TLSv1.2
-SignatureAlgorithms = ECDSA+SHA256:ed25519
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-9]
-ExpectedResult = Success
-ExpectedServerCertType = Ed25519
-ExpectedServerSignType = Ed25519
-
-
-# ===========================================================
-
-[10-Ed448 CipherString and Curves Selection]
-ssl_conf = 10-Ed448 CipherString and Curves Selection-ssl
-
-[10-Ed448 CipherString and Curves Selection-ssl]
-server = 10-Ed448 CipherString and Curves Selection-server
-client = 10-Ed448 CipherString and Curves Selection-client
-
-[10-Ed448 CipherString and Curves Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[10-Ed448 CipherString and Curves Selection-client]
-CipherString = aECDSA
-Curves = X448
-MaxProtocol = TLSv1.2
-SignatureAlgorithms = ECDSA+SHA256:ed448
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
-VerifyMode = Peer
-
-[test-10]
-ExpectedResult = Success
-ExpectedServerCertType = Ed448
-ExpectedServerSignType = Ed448
-
-
-# ===========================================================
-
-[11-ECDSA CipherString Selection, no ECDSA certificate]
-ssl_conf = 11-ECDSA CipherString Selection, no ECDSA certificate-ssl
-
-[11-ECDSA CipherString Selection, no ECDSA certificate-ssl]
-server = 11-ECDSA CipherString Selection, no ECDSA certificate-server
-client = 11-ECDSA CipherString Selection, no ECDSA certificate-client
-
-[11-ECDSA CipherString Selection, no ECDSA certificate-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[11-ECDSA CipherString Selection, no ECDSA certificate-client]
-CipherString = aECDSA
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-11]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[12-ECDSA Signature Algorithm Selection]
-ssl_conf = 12-ECDSA Signature Algorithm Selection-ssl
-
-[12-ECDSA Signature Algorithm Selection-ssl]
-server = 12-ECDSA Signature Algorithm Selection-server
-client = 12-ECDSA Signature Algorithm Selection-client
-
-[12-ECDSA Signature Algorithm Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[12-ECDSA Signature Algorithm Selection-client]
-CipherString = DEFAULT
-SignatureAlgorithms = ECDSA+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-12]
-ExpectedResult = Success
-ExpectedServerCertType = P-256
-ExpectedServerSignHash = SHA256
-ExpectedServerSignType = EC
-
-
-# ===========================================================
-
-[13-ECDSA Signature Algorithm Selection SHA384]
-ssl_conf = 13-ECDSA Signature Algorithm Selection SHA384-ssl
-
-[13-ECDSA Signature Algorithm Selection SHA384-ssl]
-server = 13-ECDSA Signature Algorithm Selection SHA384-server
-client = 13-ECDSA Signature Algorithm Selection SHA384-client
-
-[13-ECDSA Signature Algorithm Selection SHA384-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[13-ECDSA Signature Algorithm Selection SHA384-client]
-CipherString = DEFAULT
-SignatureAlgorithms = ECDSA+SHA384
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-13]
-ExpectedResult = Success
-ExpectedServerCertType = P-256
-ExpectedServerSignHash = SHA384
-ExpectedServerSignType = EC
-
-
-# ===========================================================
-
-[14-ECDSA Signature Algorithm Selection SHA1]
-ssl_conf = 14-ECDSA Signature Algorithm Selection SHA1-ssl
-
-[14-ECDSA Signature Algorithm Selection SHA1-ssl]
-server = 14-ECDSA Signature Algorithm Selection SHA1-server
-client = 14-ECDSA Signature Algorithm Selection SHA1-client
-
-[14-ECDSA Signature Algorithm Selection SHA1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[14-ECDSA Signature Algorithm Selection SHA1-client]
-CipherString = DEFAULT
-SignatureAlgorithms = ECDSA+SHA1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-14]
-ExpectedResult = Success
-ExpectedServerCertType = P-256
-ExpectedServerSignHash = SHA1
-ExpectedServerSignType = EC
-
-
-# ===========================================================
-
-[15-ECDSA Signature Algorithm Selection compressed point]
-ssl_conf = 15-ECDSA Signature Algorithm Selection compressed point-ssl
-
-[15-ECDSA Signature Algorithm Selection compressed point-ssl]
-server = 15-ECDSA Signature Algorithm Selection compressed point-server
-client = 15-ECDSA Signature Algorithm Selection compressed point-client
-
-[15-ECDSA Signature Algorithm Selection compressed point-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[15-ECDSA Signature Algorithm Selection compressed point-client]
-CipherString = DEFAULT
-SignatureAlgorithms = ECDSA+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-15]
-ExpectedResult = Success
-ExpectedServerCertType = P-256
-ExpectedServerSignHash = SHA256
-ExpectedServerSignType = EC
-
-
-# ===========================================================
-
-[16-ECDSA Signature Algorithm Selection, no ECDSA certificate]
-ssl_conf = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
-
-[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
-server = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server
-client = 16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client
-
-[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[16-ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
-CipherString = DEFAULT
-SignatureAlgorithms = ECDSA+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-16]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[17-RSA Signature Algorithm Selection]
-ssl_conf = 17-RSA Signature Algorithm Selection-ssl
-
-[17-RSA Signature Algorithm Selection-ssl]
-server = 17-RSA Signature Algorithm Selection-server
-client = 17-RSA Signature Algorithm Selection-client
-
-[17-RSA Signature Algorithm Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[17-RSA Signature Algorithm Selection-client]
-CipherString = DEFAULT
-SignatureAlgorithms = RSA+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-17]
-ExpectedResult = Success
-ExpectedServerCertType = RSA
-ExpectedServerSignHash = SHA256
-ExpectedServerSignType = RSA
-
-
-# ===========================================================
-
-[18-RSA-PSS Signature Algorithm Selection]
-ssl_conf = 18-RSA-PSS Signature Algorithm Selection-ssl
-
-[18-RSA-PSS Signature Algorithm Selection-ssl]
-server = 18-RSA-PSS Signature Algorithm Selection-server
-client = 18-RSA-PSS Signature Algorithm Selection-client
-
-[18-RSA-PSS Signature Algorithm Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[18-RSA-PSS Signature Algorithm Selection-client]
-CipherString = DEFAULT
-SignatureAlgorithms = RSA-PSS+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-18]
-ExpectedResult = Success
-ExpectedServerCertType = RSA
-ExpectedServerSignHash = SHA256
-ExpectedServerSignType = RSA-PSS
-
-
-# ===========================================================
-
-[19-RSA-PSS Certificate Legacy Signature Algorithm Selection]
-ssl_conf = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl
-
-[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-ssl]
-server = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server
-client = 19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client
-
-[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.2
-PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
-PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[19-RSA-PSS Certificate Legacy Signature Algorithm Selection-client]
-CipherString = DEFAULT
-SignatureAlgorithms = RSA-PSS+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-19]
-ExpectedResult = Success
-ExpectedServerCertType = RSA
-ExpectedServerSignHash = SHA256
-ExpectedServerSignType = RSA-PSS
-
-
-# ===========================================================
-
-[20-RSA-PSS Certificate Unified Signature Algorithm Selection]
-ssl_conf = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl
-
-[20-RSA-PSS Certificate Unified Signature Algorithm Selection-ssl]
-server = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-server
-client = 20-RSA-PSS Certificate Unified Signature Algorithm Selection-client
-
-[20-RSA-PSS Certificate Unified Signature Algorithm Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.2
-PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
-PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[20-RSA-PSS Certificate Unified Signature Algorithm Selection-client]
-CipherString = DEFAULT
-SignatureAlgorithms = rsa_pss_pss_sha256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-20]
-ExpectedResult = Success
-ExpectedServerCertType = RSA-PSS
-ExpectedServerSignHash = SHA256
-ExpectedServerSignType = RSA-PSS
-
-
-# ===========================================================
-
-[21-Only RSA-PSS Certificate]
-ssl_conf = 21-Only RSA-PSS Certificate-ssl
-
-[21-Only RSA-PSS Certificate-ssl]
-server = 21-Only RSA-PSS Certificate-server
-client = 21-Only RSA-PSS Certificate-client
-
-[21-Only RSA-PSS Certificate-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
-
-[21-Only RSA-PSS Certificate-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-21]
-ExpectedResult = Success
-ExpectedServerCertType = RSA-PSS
-ExpectedServerSignHash = SHA256
-ExpectedServerSignType = RSA-PSS
-
-
-# ===========================================================
-
-[22-Only RSA-PSS Certificate Valid Signature Algorithms]
-ssl_conf = 22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl
-
-[22-Only RSA-PSS Certificate Valid Signature Algorithms-ssl]
-server = 22-Only RSA-PSS Certificate Valid Signature Algorithms-server
-client = 22-Only RSA-PSS Certificate Valid Signature Algorithms-client
-
-[22-Only RSA-PSS Certificate Valid Signature Algorithms-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
-
-[22-Only RSA-PSS Certificate Valid Signature Algorithms-client]
-CipherString = DEFAULT
-SignatureAlgorithms = rsa_pss_pss_sha512
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-22]
-ExpectedResult = Success
-ExpectedServerCertType = RSA-PSS
-ExpectedServerSignHash = SHA512
-ExpectedServerSignType = RSA-PSS
-
-
-# ===========================================================
-
-[23-RSA-PSS Certificate, no PSS signature algorithms]
-ssl_conf = 23-RSA-PSS Certificate, no PSS signature algorithms-ssl
-
-[23-RSA-PSS Certificate, no PSS signature algorithms-ssl]
-server = 23-RSA-PSS Certificate, no PSS signature algorithms-server
-client = 23-RSA-PSS Certificate, no PSS signature algorithms-client
-
-[23-RSA-PSS Certificate, no PSS signature algorithms-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
-
-[23-RSA-PSS Certificate, no PSS signature algorithms-client]
-CipherString = DEFAULT
-SignatureAlgorithms = RSA+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-23]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[24-Only RSA-PSS Restricted Certificate]
-ssl_conf = 24-Only RSA-PSS Restricted Certificate-ssl
-
-[24-Only RSA-PSS Restricted Certificate-ssl]
-server = 24-Only RSA-PSS Restricted Certificate-server
-client = 24-Only RSA-PSS Restricted Certificate-client
-
-[24-Only RSA-PSS Restricted Certificate-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
-
-[24-Only RSA-PSS Restricted Certificate-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-24]
-ExpectedResult = Success
-ExpectedServerCertType = RSA-PSS
-ExpectedServerSignHash = SHA256
-ExpectedServerSignType = RSA-PSS
-
-
-# ===========================================================
-
-[25-RSA-PSS Restricted Certificate Valid Signature Algorithms]
-ssl_conf = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl
-
-[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl]
-server = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server
-client = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client
-
-[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
-
-[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client]
-CipherString = DEFAULT
-SignatureAlgorithms = rsa_pss_pss_sha256:rsa_pss_pss_sha512
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-25]
-ExpectedResult = Success
-ExpectedServerCertType = RSA-PSS
-ExpectedServerSignHash = SHA256
-ExpectedServerSignType = RSA-PSS
-
-
-# ===========================================================
-
-[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm]
-ssl_conf = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl
-
-[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl]
-server = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server
-client = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client
-
-[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
-
-[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client]
-CipherString = DEFAULT
-SignatureAlgorithms = rsa_pss_pss_sha512:rsa_pss_pss_sha256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-26]
-ExpectedResult = Success
-ExpectedServerCertType = RSA-PSS
-ExpectedServerSignHash = SHA256
-ExpectedServerSignType = RSA-PSS
-
-
-# ===========================================================
-
-[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms]
-ssl_conf = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl
-
-[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl]
-server = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server
-client = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client
-
-[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
-
-[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client]
-CipherString = DEFAULT
-SignatureAlgorithms = rsa_pss_pss_sha512
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-27]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[28-RSA key exchange with all RSA certificate types]
-ssl_conf = 28-RSA key exchange with all RSA certificate types-ssl
-
-[28-RSA key exchange with all RSA certificate types-ssl]
-server = 28-RSA key exchange with all RSA certificate types-server
-client = 28-RSA key exchange with all RSA certificate types-client
-
-[28-RSA key exchange with all RSA certificate types-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PSS.Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
-PSS.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[28-RSA key exchange with all RSA certificate types-client]
-CipherString = kRSA
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-28]
-ExpectedResult = Success
-ExpectedServerCertType = RSA
-
-
-# ===========================================================
-
-[29-RSA key exchange with only RSA-PSS certificate]
-ssl_conf = 29-RSA key exchange with only RSA-PSS certificate-ssl
-
-[29-RSA key exchange with only RSA-PSS certificate-ssl]
-server = 29-RSA key exchange with only RSA-PSS certificate-server
-client = 29-RSA key exchange with only RSA-PSS certificate-client
-
-[29-RSA key exchange with only RSA-PSS certificate-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
-
-[29-RSA key exchange with only RSA-PSS certificate-client]
-CipherString = kRSA
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-29]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[30-Suite B P-256 Hash Algorithm Selection]
-ssl_conf = 30-Suite B P-256 Hash Algorithm Selection-ssl
-
-[30-Suite B P-256 Hash Algorithm Selection-ssl]
-server = 30-Suite B P-256 Hash Algorithm Selection-server
-client = 30-Suite B P-256 Hash Algorithm Selection-client
-
-[30-Suite B P-256 Hash Algorithm Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = SUITEB128
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p256-server-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p256-server-key.pem
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[30-Suite B P-256 Hash Algorithm Selection-client]
-CipherString = DEFAULT
-SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
-VerifyMode = Peer
-
-[test-30]
-ExpectedResult = Success
-ExpectedServerCertType = P-256
-ExpectedServerSignHash = SHA256
-ExpectedServerSignType = EC
-
-
-# ===========================================================
-
-[31-Suite B P-384 Hash Algorithm Selection]
-ssl_conf = 31-Suite B P-384 Hash Algorithm Selection-ssl
-
-[31-Suite B P-384 Hash Algorithm Selection-ssl]
-server = 31-Suite B P-384 Hash Algorithm Selection-server
-client = 31-Suite B P-384 Hash Algorithm Selection-client
-
-[31-Suite B P-384 Hash Algorithm Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = SUITEB128
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[31-Suite B P-384 Hash Algorithm Selection-client]
-CipherString = DEFAULT
-SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
-VerifyMode = Peer
-
-[test-31]
-ExpectedResult = Success
-ExpectedServerCertType = P-384
-ExpectedServerSignHash = SHA384
-ExpectedServerSignType = EC
-
-
-# ===========================================================
-
-[32-TLS 1.2 Ed25519 Client Auth]
-ssl_conf = 32-TLS 1.2 Ed25519 Client Auth-ssl
-
-[32-TLS 1.2 Ed25519 Client Auth-ssl]
-server = 32-TLS 1.2 Ed25519 Client Auth-server
-client = 32-TLS 1.2 Ed25519 Client Auth-client
-
-[32-TLS 1.2 Ed25519 Client Auth-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-[32-TLS 1.2 Ed25519 Client Auth-client]
-CipherString = DEFAULT
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-32]
-ExpectedClientCertType = Ed25519
-ExpectedClientSignType = Ed25519
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[33-TLS 1.2 Ed448 Client Auth]
-ssl_conf = 33-TLS 1.2 Ed448 Client Auth-ssl
-
-[33-TLS 1.2 Ed448 Client Auth-ssl]
-server = 33-TLS 1.2 Ed448 Client Auth-server
-client = 33-TLS 1.2 Ed448 Client Auth-client
-
-[33-TLS 1.2 Ed448 Client Auth-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-[33-TLS 1.2 Ed448 Client Auth-client]
-CipherString = DEFAULT
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-33]
-ExpectedClientCertType = Ed448
-ExpectedClientSignType = Ed448
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[34-Only RSA-PSS Certificate, TLS v1.1]
-ssl_conf = 34-Only RSA-PSS Certificate, TLS v1.1-ssl
-
-[34-Only RSA-PSS Certificate, TLS v1.1-ssl]
-server = 34-Only RSA-PSS Certificate, TLS v1.1-server
-client = 34-Only RSA-PSS Certificate, TLS v1.1-client
-
-[34-Only RSA-PSS Certificate, TLS v1.1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
-
-[34-Only RSA-PSS Certificate, TLS v1.1-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-34]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[35-TLS 1.3 ECDSA Signature Algorithm Selection]
-ssl_conf = 35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl
-
-[35-TLS 1.3 ECDSA Signature Algorithm Selection-ssl]
-server = 35-TLS 1.3 ECDSA Signature Algorithm Selection-server
-client = 35-TLS 1.3 ECDSA Signature Algorithm Selection-client
-
-[35-TLS 1.3 ECDSA Signature Algorithm Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[35-TLS 1.3 ECDSA Signature Algorithm Selection-client]
-CipherString = DEFAULT
-SignatureAlgorithms = ECDSA+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-35]
-ExpectedResult = Success
-ExpectedServerCANames = empty
-ExpectedServerCertType = P-256
-ExpectedServerSignHash = SHA256
-ExpectedServerSignType = EC
-
-
-# ===========================================================
-
-[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point]
-ssl_conf = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl
-
-[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-ssl]
-server = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server
-client = 36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client
-
-[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-cecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-cecdsa-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[36-TLS 1.3 ECDSA Signature Algorithm Selection compressed point-client]
-CipherString = DEFAULT
-SignatureAlgorithms = ECDSA+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-36]
-ExpectedResult = Success
-ExpectedServerCANames = empty
-ExpectedServerCertType = P-256
-ExpectedServerSignHash = SHA256
-ExpectedServerSignType = EC
-
-
-# ===========================================================
-
-[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1]
-ssl_conf = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl
-
-[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-ssl]
-server = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server
-client = 37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client
-
-[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[37-TLS 1.3 ECDSA Signature Algorithm Selection SHA1-client]
-CipherString = DEFAULT
-SignatureAlgorithms = ECDSA+SHA1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-37]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS]
-ssl_conf = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl
-
-[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-ssl]
-server = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server
-client = 38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client
-
-[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[38-TLS 1.3 ECDSA Signature Algorithm Selection with PSS-client]
-CipherString = DEFAULT
-RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-SignatureAlgorithms = ECDSA+SHA256:RSA-PSS+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-38]
-ExpectedResult = Success
-ExpectedServerCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-ExpectedServerCertType = P-256
-ExpectedServerSignHash = SHA256
-ExpectedServerSignType = EC
-
-
-# ===========================================================
-
-[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS]
-ssl_conf = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl
-
-[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-ssl]
-server = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server
-client = 39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client
-
-[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[39-TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS-client]
-CipherString = DEFAULT
-SignatureAlgorithms = ECDSA+SHA384:RSA-PSS+SHA384
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-39]
-ExpectedResult = Success
-ExpectedServerCertType = RSA
-ExpectedServerSignHash = SHA384
-ExpectedServerSignType = RSA-PSS
-
-
-# ===========================================================
-
-[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate]
-ssl_conf = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl
-
-[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-ssl]
-server = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server
-client = 40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client
-
-[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[40-TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate-client]
-CipherString = DEFAULT
-SignatureAlgorithms = ECDSA+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-40]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS]
-ssl_conf = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl
-
-[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-ssl]
-server = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server
-client = 41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client
-
-[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[41-TLS 1.3 RSA Signature Algorithm Selection, no PSS-client]
-CipherString = DEFAULT
-SignatureAlgorithms = RSA+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-41]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[42-TLS 1.3 RSA-PSS Signature Algorithm Selection]
-ssl_conf = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl
-
-[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-ssl]
-server = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server
-client = 42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client
-
-[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[42-TLS 1.3 RSA-PSS Signature Algorithm Selection-client]
-CipherString = DEFAULT
-SignatureAlgorithms = RSA-PSS+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-42]
-ExpectedResult = Success
-ExpectedServerCertType = RSA
-ExpectedServerSignHash = SHA256
-ExpectedServerSignType = RSA-PSS
-
-
-# ===========================================================
-
-[43-TLS 1.3 Ed25519 Signature Algorithm Selection]
-ssl_conf = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl
-
-[43-TLS 1.3 Ed25519 Signature Algorithm Selection-ssl]
-server = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-server
-client = 43-TLS 1.3 Ed25519 Signature Algorithm Selection-client
-
-[43-TLS 1.3 Ed25519 Signature Algorithm Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[43-TLS 1.3 Ed25519 Signature Algorithm Selection-client]
-CipherString = DEFAULT
-SignatureAlgorithms = ed25519
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-43]
-ExpectedResult = Success
-ExpectedServerCertType = Ed25519
-ExpectedServerSignType = Ed25519
-
-
-# ===========================================================
-
-[44-TLS 1.3 Ed448 Signature Algorithm Selection]
-ssl_conf = 44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl
-
-[44-TLS 1.3 Ed448 Signature Algorithm Selection-ssl]
-server = 44-TLS 1.3 Ed448 Signature Algorithm Selection-server
-client = 44-TLS 1.3 Ed448 Signature Algorithm Selection-client
-
-[44-TLS 1.3 Ed448 Signature Algorithm Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[44-TLS 1.3 Ed448 Signature Algorithm Selection-client]
-CipherString = DEFAULT
-SignatureAlgorithms = ed448
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
-VerifyMode = Peer
-
-[test-44]
-ExpectedResult = Success
-ExpectedServerCertType = Ed448
-ExpectedServerSignType = Ed448
-
-
-# ===========================================================
-
-[45-TLS 1.3 Ed25519 CipherString and Groups Selection]
-ssl_conf = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl
-
-[45-TLS 1.3 Ed25519 CipherString and Groups Selection-ssl]
-server = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-server
-client = 45-TLS 1.3 Ed25519 CipherString and Groups Selection-client
-
-[45-TLS 1.3 Ed25519 CipherString and Groups Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[45-TLS 1.3 Ed25519 CipherString and Groups Selection-client]
-CipherString = DEFAULT
-Groups = X25519
-SignatureAlgorithms = ECDSA+SHA256:ed25519
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-45]
-ExpectedResult = Success
-ExpectedServerCertType = P-256
-ExpectedServerSignType = EC
-
-
-# ===========================================================
-
-[46-TLS 1.3 Ed448 CipherString and Groups Selection]
-ssl_conf = 46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl
-
-[46-TLS 1.3 Ed448 CipherString and Groups Selection-ssl]
-server = 46-TLS 1.3 Ed448 CipherString and Groups Selection-server
-client = 46-TLS 1.3 Ed448 CipherString and Groups Selection-client
-
-[46-TLS 1.3 Ed448 CipherString and Groups Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem
-Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem
-Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem
-Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[46-TLS 1.3 Ed448 CipherString and Groups Selection-client]
-CipherString = DEFAULT
-Groups = X448
-SignatureAlgorithms = ECDSA+SHA256:ed448
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-46]
-ExpectedResult = Success
-ExpectedServerCertType = P-256
-ExpectedServerSignType = EC
-
-
-# ===========================================================
-
-[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection]
-ssl_conf = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl
-
-[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-ssl]
-server = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server
-client = 47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client
-
-[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ClientSignatureAlgorithms = PSS+SHA256
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-[47-TLS 1.3 RSA Client Auth Signature Algorithm Selection-client]
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-47]
-ExpectedClientCANames = empty
-ExpectedClientCertType = RSA
-ExpectedClientSignHash = SHA256
-ExpectedClientSignType = RSA-PSS
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names]
-ssl_conf = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl
-
-[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-ssl]
-server = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server
-client = 48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client
-
-[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ClientSignatureAlgorithms = PSS+SHA256
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-[48-TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names-client]
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-48]
-ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-ExpectedClientCertType = RSA
-ExpectedClientSignHash = SHA256
-ExpectedClientSignType = RSA-PSS
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection]
-ssl_conf = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl
-
-[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-ssl]
-server = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server
-client = 49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client
-
-[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ClientSignatureAlgorithms = ECDSA+SHA256
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-[49-TLS 1.3 ECDSA Client Auth Signature Algorithm Selection-client]
-CipherString = DEFAULT
-ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-client-chain.pem
-ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-ecdsa-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-RSA.Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-RSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-49]
-ExpectedClientCertType = P-256
-ExpectedClientSignHash = SHA256
-ExpectedClientSignType = EC
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[50-TLS 1.3 Ed25519 Client Auth]
-ssl_conf = 50-TLS 1.3 Ed25519 Client Auth-ssl
-
-[50-TLS 1.3 Ed25519 Client Auth-ssl]
-server = 50-TLS 1.3 Ed25519 Client Auth-server
-client = 50-TLS 1.3 Ed25519 Client Auth-client
-
-[50-TLS 1.3 Ed25519 Client Auth-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-[50-TLS 1.3 Ed25519 Client Auth-client]
-CipherString = DEFAULT
-EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem
-EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed25519-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-50]
-ExpectedClientCertType = Ed25519
-ExpectedClientSignType = Ed25519
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[51-TLS 1.3 Ed448 Client Auth]
-ssl_conf = 51-TLS 1.3 Ed448 Client Auth-ssl
-
-[51-TLS 1.3 Ed448 Client Auth-ssl]
-server = 51-TLS 1.3 Ed448 Client Auth-server
-client = 51-TLS 1.3 Ed448 Client Auth-client
-
-[51-TLS 1.3 Ed448 Client Auth-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-[51-TLS 1.3 Ed448 Client Auth-client]
-CipherString = DEFAULT
-EdDSA.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem
-EdDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/client-ed448-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-51]
-ExpectedClientCertType = Ed448
-ExpectedClientSignType = Ed448
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[52-TLS 1.3 ECDSA with brainpool]
-ssl_conf = 52-TLS 1.3 ECDSA with brainpool-ssl
-
-[52-TLS 1.3 ECDSA with brainpool-ssl]
-server = 52-TLS 1.3 ECDSA with brainpool-server
-client = 52-TLS 1.3 ECDSA with brainpool-client
-
-[52-TLS 1.3 ECDSA with brainpool-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem
-CipherString = DEFAULT
-Groups = brainpoolP256r1
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem
-
-[52-TLS 1.3 ECDSA with brainpool-client]
-CipherString = DEFAULT
-Groups = brainpoolP256r1
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-52]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[53-TLS 1.2 DSA Certificate Test]
-ssl_conf = 53-TLS 1.2 DSA Certificate Test-ssl
-
-[53-TLS 1.2 DSA Certificate Test-ssl]
-server = 53-TLS 1.2 DSA Certificate Test-server
-client = 53-TLS 1.2 DSA Certificate Test-client
-
-[53-TLS 1.2 DSA Certificate Test-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = ALL
-DHParameters = ${ENV::TEST_CERTS_DIR}/dhp2048.pem
-DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
-DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
-MaxProtocol = TLSv1.2
-MinProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[53-TLS 1.2 DSA Certificate Test-client]
-CipherString = ALL
-SignatureAlgorithms = DSA+SHA256:DSA+SHA1
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-53]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms]
-ssl_conf = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl
-
-[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-ssl]
-server = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server
-client = 54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client
-
-[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ClientSignatureAlgorithms = ECDSA+SHA1:DSA+SHA256:RSA+SHA256
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-[54-TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-54]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[55-TLS 1.3 DSA Certificate Test]
-ssl_conf = 55-TLS 1.3 DSA Certificate Test-ssl
-
-[55-TLS 1.3 DSA Certificate Test-ssl]
-server = 55-TLS 1.3 DSA Certificate Test-server
-client = 55-TLS 1.3 DSA Certificate Test-client
-
-[55-TLS 1.3 DSA Certificate Test-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = ALL
-DSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-dsa-cert.pem
-DSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-dsa-key.pem
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[55-TLS 1.3 DSA Certificate Test-client]
-CipherString = ALL
-SignatureAlgorithms = DSA+SHA1:DSA+SHA256:ECDSA+SHA256
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-55]
-ExpectedResult = ServerFail
-
-
diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in

deleted file mode 100644 (file)

index 2409354..0000000
--- a/test/ssl-tests/20-cert-select.conf.in
+++ /dev/null
@@ -1,933 +0,0 @@
-# -*- mode: perl; -*-
-
-## SSL test configurations
-
-
-use strict;
-use warnings;
-
-package ssltests;
-use OpenSSL::Test::Utils;
-
-my $server = {
-    "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
-    "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
-    "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
-    "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
-    "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
-    "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
-    "MaxProtocol" => "TLSv1.2"
-};
-
-my $server_pss = {
-    "PSS.Certificate" => test_pem("server-pss-cert.pem"),
-    "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
-    "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
-    "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
-    "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
-    "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
-    "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
-    "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
-    "MaxProtocol" => "TLSv1.2"
-};
-
-my $server_pss_only = {
-    "Certificate" => test_pem("server-pss-cert.pem"),
-    "PrivateKey" => test_pem("server-pss-key.pem"),
-};
-
-my $server_pss_restrict_only = {
-    "Certificate" => test_pem("server-pss-restrict-cert.pem"),
-    "PrivateKey" => test_pem("server-pss-restrict-key.pem"),
-};
-
-
-my $server_rsa_all = {
-    "PSS.Certificate" => test_pem("server-pss-cert.pem"),
-    "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
-    "Certificate" => test_pem("servercert.pem"),
-    "PrivateKey" => test_pem("serverkey.pem"),
-};
-
-our @tests = (
-    {
-        name => "ECDSA CipherString Selection",
-        server => $server,
-        client => {
-            "CipherString" => "aECDSA",
-            "MaxProtocol" => "TLSv1.2",
-            "RequestCAFile" => test_pem("root-cert.pem"),
-        },
-        test   => {
-            "ExpectedServerCertType" =>, "P-256",
-            "ExpectedServerSignType" =>, "EC",
-            # Note: certificate_authorities not sent for TLS < 1.3
-            "ExpectedServerCANames" =>, "empty",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "ECDSA CipherString Selection",
-        server => {
-            "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
-            "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
-            "MaxProtocol" => "TLSv1.2",
-            #Deliberately set supported_groups to one not in the cert. This
-            #should be tolerated
-            "Groups" => "P-384"
-        },
-        client => {
-            "CipherString" => "aECDSA",
-            "MaxProtocol" => "TLSv1.2",
-            "Groups" => "P-256:P-384",
-            "RequestCAFile" => test_pem("root-cert.pem"),
-        },
-        test   => {
-            "ExpectedServerCertType" =>, "P-256",
-            "ExpectedServerSignType" =>, "EC",
-            # Note: certificate_authorities not sent for TLS < 1.3
-            "ExpectedServerCANames" =>, "empty",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "ECDSA CipherString Selection",
-        server => {
-            "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
-            "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
-            "MaxProtocol" => "TLSv1.2",
-            "Groups" => "P-256:P-384"
-        },
-        client => {
-            "CipherString" => "aECDSA",
-            "MaxProtocol" => "TLSv1.2",
-            #Deliberately set groups to not include the certificate group. This
-            #should fail
-            "Groups" => "P-384",
-            "RequestCAFile" => test_pem("root-cert.pem"),
-        },
-        test   => {
-            "ExpectedResult" => "ServerFail"
-        },
-    },
-    {
-        name => "Ed25519 CipherString and Signature Algorithm Selection",
-        server => $server,
-        client => {
-            "CipherString" => "aECDSA",
-            "MaxProtocol" => "TLSv1.2",
-            "SignatureAlgorithms" => "ed25519:ECDSA+SHA256",
-            "RequestCAFile" => test_pem("root-cert.pem"),
-        },
-        test   => {
-            "ExpectedServerCertType" =>, "Ed25519",
-            "ExpectedServerSignType" =>, "Ed25519",
-            # Note: certificate_authorities not sent for TLS < 1.3
-            "ExpectedServerCANames" =>, "empty",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "Ed448 CipherString and Signature Algorithm Selection",
-        server => $server,
-        client => {
-            "CipherString" => "aECDSA",
-            "MaxProtocol" => "TLSv1.2",
-            "SignatureAlgorithms" => "ed448:ECDSA+SHA256",
-            "RequestCAFile" => test_pem("root-ed448-cert.pem"),
-            "VerifyCAFile" => test_pem("root-ed448-cert.pem"),
-        },
-        test   => {
-            "ExpectedServerCertType" =>, "Ed448",
-            "ExpectedServerSignType" =>, "Ed448",
-            # Note: certificate_authorities not sent for TLS < 1.3
-            "ExpectedServerCANames" =>, "empty",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "ECDSA with brainpool",
-        server =>  {
-            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
-            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
-            "Groups" => "brainpoolP256r1",
-        },
-        client => {
-            #We don't restrict this to TLSv1.2, although use of brainpool
-            #should force this anyway so that this should succeed
-            "CipherString" => "aECDSA",
-            "RequestCAFile" => test_pem("root-cert.pem"),
-            "Groups" => "brainpoolP256r1",
-        },
-        test   => {
-            "ExpectedServerCertType" =>, "brainpoolP256r1",
-            "ExpectedServerSignType" =>, "EC",
-            # Note: certificate_authorities not sent for TLS < 1.3
-            "ExpectedServerCANames" =>, "empty",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "RSA CipherString Selection",
-        server => $server,
-        client => {
-            "CipherString" => "aRSA",
-            "MaxProtocol" => "TLSv1.2",
-        },
-        test   => {
-            "ExpectedServerCertType" =>, "RSA",
-            "ExpectedServerSignType" =>, "RSA-PSS",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "RSA-PSS Certificate CipherString Selection",
-        server => $server_pss,
-        client => {
-            "CipherString" => "aRSA",
-            "MaxProtocol" => "TLSv1.2",
-        },
-        test   => {
-            "ExpectedServerCertType" =>, "RSA-PSS",
-            "ExpectedServerSignType" =>, "RSA-PSS",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "P-256 CipherString and Signature Algorithm Selection",
-        server => $server,
-        client => {
-            "CipherString" => "aECDSA",
-            "MaxProtocol" => "TLSv1.2",
-            "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
-        },
-        test   => {
-            "ExpectedServerCertType" => "P-256",
-            "ExpectedServerSignHash" => "SHA256",
-            "ExpectedServerSignType" => "EC",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "Ed25519 CipherString and Curves Selection",
-        server => $server,
-        client => {
-            "CipherString" => "aECDSA",
-            "MaxProtocol" => "TLSv1.2",
-            "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
-            # Excluding P-256 from the supported curves list means server
-            # certificate should be Ed25519 and not P-256
-            "Curves" => "X25519"
-        },
-        test   => {
-            "ExpectedServerCertType" =>, "Ed25519",
-            "ExpectedServerSignType" =>, "Ed25519",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "Ed448 CipherString and Curves Selection",
-        server => $server,
-        client => {
-            "CipherString" => "aECDSA",
-            "MaxProtocol" => "TLSv1.2",
-            "SignatureAlgorithms" => "ECDSA+SHA256:ed448",
-            "VerifyCAFile" => test_pem("root-ed448-cert.pem"),
-            # Excluding P-256 from the supported curves list means server
-            # certificate should be Ed25519 and not P-256
-            "Curves" => "X448"
-        },
-        test   => {
-            "ExpectedServerCertType" =>, "Ed448",
-            "ExpectedServerSignType" =>, "Ed448",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "ECDSA CipherString Selection, no ECDSA certificate",
-        server => {
-            "MaxProtocol" => "TLSv1.2"
-        },
-        client => {
-            "CipherString" => "aECDSA",
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test   => {
-            "ExpectedResult" => "ServerFail"
-        },
-    },
-    {
-        name => "ECDSA Signature Algorithm Selection",
-        server => $server,
-        client => {
-            "SignatureAlgorithms" => "ECDSA+SHA256",
-        },
-        test   => {
-            "ExpectedServerCertType" => "P-256",
-            "ExpectedServerSignHash" => "SHA256",
-            "ExpectedServerSignType" => "EC",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "ECDSA Signature Algorithm Selection SHA384",
-        server => $server,
-        client => {
-            "SignatureAlgorithms" => "ECDSA+SHA384",
-        },
-        test   => {
-            "ExpectedServerCertType" => "P-256",
-            "ExpectedServerSignHash" => "SHA384",
-            "ExpectedServerSignType" => "EC",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "ECDSA Signature Algorithm Selection SHA1",
-        server => $server,
-        client => {
-            "SignatureAlgorithms" => "ECDSA+SHA1",
-        },
-        test   => {
-            "ExpectedServerCertType" => "P-256",
-            "ExpectedServerSignHash" => "SHA1",
-            "ExpectedServerSignType" => "EC",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "ECDSA Signature Algorithm Selection compressed point",
-        server => {
-            "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
-            "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
-            "MaxProtocol" => "TLSv1.2"
-        },
-        client => {
-            "SignatureAlgorithms" => "ECDSA+SHA256",
-        },
-        test   => {
-            "ExpectedServerCertType" => "P-256",
-            "ExpectedServerSignHash" => "SHA256",
-            "ExpectedServerSignType" => "EC",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "ECDSA Signature Algorithm Selection, no ECDSA certificate",
-        server => {
-             "MaxProtocol" => "TLSv1.2"
-        },
-        client => {
-            "SignatureAlgorithms" => "ECDSA+SHA256",
-        },
-        test   => {
-            "ExpectedResult" => "ServerFail"
-        },
-    },
-    {
-        name => "RSA Signature Algorithm Selection",
-        server => $server,
-        client => {
-            "SignatureAlgorithms" => "RSA+SHA256",
-        },
-        test   => {
-            "ExpectedServerCertType" => "RSA",
-            "ExpectedServerSignHash" => "SHA256",
-            "ExpectedServerSignType" => "RSA",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "RSA-PSS Signature Algorithm Selection",
-        server => $server,
-        client => {
-            "SignatureAlgorithms" => "RSA-PSS+SHA256",
-        },
-        test   => {
-            "ExpectedServerCertType" => "RSA",
-            "ExpectedServerSignHash" => "SHA256",
-            "ExpectedServerSignType" => "RSA-PSS",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "RSA-PSS Certificate Legacy Signature Algorithm Selection",
-        server => $server_pss,
-        client => {
-            "SignatureAlgorithms" => "RSA-PSS+SHA256",
-        },
-        test   => {
-            "ExpectedServerCertType" => "RSA",
-            "ExpectedServerSignHash" => "SHA256",
-            "ExpectedServerSignType" => "RSA-PSS",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "RSA-PSS Certificate Unified Signature Algorithm Selection",
-        server => $server_pss,
-        client => {
-            "SignatureAlgorithms" => "rsa_pss_pss_sha256",
-        },
-        test   => {
-            "ExpectedServerCertType" => "RSA-PSS",
-            "ExpectedServerSignHash" => "SHA256",
-            "ExpectedServerSignType" => "RSA-PSS",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "Only RSA-PSS Certificate",
-        server => $server_pss_only,
-        client => {},
-        test   => {
-            "ExpectedServerCertType" => "RSA-PSS",
-            "ExpectedServerSignHash" => "SHA256",
-            "ExpectedServerSignType" => "RSA-PSS",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "Only RSA-PSS Certificate Valid Signature Algorithms",
-        server => $server_pss_only,
-        client => {
-            "SignatureAlgorithms" => "rsa_pss_pss_sha512",
-        },
-        test   => {
-            "ExpectedServerCertType" => "RSA-PSS",
-            "ExpectedServerSignHash" => "SHA512",
-            "ExpectedServerSignType" => "RSA-PSS",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "RSA-PSS Certificate, no PSS signature algorithms",
-        server => $server_pss_only,
-        client => {
-            "SignatureAlgorithms" => "RSA+SHA256",
-        },
-        test   => {
-            "ExpectedResult" => "ServerFail"
-        },
-    },
-    {
-        name => "Only RSA-PSS Restricted Certificate",
-        server => $server_pss_restrict_only,
-        client => {},
-        test   => {
-            "ExpectedServerCertType" => "RSA-PSS",
-            "ExpectedServerSignHash" => "SHA256",
-            "ExpectedServerSignType" => "RSA-PSS",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "RSA-PSS Restricted Certificate Valid Signature Algorithms",
-        server => $server_pss_restrict_only,
-        client => {
-            "SignatureAlgorithms" => "rsa_pss_pss_sha256:rsa_pss_pss_sha512",
-        },
-        test   => {
-            "ExpectedServerCertType" => "RSA-PSS",
-            "ExpectedServerSignHash" => "SHA256",
-            "ExpectedServerSignType" => "RSA-PSS",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "RSA-PSS Restricted Cert client prefers invalid Signature Algorithm",
-        server => $server_pss_restrict_only,
-        client => {
-            "SignatureAlgorithms" => "rsa_pss_pss_sha512:rsa_pss_pss_sha256",
-        },
-        test   => {
-            "ExpectedServerCertType" => "RSA-PSS",
-            "ExpectedServerSignHash" => "SHA256",
-            "ExpectedServerSignType" => "RSA-PSS",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "RSA-PSS Restricted Certificate Invalid Signature Algorithms",
-        server => $server_pss_restrict_only,
-        client => {
-            "SignatureAlgorithms" => "rsa_pss_pss_sha512",
-        },
-        test   => {
-            "ExpectedResult" => "ServerFail"
-        },
-    },
-    {
-        name => "RSA key exchange with all RSA certificate types",
-        server => $server_rsa_all,
-        client => {
-            "CipherString" => "kRSA",
-            "MaxProtocol" => "TLSv1.2",
-        },
-        test   => {
-            "ExpectedServerCertType" =>, "RSA",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "RSA key exchange with only RSA-PSS certificate",
-        server => $server_pss_only,
-        client => {
-            "CipherString" => "kRSA",
-            "MaxProtocol" => "TLSv1.2",
-        },
-        test   => {
-            "ExpectedResult" => "ServerFail"
-        },
-    },
-    {
-        name => "Suite B P-256 Hash Algorithm Selection",
-        server =>  {
-            "ECDSA.Certificate" => test_pem("p256-server-cert.pem"),
-            "ECDSA.PrivateKey" => test_pem("p256-server-key.pem"),
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "SUITEB128"
-        },
-        client => {
-            "VerifyCAFile" => test_pem("p384-root.pem"),
-            "SignatureAlgorithms" => "ECDSA+SHA384:ECDSA+SHA256"
-        },
-        test   => {
-            "ExpectedServerCertType" => "P-256",
-            "ExpectedServerSignHash" => "SHA256",
-            "ExpectedServerSignType" => "EC",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "Suite B P-384 Hash Algorithm Selection",
-        server =>  {
-            "ECDSA.Certificate" => test_pem("p384-server-cert.pem"),
-            "ECDSA.PrivateKey" => test_pem("p384-server-key.pem"),
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "SUITEB128"
-        },
-        client => {
-            "VerifyCAFile" => test_pem("p384-root.pem"),
-            "SignatureAlgorithms" => "ECDSA+SHA256:ECDSA+SHA384"
-        },
-        test   => {
-            "ExpectedServerCertType" => "P-384",
-            "ExpectedServerSignHash" => "SHA384",
-            "ExpectedServerSignType" => "EC",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "TLS 1.2 Ed25519 Client Auth",
-        server => {
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "Require"
-        },
-        client => {
-            "Ed25519.Certificate" => test_pem("client-ed25519-cert.pem"),
-            "Ed25519.PrivateKey" => test_pem("client-ed25519-key.pem"),
-            "MinProtocol" => "TLSv1.2",
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test   => {
-            "ExpectedClientCertType" => "Ed25519",
-            "ExpectedClientSignType" => "Ed25519",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "TLS 1.2 Ed448 Client Auth",
-        server => {
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "Require"
-        },
-        client => {
-            "Ed448.Certificate" => test_pem("client-ed448-cert.pem"),
-            "Ed448.PrivateKey" => test_pem("client-ed448-key.pem"),
-            "MinProtocol" => "TLSv1.2",
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test   => {
-            "ExpectedClientCertType" => "Ed448",
-            "ExpectedClientSignType" => "Ed448",
-            "ExpectedResult" => "Success"
-        },
-    },
-);
-
-my @tests_tls_1_1 = (
-    {
-        name => "Only RSA-PSS Certificate, TLS v1.1",
-        server => $server_pss_only,
-        client => {
-            "MaxProtocol" => "TLSv1.1",
-        },
-        test   => {
-            "ExpectedResult" => "ServerFail"
-        },
-    },
-);
-
-push @tests, @tests_tls_1_1 unless disabled("tls1_1");
-
-my $server_tls_1_3 = {
-    "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
-    "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
-    "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
-    "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
-    "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
-    "Ed448.PrivateKey" => test_pem("server-ed448-key.pem"),
-    "MinProtocol" => "TLSv1.3",
-    "MaxProtocol" => "TLSv1.3"
-};
-
-my $server_tls_1_3_pss = {
-    "PSS.Certificate" => test_pem("server-pss-cert.pem"),
-    "PSS.PrivateKey" => test_pem("server-pss-key.pem"),
-    "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"),
-    "ECDSA.PrivateKey" => test_pem("server-ecdsa-key.pem"),
-    "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"),
-    "Ed25519.PrivateKey" => test_pem("server-ed25519-key.pem"),
-    "Ed448.Certificate" => test_pem("server-ed448-cert.pem"),
-    "Ed448.PrivateKey" => test_pem("server-ed449-key.pem"),
-    "MinProtocol" => "TLSv1.3",
-    "MaxProtocol" => "TLSv1.3"
-};
-
-my $client_tls_1_3 = {
-    "RSA.Certificate" => test_pem("ee-client-chain.pem"),
-    "RSA.PrivateKey" => test_pem("ee-key.pem"),
-    "ECDSA.Certificate" => test_pem("ee-ecdsa-client-chain.pem"),
-    "ECDSA.PrivateKey" => test_pem("ee-ecdsa-key.pem"),
-    "MinProtocol" => "TLSv1.3",
-    "MaxProtocol" => "TLSv1.3"
-};
-
-my @tests_tls_1_3 = (
-    {
-        name => "TLS 1.3 ECDSA Signature Algorithm Selection",
-        server => $server_tls_1_3,
-        client => {
-            "SignatureAlgorithms" => "ECDSA+SHA256",
-        },
-        test   => {
-            "ExpectedServerCertType" => "P-256",
-            "ExpectedServerSignHash" => "SHA256",
-            "ExpectedServerSignType" => "EC",
-            "ExpectedServerCANames" => "empty",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "TLS 1.3 ECDSA Signature Algorithm Selection compressed point",
-        server => {
-            "ECDSA.Certificate" => test_pem("server-cecdsa-cert.pem"),
-            "ECDSA.PrivateKey" => test_pem("server-cecdsa-key.pem"),
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3"
-        },
-        client => {
-            "SignatureAlgorithms" => "ECDSA+SHA256",
-        },
-        test   => {
-            "ExpectedServerCertType" => "P-256",
-            "ExpectedServerSignHash" => "SHA256",
-            "ExpectedServerSignType" => "EC",
-            "ExpectedServerCANames" => "empty",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "TLS 1.3 ECDSA Signature Algorithm Selection SHA1",
-        server => $server_tls_1_3,
-        client => {
-            "SignatureAlgorithms" => "ECDSA+SHA1",
-        },
-        test   => {
-            "ExpectedResult" => "ServerFail"
-        },
-    },
-    {
-        name => "TLS 1.3 ECDSA Signature Algorithm Selection with PSS",
-        server => $server_tls_1_3,
-        client => {
-            "SignatureAlgorithms" => "ECDSA+SHA256:RSA-PSS+SHA256",
-            "RequestCAFile" => test_pem("root-cert.pem"),
-        },
-        test   => {
-            "ExpectedServerCertType" => "P-256",
-            "ExpectedServerSignHash" => "SHA256",
-            "ExpectedServerSignType" => "EC",
-            "ExpectedServerCANames" => test_pem("root-cert.pem"),
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "TLS 1.3 RSA Signature Algorithm Selection SHA384 with PSS",
-        server => $server_tls_1_3,
-        client => {
-            "SignatureAlgorithms" => "ECDSA+SHA384:RSA-PSS+SHA384",
-        },
-        test   => {
-            "ExpectedServerCertType" => "RSA",
-            "ExpectedServerSignHash" => "SHA384",
-            "ExpectedServerSignType" => "RSA-PSS",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "TLS 1.3 ECDSA Signature Algorithm Selection, no ECDSA certificate",
-        server => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3"
-        },
-        client => {
-            "SignatureAlgorithms" => "ECDSA+SHA256",
-        },
-        test   => {
-            "ExpectedResult" => "ServerFail"
-        },
-    },
-    {
-        name => "TLS 1.3 RSA Signature Algorithm Selection, no PSS",
-        server => $server_tls_1_3,
-        client => {
-            "SignatureAlgorithms" => "RSA+SHA256",
-        },
-        test   => {
-            "ExpectedResult" => "ServerFail"
-        },
-    },
-    {
-        name => "TLS 1.3 RSA-PSS Signature Algorithm Selection",
-        server => $server_tls_1_3,
-        client => {
-            "SignatureAlgorithms" => "RSA-PSS+SHA256",
-        },
-        test   => {
-            "ExpectedServerCertType" => "RSA",
-            "ExpectedServerSignHash" => "SHA256",
-            "ExpectedServerSignType" => "RSA-PSS",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "TLS 1.3 Ed25519 Signature Algorithm Selection",
-        server => $server_tls_1_3,
-        client => {
-            "SignatureAlgorithms" => "ed25519",
-        },
-        test   => {
-            "ExpectedServerCertType" => "Ed25519",
-            "ExpectedServerSignType" => "Ed25519",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "TLS 1.3 Ed448 Signature Algorithm Selection",
-        server => $server_tls_1_3,
-        client => {
-            "SignatureAlgorithms" => "ed448",
-            "VerifyCAFile" => test_pem("root-ed448-cert.pem"),
-        },
-        test   => {
-            "ExpectedServerCertType" => "Ed448",
-            "ExpectedServerSignType" => "Ed448",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "TLS 1.3 Ed25519 CipherString and Groups Selection",
-        server => $server_tls_1_3,
-        client => {
-            "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",
-            # Excluding P-256 from the supported groups list should
-            # mean server still uses a P-256 certificate because supported
-            # groups is not used in signature selection for TLS 1.3
-            "Groups" => "X25519"
-        },
-        test   => {
-            "ExpectedServerCertType" =>, "P-256",
-            "ExpectedServerSignType" =>, "EC",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "TLS 1.3 Ed448 CipherString and Groups Selection",
-        server => $server_tls_1_3,
-        client => {
-            "SignatureAlgorithms" => "ECDSA+SHA256:ed448",
-            # Excluding P-256 from the supported groups list should
-            # mean server still uses a P-256 certificate because supported
-            # groups is not used in signature selection for TLS 1.3
-            "Groups" => "X448"
-        },
-        test   => {
-            "ExpectedServerCertType" =>, "P-256",
-            "ExpectedServerSignType" =>, "EC",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection",
-        server => {
-            "ClientSignatureAlgorithms" => "PSS+SHA256",
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "Require"
-        },
-        client => $client_tls_1_3,
-        test   => {
-            "ExpectedClientCertType" => "RSA",
-            "ExpectedClientSignHash" => "SHA256",
-            "ExpectedClientSignType" => "RSA-PSS",
-            "ExpectedClientCANames" => "empty",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "TLS 1.3 RSA Client Auth Signature Algorithm Selection non-empty CA Names",
-        server => {
-            "ClientSignatureAlgorithms" => "PSS+SHA256",
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "RequestCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "Require"
-        },
-        client => $client_tls_1_3,
-        test   => {
-            "ExpectedClientCertType" => "RSA",
-            "ExpectedClientSignHash" => "SHA256",
-            "ExpectedClientSignType" => "RSA-PSS",
-            "ExpectedClientCANames" => test_pem("root-cert.pem"),
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "TLS 1.3 ECDSA Client Auth Signature Algorithm Selection",
-        server => {
-            "ClientSignatureAlgorithms" => "ECDSA+SHA256",
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "Require"
-        },
-        client => $client_tls_1_3,
-        test   => {
-            "ExpectedClientCertType" => "P-256",
-            "ExpectedClientSignHash" => "SHA256",
-            "ExpectedClientSignType" => "EC",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "TLS 1.3 Ed25519 Client Auth",
-        server => {
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "Require"
-        },
-        client => {
-            "EdDSA.Certificate" => test_pem("client-ed25519-cert.pem"),
-            "EdDSA.PrivateKey" => test_pem("client-ed25519-key.pem"),
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3"
-        },
-        test   => {
-            "ExpectedClientCertType" => "Ed25519",
-            "ExpectedClientSignType" => "Ed25519",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "TLS 1.3 Ed448 Client Auth",
-        server => {
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "Require"
-        },
-        client => {
-            "EdDSA.Certificate" => test_pem("client-ed448-cert.pem"),
-            "EdDSA.PrivateKey" => test_pem("client-ed448-key.pem"),
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3"
-        },
-        test   => {
-            "ExpectedClientCertType" => "Ed448",
-            "ExpectedClientSignType" => "Ed448",
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "TLS 1.3 ECDSA with brainpool",
-        server =>  {
-            "Certificate" => test_pem("server-ecdsa-brainpoolP256r1-cert.pem"),
-            "PrivateKey" => test_pem("server-ecdsa-brainpoolP256r1-key.pem"),
-            "Groups" => "brainpoolP256r1",
-        },
-        client => {
-            "RequestCAFile" => test_pem("root-cert.pem"),
-            "Groups" => "brainpoolP256r1",
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3"
-        },
-        test   => {
-            "ExpectedResult" => "ServerFail"
-        },
-    },
-);
-
-push @tests, @tests_tls_1_3 unless disabled("tls1_3");
-
-my @tests_dsa_tls_1_2 = (
-    {
-        name => "TLS 1.2 DSA Certificate Test",
-        server => {
-            "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
-            "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
-            "DHParameters" => test_pem("dhp2048.pem"),
-            "MinProtocol" => "TLSv1.2",
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ALL",
-        },
-        client => {
-            "SignatureAlgorithms" => "DSA+SHA256:DSA+SHA1",
-            "CipherString" => "ALL",
-        },
-        test   => {
-            "ExpectedResult" => "Success"
-        },
-    },
-);
-
-my @tests_dsa_tls_1_3 = (
-    {
-        name => "TLS 1.3 Client Auth No TLS 1.3 Signature Algorithms",
-        server => {
-            "ClientSignatureAlgorithms" => "ECDSA+SHA1:DSA+SHA256:RSA+SHA256",
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "Request"
-        },
-        client => {},
-        test   => {
-            "ExpectedResult" => "ServerFail"
-        },
-    },
-    {
-        name => "TLS 1.3 DSA Certificate Test",
-        server => {
-            "DSA.Certificate" => test_pem("server-dsa-cert.pem"),
-            "DSA.PrivateKey" => test_pem("server-dsa-key.pem"),
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "CipherString" => "ALL",
-        },
-        client => {
-            "SignatureAlgorithms" => "DSA+SHA1:DSA+SHA256:ECDSA+SHA256",
-            "CipherString" => "ALL",
-        },
-        test   => {
-            "ExpectedResult" => "ServerFail"
-        },
-    },
-);
-
-if (!disabled("dsa")) {
-    push @tests, @tests_dsa_tls_1_2 unless disabled("dh");
-    push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3");
-}
diff --git a/test/ssl-tests/21-key-update.cnf b/test/ssl-tests/21-key-update.cnf

new file mode 100644 (file)

index 0000000..b79eb44
--- /dev/null
+++ b/test/ssl-tests/21-key-update.cnf
@@ -0,0 +1,112 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 4
+
+test-0 = 0-update-key-client-update-not-requested
+test-1 = 1-update-key-server-update-not-requested
+test-2 = 2-update-key-client-update-requested
+test-3 = 3-update-key-server-update-requested
+# ===========================================================
+
+[0-update-key-client-update-not-requested]
+ssl_conf = 0-update-key-client-update-not-requested-ssl
+
+[0-update-key-client-update-not-requested-ssl]
+server = 0-update-key-client-update-not-requested-server
+client = 0-update-key-client-update-not-requested-client
+
+[0-update-key-client-update-not-requested-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-update-key-client-update-not-requested-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+HandshakeMode = KeyUpdateClient
+KeyUpdateType = KeyUpdateNotRequested
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[1-update-key-server-update-not-requested]
+ssl_conf = 1-update-key-server-update-not-requested-ssl
+
+[1-update-key-server-update-not-requested-ssl]
+server = 1-update-key-server-update-not-requested-server
+client = 1-update-key-server-update-not-requested-client
+
+[1-update-key-server-update-not-requested-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-update-key-server-update-not-requested-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+HandshakeMode = KeyUpdateServer
+KeyUpdateType = KeyUpdateNotRequested
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[2-update-key-client-update-requested]
+ssl_conf = 2-update-key-client-update-requested-ssl
+
+[2-update-key-client-update-requested-ssl]
+server = 2-update-key-client-update-requested-server
+client = 2-update-key-client-update-requested-client
+
+[2-update-key-client-update-requested-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-update-key-client-update-requested-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+HandshakeMode = KeyUpdateClient
+KeyUpdateType = KeyUpdateRequested
+ResumptionExpected = No
+
+
+# ===========================================================
+
+[3-update-key-server-update-requested]
+ssl_conf = 3-update-key-server-update-requested-ssl
+
+[3-update-key-server-update-requested-ssl]
+server = 3-update-key-server-update-requested-server
+client = 3-update-key-server-update-requested-client
+
+[3-update-key-server-update-requested-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-update-key-server-update-requested-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+HandshakeMode = KeyUpdateServer
+KeyUpdateType = KeyUpdateRequested
+ResumptionExpected = No
+
+
diff --git a/test/ssl-tests/21-key-update.cnf.in b/test/ssl-tests/21-key-update.cnf.in

new file mode 100644 (file)

index 0000000..f864d9c
--- /dev/null
+++ b/test/ssl-tests/21-key-update.cnf.in
@@ -0,0 +1,62 @@
+# -*- mode: perl; -*-
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test KeyUpdate
+
+use strict;
+use warnings;
+
+package ssltests;
+
+our @tests = (
+    {
+        name => "update-key-client-update-not-requested",
+        server => {},
+        client => {},
+        test => {
+            "HandshakeMode" => "KeyUpdateClient",
+            "KeyUpdateType" => "KeyUpdateNotRequested",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "update-key-server-update-not-requested",
+        server => {},
+        client => {},
+        test => {
+            "HandshakeMode" => "KeyUpdateServer",
+            "KeyUpdateType" => "KeyUpdateNotRequested",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "update-key-client-update-requested",
+        server => {},
+        client => {},
+        test => {
+            "HandshakeMode" => "KeyUpdateClient",
+            "KeyUpdateType" => "KeyUpdateRequested",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "update-key-server-update-requested",
+        server => {},
+        client => {},
+        test => {
+            "HandshakeMode" => "KeyUpdateServer",
+            "KeyUpdateType" => "KeyUpdateRequested",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    }
+);
diff --git a/test/ssl-tests/21-key-update.conf b/test/ssl-tests/21-key-update.conf

deleted file mode 100644 (file)

index b79eb44..0000000
--- a/test/ssl-tests/21-key-update.conf
+++ /dev/null
@@ -1,112 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 4
-
-test-0 = 0-update-key-client-update-not-requested
-test-1 = 1-update-key-server-update-not-requested
-test-2 = 2-update-key-client-update-requested
-test-3 = 3-update-key-server-update-requested
-# ===========================================================
-
-[0-update-key-client-update-not-requested]
-ssl_conf = 0-update-key-client-update-not-requested-ssl
-
-[0-update-key-client-update-not-requested-ssl]
-server = 0-update-key-client-update-not-requested-server
-client = 0-update-key-client-update-not-requested-client
-
-[0-update-key-client-update-not-requested-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-update-key-client-update-not-requested-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-HandshakeMode = KeyUpdateClient
-KeyUpdateType = KeyUpdateNotRequested
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[1-update-key-server-update-not-requested]
-ssl_conf = 1-update-key-server-update-not-requested-ssl
-
-[1-update-key-server-update-not-requested-ssl]
-server = 1-update-key-server-update-not-requested-server
-client = 1-update-key-server-update-not-requested-client
-
-[1-update-key-server-update-not-requested-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-update-key-server-update-not-requested-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = Success
-HandshakeMode = KeyUpdateServer
-KeyUpdateType = KeyUpdateNotRequested
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[2-update-key-client-update-requested]
-ssl_conf = 2-update-key-client-update-requested-ssl
-
-[2-update-key-client-update-requested-ssl]
-server = 2-update-key-client-update-requested-server
-client = 2-update-key-client-update-requested-client
-
-[2-update-key-client-update-requested-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-update-key-client-update-requested-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedResult = Success
-HandshakeMode = KeyUpdateClient
-KeyUpdateType = KeyUpdateRequested
-ResumptionExpected = No
-
-
-# ===========================================================
-
-[3-update-key-server-update-requested]
-ssl_conf = 3-update-key-server-update-requested-ssl
-
-[3-update-key-server-update-requested-ssl]
-server = 3-update-key-server-update-requested-server
-client = 3-update-key-server-update-requested-client
-
-[3-update-key-server-update-requested-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-update-key-server-update-requested-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedResult = Success
-HandshakeMode = KeyUpdateServer
-KeyUpdateType = KeyUpdateRequested
-ResumptionExpected = No
-
-
diff --git a/test/ssl-tests/21-key-update.conf.in b/test/ssl-tests/21-key-update.conf.in

deleted file mode 100644 (file)

index f864d9c..0000000
--- a/test/ssl-tests/21-key-update.conf.in
+++ /dev/null
@@ -1,62 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test KeyUpdate
-
-use strict;
-use warnings;
-
-package ssltests;
-
-our @tests = (
-    {
-        name => "update-key-client-update-not-requested",
-        server => {},
-        client => {},
-        test => {
-            "HandshakeMode" => "KeyUpdateClient",
-            "KeyUpdateType" => "KeyUpdateNotRequested",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "update-key-server-update-not-requested",
-        server => {},
-        client => {},
-        test => {
-            "HandshakeMode" => "KeyUpdateServer",
-            "KeyUpdateType" => "KeyUpdateNotRequested",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "update-key-client-update-requested",
-        server => {},
-        client => {},
-        test => {
-            "HandshakeMode" => "KeyUpdateClient",
-            "KeyUpdateType" => "KeyUpdateRequested",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "update-key-server-update-requested",
-        server => {},
-        client => {},
-        test => {
-            "HandshakeMode" => "KeyUpdateServer",
-            "KeyUpdateType" => "KeyUpdateRequested",
-            "ResumptionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    }
-);
diff --git a/test/ssl-tests/22-compression.cnf b/test/ssl-tests/22-compression.cnf

new file mode 100644 (file)

index 0000000..c85d312
--- /dev/null
+++ b/test/ssl-tests/22-compression.cnf
@@ -0,0 +1,216 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 8
+
+test-0 = 0-tlsv1_3-both-compress
+test-1 = 1-tlsv1_3-client-compress
+test-2 = 2-tlsv1_3-server-compress
+test-3 = 3-tlsv1_3-neither-compress
+test-4 = 4-tlsv1_2-both-compress
+test-5 = 5-tlsv1_2-client-compress
+test-6 = 6-tlsv1_2-server-compress
+test-7 = 7-tlsv1_2-neither-compress
+# ===========================================================
+
+[0-tlsv1_3-both-compress]
+ssl_conf = 0-tlsv1_3-both-compress-ssl
+
+[0-tlsv1_3-both-compress-ssl]
+server = 0-tlsv1_3-both-compress-server
+client = 0-tlsv1_3-both-compress-client
+
+[0-tlsv1_3-both-compress-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = Compression
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-tlsv1_3-both-compress-client]
+CipherString = DEFAULT
+Options = Compression
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+CompressionExpected = No
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[1-tlsv1_3-client-compress]
+ssl_conf = 1-tlsv1_3-client-compress-ssl
+
+[1-tlsv1_3-client-compress-ssl]
+server = 1-tlsv1_3-client-compress-server
+client = 1-tlsv1_3-client-compress-client
+
+[1-tlsv1_3-client-compress-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-tlsv1_3-client-compress-client]
+CipherString = DEFAULT
+Options = Compression
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+CompressionExpected = No
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[2-tlsv1_3-server-compress]
+ssl_conf = 2-tlsv1_3-server-compress-ssl
+
+[2-tlsv1_3-server-compress-ssl]
+server = 2-tlsv1_3-server-compress-server
+client = 2-tlsv1_3-server-compress-client
+
+[2-tlsv1_3-server-compress-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = Compression
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-tlsv1_3-server-compress-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+CompressionExpected = No
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[3-tlsv1_3-neither-compress]
+ssl_conf = 3-tlsv1_3-neither-compress-ssl
+
+[3-tlsv1_3-neither-compress-ssl]
+server = 3-tlsv1_3-neither-compress-server
+client = 3-tlsv1_3-neither-compress-client
+
+[3-tlsv1_3-neither-compress-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-tlsv1_3-neither-compress-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+CompressionExpected = No
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[4-tlsv1_2-both-compress]
+ssl_conf = 4-tlsv1_2-both-compress-ssl
+
+[4-tlsv1_2-both-compress-ssl]
+server = 4-tlsv1_2-both-compress-server
+client = 4-tlsv1_2-both-compress-client
+
+[4-tlsv1_2-both-compress-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = Compression
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-tlsv1_2-both-compress-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = Compression
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+CompressionExpected = Yes
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[5-tlsv1_2-client-compress]
+ssl_conf = 5-tlsv1_2-client-compress-ssl
+
+[5-tlsv1_2-client-compress-ssl]
+server = 5-tlsv1_2-client-compress-server
+client = 5-tlsv1_2-client-compress-client
+
+[5-tlsv1_2-client-compress-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-tlsv1_2-client-compress-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = Compression
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+CompressionExpected = No
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[6-tlsv1_2-server-compress]
+ssl_conf = 6-tlsv1_2-server-compress-ssl
+
+[6-tlsv1_2-server-compress-ssl]
+server = 6-tlsv1_2-server-compress-server
+client = 6-tlsv1_2-server-compress-client
+
+[6-tlsv1_2-server-compress-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = Compression
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-tlsv1_2-server-compress-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+CompressionExpected = No
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[7-tlsv1_2-neither-compress]
+ssl_conf = 7-tlsv1_2-neither-compress-ssl
+
+[7-tlsv1_2-neither-compress-ssl]
+server = 7-tlsv1_2-neither-compress-server
+client = 7-tlsv1_2-neither-compress-client
+
+[7-tlsv1_2-neither-compress-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-tlsv1_2-neither-compress-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+CompressionExpected = No
+ExpectedResult = Success
+
+
diff --git a/test/ssl-tests/22-compression.cnf.in b/test/ssl-tests/22-compression.cnf.in

new file mode 100644 (file)

index 0000000..bc7b293
--- /dev/null
+++ b/test/ssl-tests/22-compression.cnf.in
@@ -0,0 +1,127 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test Compression
+
+use strict;
+use warnings;
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+our @tests = ();
+
+our @tests_tls1_3 = (
+    {
+        name => "tlsv1_3-both-compress",
+        server => {
+            "Options" => "Compression"
+        },
+        client => {
+            "Options" => "Compression"
+        },
+        test => {
+            "CompressionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "tlsv1_3-client-compress",
+        server => {
+        },
+        client => {
+            "Options" => "Compression"
+        },
+        test => {
+            "CompressionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "tlsv1_3-server-compress",
+        server => {
+            "Options" => "Compression"
+        },
+        client => {
+        },
+        test => {
+            "CompressionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "tlsv1_3-neither-compress",
+        server => {
+        },
+        client => {
+        },
+        test => {
+            "CompressionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+);
+our @tests_tls1_2 = (
+    {
+        name => "tlsv1_2-both-compress",
+        server => {
+            "Options" => "Compression"
+        },
+        client => {
+            "Options" => "Compression",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "CompressionExpected" => "Yes",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "tlsv1_2-client-compress",
+        server => {
+        },
+        client => {
+            "Options" => "Compression",
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "CompressionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "tlsv1_2-server-compress",
+        server => {
+            "Options" => "Compression"
+        },
+        client => {
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "CompressionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "tlsv1_2-neither-compress",
+        server => {
+        },
+        client => {
+            "MaxProtocol" => "TLSv1.2"
+        },
+        test => {
+            "CompressionExpected" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+);
+
+push @tests, @tests_tls1_3 unless disabled("tls1_3");
+push @tests, @tests_tls1_2 unless alldisabled(("tls1_2", "tls1_1", "tls1",
+                                               "ssl3"));
diff --git a/test/ssl-tests/22-compression.conf b/test/ssl-tests/22-compression.conf

deleted file mode 100644 (file)

index c85d312..0000000
--- a/test/ssl-tests/22-compression.conf
+++ /dev/null
@@ -1,216 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 8
-
-test-0 = 0-tlsv1_3-both-compress
-test-1 = 1-tlsv1_3-client-compress
-test-2 = 2-tlsv1_3-server-compress
-test-3 = 3-tlsv1_3-neither-compress
-test-4 = 4-tlsv1_2-both-compress
-test-5 = 5-tlsv1_2-client-compress
-test-6 = 6-tlsv1_2-server-compress
-test-7 = 7-tlsv1_2-neither-compress
-# ===========================================================
-
-[0-tlsv1_3-both-compress]
-ssl_conf = 0-tlsv1_3-both-compress-ssl
-
-[0-tlsv1_3-both-compress-ssl]
-server = 0-tlsv1_3-both-compress-server
-client = 0-tlsv1_3-both-compress-client
-
-[0-tlsv1_3-both-compress-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = Compression
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-tlsv1_3-both-compress-client]
-CipherString = DEFAULT
-Options = Compression
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-CompressionExpected = No
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[1-tlsv1_3-client-compress]
-ssl_conf = 1-tlsv1_3-client-compress-ssl
-
-[1-tlsv1_3-client-compress-ssl]
-server = 1-tlsv1_3-client-compress-server
-client = 1-tlsv1_3-client-compress-client
-
-[1-tlsv1_3-client-compress-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-tlsv1_3-client-compress-client]
-CipherString = DEFAULT
-Options = Compression
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-CompressionExpected = No
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[2-tlsv1_3-server-compress]
-ssl_conf = 2-tlsv1_3-server-compress-ssl
-
-[2-tlsv1_3-server-compress-ssl]
-server = 2-tlsv1_3-server-compress-server
-client = 2-tlsv1_3-server-compress-client
-
-[2-tlsv1_3-server-compress-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = Compression
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-tlsv1_3-server-compress-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-CompressionExpected = No
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[3-tlsv1_3-neither-compress]
-ssl_conf = 3-tlsv1_3-neither-compress-ssl
-
-[3-tlsv1_3-neither-compress-ssl]
-server = 3-tlsv1_3-neither-compress-server
-client = 3-tlsv1_3-neither-compress-client
-
-[3-tlsv1_3-neither-compress-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-tlsv1_3-neither-compress-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-CompressionExpected = No
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[4-tlsv1_2-both-compress]
-ssl_conf = 4-tlsv1_2-both-compress-ssl
-
-[4-tlsv1_2-both-compress-ssl]
-server = 4-tlsv1_2-both-compress-server
-client = 4-tlsv1_2-both-compress-client
-
-[4-tlsv1_2-both-compress-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = Compression
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-tlsv1_2-both-compress-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = Compression
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-CompressionExpected = Yes
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[5-tlsv1_2-client-compress]
-ssl_conf = 5-tlsv1_2-client-compress-ssl
-
-[5-tlsv1_2-client-compress-ssl]
-server = 5-tlsv1_2-client-compress-server
-client = 5-tlsv1_2-client-compress-client
-
-[5-tlsv1_2-client-compress-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-tlsv1_2-client-compress-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = Compression
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-CompressionExpected = No
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[6-tlsv1_2-server-compress]
-ssl_conf = 6-tlsv1_2-server-compress-ssl
-
-[6-tlsv1_2-server-compress-ssl]
-server = 6-tlsv1_2-server-compress-server
-client = 6-tlsv1_2-server-compress-client
-
-[6-tlsv1_2-server-compress-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = Compression
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-tlsv1_2-server-compress-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-CompressionExpected = No
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[7-tlsv1_2-neither-compress]
-ssl_conf = 7-tlsv1_2-neither-compress-ssl
-
-[7-tlsv1_2-neither-compress-ssl]
-server = 7-tlsv1_2-neither-compress-server
-client = 7-tlsv1_2-neither-compress-client
-
-[7-tlsv1_2-neither-compress-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-tlsv1_2-neither-compress-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-CompressionExpected = No
-ExpectedResult = Success
-
-
diff --git a/test/ssl-tests/22-compression.conf.in b/test/ssl-tests/22-compression.conf.in

deleted file mode 100644 (file)

index bc7b293..0000000
--- a/test/ssl-tests/22-compression.conf.in
+++ /dev/null
@@ -1,127 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test Compression
-
-use strict;
-use warnings;
-
-package ssltests;
-use OpenSSL::Test::Utils;
-
-our @tests = ();
-
-our @tests_tls1_3 = (
-    {
-        name => "tlsv1_3-both-compress",
-        server => {
-            "Options" => "Compression"
-        },
-        client => {
-            "Options" => "Compression"
-        },
-        test => {
-            "CompressionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "tlsv1_3-client-compress",
-        server => {
-        },
-        client => {
-            "Options" => "Compression"
-        },
-        test => {
-            "CompressionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "tlsv1_3-server-compress",
-        server => {
-            "Options" => "Compression"
-        },
-        client => {
-        },
-        test => {
-            "CompressionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "tlsv1_3-neither-compress",
-        server => {
-        },
-        client => {
-        },
-        test => {
-            "CompressionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-);
-our @tests_tls1_2 = (
-    {
-        name => "tlsv1_2-both-compress",
-        server => {
-            "Options" => "Compression"
-        },
-        client => {
-            "Options" => "Compression",
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "CompressionExpected" => "Yes",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "tlsv1_2-client-compress",
-        server => {
-        },
-        client => {
-            "Options" => "Compression",
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "CompressionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "tlsv1_2-server-compress",
-        server => {
-            "Options" => "Compression"
-        },
-        client => {
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "CompressionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "tlsv1_2-neither-compress",
-        server => {
-        },
-        client => {
-            "MaxProtocol" => "TLSv1.2"
-        },
-        test => {
-            "CompressionExpected" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-);
-
-push @tests, @tests_tls1_3 unless disabled("tls1_3");
-push @tests, @tests_tls1_2 unless alldisabled(("tls1_2", "tls1_1", "tls1",
-                                               "ssl3"));
diff --git a/test/ssl-tests/23-srp.cnf b/test/ssl-tests/23-srp.cnf

new file mode 100644 (file)

index 0000000..610a0bb
--- /dev/null
+++ b/test/ssl-tests/23-srp.cnf
@@ -0,0 +1,148 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 4
+
+test-0 = 0-srp
+test-1 = 1-srp-bad-password
+test-2 = 2-srp-auth
+test-3 = 3-srp-auth-bad-password
+# ===========================================================
+
+[0-srp]
+ssl_conf = 0-srp-ssl
+
+[0-srp-ssl]
+server = 0-srp-server
+client = 0-srp-client
+
+[0-srp-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = SRP
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-srp-client]
+CipherString = SRP
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+server = 0-srp-server-extra
+client = 0-srp-client-extra
+
+[0-srp-server-extra]
+SRPPassword = password
+SRPUser = user
+
+[0-srp-client-extra]
+SRPPassword = password
+SRPUser = user
+
+
+# ===========================================================
+
+[1-srp-bad-password]
+ssl_conf = 1-srp-bad-password-ssl
+
+[1-srp-bad-password-ssl]
+server = 1-srp-bad-password-server
+client = 1-srp-bad-password-client
+
+[1-srp-bad-password-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = SRP
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-srp-bad-password-client]
+CipherString = SRP
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = ServerFail
+server = 1-srp-bad-password-server-extra
+client = 1-srp-bad-password-client-extra
+
+[1-srp-bad-password-server-extra]
+SRPPassword = password
+SRPUser = user
+
+[1-srp-bad-password-client-extra]
+SRPPassword = passw0rd
+SRPUser = user
+
+
+# ===========================================================
+
+[2-srp-auth]
+ssl_conf = 2-srp-auth-ssl
+
+[2-srp-auth-ssl]
+server = 2-srp-auth-server
+client = 2-srp-auth-client
+
+[2-srp-auth-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = aSRP
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-srp-auth-client]
+CipherString = aSRP
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+server = 2-srp-auth-server-extra
+client = 2-srp-auth-client-extra
+
+[2-srp-auth-server-extra]
+SRPPassword = password
+SRPUser = user
+
+[2-srp-auth-client-extra]
+SRPPassword = password
+SRPUser = user
+
+
+# ===========================================================
+
+[3-srp-auth-bad-password]
+ssl_conf = 3-srp-auth-bad-password-ssl
+
+[3-srp-auth-bad-password-ssl]
+server = 3-srp-auth-bad-password-server
+client = 3-srp-auth-bad-password-client
+
+[3-srp-auth-bad-password-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = aSRP
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-srp-auth-bad-password-client]
+CipherString = aSRP
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = ServerFail
+server = 3-srp-auth-bad-password-server-extra
+client = 3-srp-auth-bad-password-client-extra
+
+[3-srp-auth-bad-password-server-extra]
+SRPPassword = password
+SRPUser = user
+
+[3-srp-auth-bad-password-client-extra]
+SRPPassword = passw0rd
+SRPUser = user
+
+
diff --git a/test/ssl-tests/23-srp.cnf.in b/test/ssl-tests/23-srp.cnf.in

new file mode 100644 (file)

index 0000000..4abfb42
--- /dev/null
+++ b/test/ssl-tests/23-srp.cnf.in
@@ -0,0 +1,107 @@
+# -*- mode: perl; -*-
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+package ssltests;
+
+# SRP is only supported up to TLSv1.2
+
+our @tests = (
+    {
+        name => "srp",
+        server => {
+            "CipherString" => "SRP",
+            "MaxProtocol" => "TLSv1.2",
+            extra => {
+                "SRPUser" => "user",
+                "SRPPassword" => "password",
+            },
+        },
+        client => {
+            "CipherString" => "SRP",
+            "MaxProtocol" => "TLSv1.2",
+            extra => {
+                "SRPUser" => "user",
+                "SRPPassword" => "password",
+            },
+        },
+        test => {
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "srp-bad-password",
+        server => {
+            "CipherString" => "SRP",
+            "MaxProtocol" => "TLSv1.2",
+            extra => {
+                "SRPUser" => "user",
+                "SRPPassword" => "password",
+            },
+        },
+        client => {
+            "CipherString" => "SRP",
+            "MaxProtocol" => "TLSv1.2",
+            extra => {
+                "SRPUser" => "user",
+                "SRPPassword" => "passw0rd",
+            },
+        },
+        test => {
+            # Server fails first with bad client Finished.
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+    {
+        name => "srp-auth",
+        server => {
+            "CipherString" => "aSRP",
+            "MaxProtocol" => "TLSv1.2",
+            extra => {
+                "SRPUser" => "user",
+                "SRPPassword" => "password",
+            },
+        },
+        client => {
+            "CipherString" => "aSRP",
+            "MaxProtocol" => "TLSv1.2",
+            extra => {
+                "SRPUser" => "user",
+                "SRPPassword" => "password",
+            },
+        },
+        test => {
+            "ExpectedResult" => "Success"
+        },
+    },
+    {
+        name => "srp-auth-bad-password",
+        server => {
+            "CipherString" => "aSRP",
+            "MaxProtocol" => "TLSv1.2",
+            extra => {
+                "SRPUser" => "user",
+                "SRPPassword" => "password",
+            },
+        },
+        client => {
+            "CipherString" => "aSRP",
+            "MaxProtocol" => "TLSv1.2",
+            extra => {
+                "SRPUser" => "user",
+                "SRPPassword" => "passw0rd",
+            },
+        },
+        test => {
+            # Server fails first with bad client Finished.
+            "ExpectedResult" => "ServerFail"
+        },
+    },
+);
diff --git a/test/ssl-tests/23-srp.conf b/test/ssl-tests/23-srp.conf

deleted file mode 100644 (file)

index 610a0bb..0000000
--- a/test/ssl-tests/23-srp.conf
+++ /dev/null
@@ -1,148 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 4
-
-test-0 = 0-srp
-test-1 = 1-srp-bad-password
-test-2 = 2-srp-auth
-test-3 = 3-srp-auth-bad-password
-# ===========================================================
-
-[0-srp]
-ssl_conf = 0-srp-ssl
-
-[0-srp-ssl]
-server = 0-srp-server
-client = 0-srp-client
-
-[0-srp-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = SRP
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-srp-client]
-CipherString = SRP
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-server = 0-srp-server-extra
-client = 0-srp-client-extra
-
-[0-srp-server-extra]
-SRPPassword = password
-SRPUser = user
-
-[0-srp-client-extra]
-SRPPassword = password
-SRPUser = user
-
-
-# ===========================================================
-
-[1-srp-bad-password]
-ssl_conf = 1-srp-bad-password-ssl
-
-[1-srp-bad-password-ssl]
-server = 1-srp-bad-password-server
-client = 1-srp-bad-password-client
-
-[1-srp-bad-password-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = SRP
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-srp-bad-password-client]
-CipherString = SRP
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = ServerFail
-server = 1-srp-bad-password-server-extra
-client = 1-srp-bad-password-client-extra
-
-[1-srp-bad-password-server-extra]
-SRPPassword = password
-SRPUser = user
-
-[1-srp-bad-password-client-extra]
-SRPPassword = passw0rd
-SRPUser = user
-
-
-# ===========================================================
-
-[2-srp-auth]
-ssl_conf = 2-srp-auth-ssl
-
-[2-srp-auth-ssl]
-server = 2-srp-auth-server
-client = 2-srp-auth-client
-
-[2-srp-auth-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = aSRP
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-srp-auth-client]
-CipherString = aSRP
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedResult = Success
-server = 2-srp-auth-server-extra
-client = 2-srp-auth-client-extra
-
-[2-srp-auth-server-extra]
-SRPPassword = password
-SRPUser = user
-
-[2-srp-auth-client-extra]
-SRPPassword = password
-SRPUser = user
-
-
-# ===========================================================
-
-[3-srp-auth-bad-password]
-ssl_conf = 3-srp-auth-bad-password-ssl
-
-[3-srp-auth-bad-password-ssl]
-server = 3-srp-auth-bad-password-server
-client = 3-srp-auth-bad-password-client
-
-[3-srp-auth-bad-password-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = aSRP
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-srp-auth-bad-password-client]
-CipherString = aSRP
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedResult = ServerFail
-server = 3-srp-auth-bad-password-server-extra
-client = 3-srp-auth-bad-password-client-extra
-
-[3-srp-auth-bad-password-server-extra]
-SRPPassword = password
-SRPUser = user
-
-[3-srp-auth-bad-password-client-extra]
-SRPPassword = passw0rd
-SRPUser = user
-
-
diff --git a/test/ssl-tests/23-srp.conf.in b/test/ssl-tests/23-srp.conf.in

deleted file mode 100644 (file)

index 4abfb42..0000000
--- a/test/ssl-tests/23-srp.conf.in
+++ /dev/null
@@ -1,107 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-use strict;
-use warnings;
-
-package ssltests;
-
-# SRP is only supported up to TLSv1.2
-
-our @tests = (
-    {
-        name => "srp",
-        server => {
-            "CipherString" => "SRP",
-            "MaxProtocol" => "TLSv1.2",
-            extra => {
-                "SRPUser" => "user",
-                "SRPPassword" => "password",
-            },
-        },
-        client => {
-            "CipherString" => "SRP",
-            "MaxProtocol" => "TLSv1.2",
-            extra => {
-                "SRPUser" => "user",
-                "SRPPassword" => "password",
-            },
-        },
-        test => {
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "srp-bad-password",
-        server => {
-            "CipherString" => "SRP",
-            "MaxProtocol" => "TLSv1.2",
-            extra => {
-                "SRPUser" => "user",
-                "SRPPassword" => "password",
-            },
-        },
-        client => {
-            "CipherString" => "SRP",
-            "MaxProtocol" => "TLSv1.2",
-            extra => {
-                "SRPUser" => "user",
-                "SRPPassword" => "passw0rd",
-            },
-        },
-        test => {
-            # Server fails first with bad client Finished.
-            "ExpectedResult" => "ServerFail"
-        },
-    },
-    {
-        name => "srp-auth",
-        server => {
-            "CipherString" => "aSRP",
-            "MaxProtocol" => "TLSv1.2",
-            extra => {
-                "SRPUser" => "user",
-                "SRPPassword" => "password",
-            },
-        },
-        client => {
-            "CipherString" => "aSRP",
-            "MaxProtocol" => "TLSv1.2",
-            extra => {
-                "SRPUser" => "user",
-                "SRPPassword" => "password",
-            },
-        },
-        test => {
-            "ExpectedResult" => "Success"
-        },
-    },
-    {
-        name => "srp-auth-bad-password",
-        server => {
-            "CipherString" => "aSRP",
-            "MaxProtocol" => "TLSv1.2",
-            extra => {
-                "SRPUser" => "user",
-                "SRPPassword" => "password",
-            },
-        },
-        client => {
-            "CipherString" => "aSRP",
-            "MaxProtocol" => "TLSv1.2",
-            extra => {
-                "SRPUser" => "user",
-                "SRPPassword" => "passw0rd",
-            },
-        },
-        test => {
-            # Server fails first with bad client Finished.
-            "ExpectedResult" => "ServerFail"
-        },
-    },
-);
diff --git a/test/ssl-tests/24-padding.cnf b/test/ssl-tests/24-padding.cnf

new file mode 100644 (file)

index 0000000..3c9f450
--- /dev/null
+++ b/test/ssl-tests/24-padding.cnf
@@ -0,0 +1,34 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 1
+
+test-0 = 0-default
+# ===========================================================
+
+[0-default]
+ssl_conf = 0-default-ssl
+
+[0-default-ssl]
+server = 0-default-server
+client = 0-default-client
+
+[0-default-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+RecordPadding = 64
+
+[0-default-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+RecordPadding = 11
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+
+
diff --git a/test/ssl-tests/24-padding.cnf.in b/test/ssl-tests/24-padding.cnf.in

new file mode 100644 (file)

index 0000000..5d76b0b
--- /dev/null
+++ b/test/ssl-tests/24-padding.cnf.in
@@ -0,0 +1,25 @@
+# -*- mode: perl; -*-
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## SSL test configurations
+
+package ssltests;
+
+our @tests = (
+    {
+        name => "default",
+        server => { "RecordPadding" => 64,
+                   "MaxProtocol" => "TLSv1.3",
+                    "MinProtocol" => "TLSv1.3" },
+        client => { "RecordPadding" => 11,
+                   "MaxProtocol" => "TLSv1.3",
+                    "MinProtocol" => "TLSv1.3" },
+        test   => { "ExpectedResult" => "Success" },
+    },
+);
diff --git a/test/ssl-tests/24-padding.conf b/test/ssl-tests/24-padding.conf

deleted file mode 100644 (file)

index 3c9f450..0000000
--- a/test/ssl-tests/24-padding.conf
+++ /dev/null
@@ -1,34 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 1
-
-test-0 = 0-default
-# ===========================================================
-
-[0-default]
-ssl_conf = 0-default-ssl
-
-[0-default-ssl]
-server = 0-default-server
-client = 0-default-client
-
-[0-default-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-RecordPadding = 64
-
-[0-default-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-RecordPadding = 11
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-
-
diff --git a/test/ssl-tests/24-padding.conf.in b/test/ssl-tests/24-padding.conf.in

deleted file mode 100644 (file)

index 5d76b0b..0000000
--- a/test/ssl-tests/24-padding.conf.in
+++ /dev/null
@@ -1,25 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## SSL test configurations
-
-package ssltests;
-
-our @tests = (
-    {
-        name => "default",
-        server => { "RecordPadding" => 64,
-                   "MaxProtocol" => "TLSv1.3",
-                    "MinProtocol" => "TLSv1.3" },
-        client => { "RecordPadding" => 11,
-                   "MaxProtocol" => "TLSv1.3",
-                    "MinProtocol" => "TLSv1.3" },
-        test   => { "ExpectedResult" => "Success" },
-    },
-);
diff --git a/test/ssl-tests/25-cipher.cnf b/test/ssl-tests/25-cipher.cnf

new file mode 100644 (file)

index 0000000..a28c1f7
--- /dev/null
+++ b/test/ssl-tests/25-cipher.cnf
@@ -0,0 +1,244 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 9
+
+test-0 = 0-cipher-server-1
+test-1 = 1-cipher-server-2
+test-2 = 2-cipher-server-client-list
+test-3 = 3-cipher-server-pref-1
+test-4 = 4-cipher-server-pref-2
+test-5 = 5-cipher-server-pref-client-list
+test-6 = 6-cipher-server-pref-not-mobile
+test-7 = 7-cipher-server-pref-mobile
+test-8 = 8-cipher-server-pref-mobile2
+# ===========================================================
+
+[0-cipher-server-1]
+ssl_conf = 0-cipher-server-1-ssl
+
+[0-cipher-server-1-ssl]
+server = 0-cipher-server-1-server
+client = 0-cipher-server-1-client
+
+[0-cipher-server-1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-cipher-server-1-client]
+CipherString = ECDHE-RSA-AES256-SHA384
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedCipher = ECDHE-RSA-AES256-SHA384
+
+
+# ===========================================================
+
+[1-cipher-server-2]
+ssl_conf = 1-cipher-server-2-ssl
+
+[1-cipher-server-2-ssl]
+server = 1-cipher-server-2-server
+client = 1-cipher-server-2-client
+
+[1-cipher-server-2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-cipher-server-2-client]
+CipherString = ECDHE-RSA-AES128-SHA256
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedCipher = ECDHE-RSA-AES128-SHA256
+
+
+# ===========================================================
+
+[2-cipher-server-client-list]
+ssl_conf = 2-cipher-server-client-list-ssl
+
+[2-cipher-server-client-list-ssl]
+server = 2-cipher-server-client-list-server
+client = 2-cipher-server-client-list-client
+
+[2-cipher-server-client-list-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-cipher-server-client-list-client]
+CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedCipher = ECDHE-RSA-AES128-SHA256
+
+
+# ===========================================================
+
+[3-cipher-server-pref-1]
+ssl_conf = 3-cipher-server-pref-1-ssl
+
+[3-cipher-server-pref-1-ssl]
+server = 3-cipher-server-pref-1-server
+client = 3-cipher-server-pref-1-client
+
+[3-cipher-server-pref-1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
+MaxProtocol = TLSv1.2
+Options = ServerPreference
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-cipher-server-pref-1-client]
+CipherString = ECDHE-RSA-AES256-SHA384
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedCipher = ECDHE-RSA-AES256-SHA384
+
+
+# ===========================================================
+
+[4-cipher-server-pref-2]
+ssl_conf = 4-cipher-server-pref-2-ssl
+
+[4-cipher-server-pref-2-ssl]
+server = 4-cipher-server-pref-2-server
+client = 4-cipher-server-pref-2-client
+
+[4-cipher-server-pref-2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
+MaxProtocol = TLSv1.2
+Options = ServerPreference
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-cipher-server-pref-2-client]
+CipherString = ECDHE-RSA-AES128-SHA256
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedCipher = ECDHE-RSA-AES128-SHA256
+
+
+# ===========================================================
+
+[5-cipher-server-pref-client-list]
+ssl_conf = 5-cipher-server-pref-client-list-ssl
+
+[5-cipher-server-pref-client-list-ssl]
+server = 5-cipher-server-pref-client-list-server
+client = 5-cipher-server-pref-client-list-client
+
+[5-cipher-server-pref-client-list-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
+MaxProtocol = TLSv1.2
+Options = ServerPreference
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-cipher-server-pref-client-list-client]
+CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedCipher = ECDHE-RSA-AES256-SHA384
+
+
+# ===========================================================
+
+[6-cipher-server-pref-not-mobile]
+ssl_conf = 6-cipher-server-pref-not-mobile-ssl
+
+[6-cipher-server-pref-not-mobile-ssl]
+server = 6-cipher-server-pref-not-mobile-server
+client = 6-cipher-server-pref-not-mobile-client
+
+[6-cipher-server-pref-not-mobile-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305
+MaxProtocol = TLSv1.2
+Options = ServerPreference
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-cipher-server-pref-not-mobile-client]
+CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedCipher = ECDHE-RSA-AES256-SHA384
+
+
+# ===========================================================
+
+[7-cipher-server-pref-mobile]
+ssl_conf = 7-cipher-server-pref-mobile-ssl
+
+[7-cipher-server-pref-mobile-ssl]
+server = 7-cipher-server-pref-mobile-server
+client = 7-cipher-server-pref-mobile-client
+
+[7-cipher-server-pref-mobile-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305
+MaxProtocol = TLSv1.2
+Options = ServerPreference,PrioritizeChaCha
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[7-cipher-server-pref-mobile-client]
+CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedCipher = ECDHE-RSA-AES256-SHA384
+
+
+# ===========================================================
+
+[8-cipher-server-pref-mobile2]
+ssl_conf = 8-cipher-server-pref-mobile2-ssl
+
+[8-cipher-server-pref-mobile2-ssl]
+server = 8-cipher-server-pref-mobile2-server
+client = 8-cipher-server-pref-mobile2-client
+
+[8-cipher-server-pref-mobile2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305
+MaxProtocol = TLSv1.2
+Options = ServerPreference,PrioritizeChaCha
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[8-cipher-server-pref-mobile2-client]
+CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedCipher = ECDHE-RSA-CHACHA20-POLY1305
+
+
diff --git a/test/ssl-tests/25-cipher.cnf.in b/test/ssl-tests/25-cipher.cnf.in

new file mode 100644 (file)

index 0000000..c7bfc61
--- /dev/null
+++ b/test/ssl-tests/25-cipher.cnf.in
@@ -0,0 +1,156 @@
+# -*- mode: perl; -*-
+# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test version negotiation
+
+use strict;
+use warnings;
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+our @tests = (
+    {
+        name => "cipher-server-1",
+        server => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
+    },
+        client => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-AES256-SHA384"
+        },
+        test => {
+            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
+        },
+    },
+    {
+        name => "cipher-server-2",
+        server => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
+        },
+        client => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-AES128-SHA256"
+        },
+        test => {
+            "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256",
+        },
+    },
+    {
+        name => "cipher-server-client-list",
+        server => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
+        },
+        client => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
+        },
+        test => {
+            "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256",
+        },
+    },
+    {
+        name => "cipher-server-pref-1",
+        server => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
+            "Options" => "ServerPreference",
+        },
+        client => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-AES256-SHA384"
+        },
+        test => {
+            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
+        },
+    },
+    {
+        name => "cipher-server-pref-2",
+        server => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
+            "Options" => "ServerPreference",
+        },
+        client => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-AES128-SHA256"
+        },
+        test => {
+            "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256",
+        },
+    },
+    {
+        name => "cipher-server-pref-client-list",
+        server => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
+            "Options" => "ServerPreference",
+        },
+        client => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
+        },
+        test => {
+            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
+        },
+    },
+    {
+        name => "cipher-server-pref-not-mobile",
+        server => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305",
+            "Options" => "ServerPreference",
+        },
+        client => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
+        },
+        test => {
+            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
+        },
+    },
+    {
+        name => "cipher-server-pref-mobile",
+        server => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305",
+            "Options" => "ServerPreference,PrioritizeChaCha",
+        },
+        client => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305",
+        },
+        test => {
+            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
+        },
+    },
+);
+
+my @tests_poly1305 = (
+    {
+        name => "cipher-server-pref-mobile2",
+        server => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305",
+            "Options" => "ServerPreference,PrioritizeChaCha",
+        },
+        client => {
+            "MaxProtocol" => "TLSv1.2",
+            "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
+        },
+        test => {
+            "ExpectedCipher" => "ECDHE-RSA-CHACHA20-POLY1305",
+        },
+    },
+);
+
+push @tests, @tests_poly1305 unless disabled("poly1305") || disabled("chacha");
diff --git a/test/ssl-tests/25-cipher.conf b/test/ssl-tests/25-cipher.conf

deleted file mode 100644 (file)

index a28c1f7..0000000
--- a/test/ssl-tests/25-cipher.conf
+++ /dev/null
@@ -1,244 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 9
-
-test-0 = 0-cipher-server-1
-test-1 = 1-cipher-server-2
-test-2 = 2-cipher-server-client-list
-test-3 = 3-cipher-server-pref-1
-test-4 = 4-cipher-server-pref-2
-test-5 = 5-cipher-server-pref-client-list
-test-6 = 6-cipher-server-pref-not-mobile
-test-7 = 7-cipher-server-pref-mobile
-test-8 = 8-cipher-server-pref-mobile2
-# ===========================================================
-
-[0-cipher-server-1]
-ssl_conf = 0-cipher-server-1-ssl
-
-[0-cipher-server-1-ssl]
-server = 0-cipher-server-1-server
-client = 0-cipher-server-1-client
-
-[0-cipher-server-1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-cipher-server-1-client]
-CipherString = ECDHE-RSA-AES256-SHA384
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedCipher = ECDHE-RSA-AES256-SHA384
-
-
-# ===========================================================
-
-[1-cipher-server-2]
-ssl_conf = 1-cipher-server-2-ssl
-
-[1-cipher-server-2-ssl]
-server = 1-cipher-server-2-server
-client = 1-cipher-server-2-client
-
-[1-cipher-server-2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-cipher-server-2-client]
-CipherString = ECDHE-RSA-AES128-SHA256
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedCipher = ECDHE-RSA-AES128-SHA256
-
-
-# ===========================================================
-
-[2-cipher-server-client-list]
-ssl_conf = 2-cipher-server-client-list-ssl
-
-[2-cipher-server-client-list-ssl]
-server = 2-cipher-server-client-list-server
-client = 2-cipher-server-client-list-client
-
-[2-cipher-server-client-list-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-cipher-server-client-list-client]
-CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedCipher = ECDHE-RSA-AES128-SHA256
-
-
-# ===========================================================
-
-[3-cipher-server-pref-1]
-ssl_conf = 3-cipher-server-pref-1-ssl
-
-[3-cipher-server-pref-1-ssl]
-server = 3-cipher-server-pref-1-server
-client = 3-cipher-server-pref-1-client
-
-[3-cipher-server-pref-1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
-MaxProtocol = TLSv1.2
-Options = ServerPreference
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-cipher-server-pref-1-client]
-CipherString = ECDHE-RSA-AES256-SHA384
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedCipher = ECDHE-RSA-AES256-SHA384
-
-
-# ===========================================================
-
-[4-cipher-server-pref-2]
-ssl_conf = 4-cipher-server-pref-2-ssl
-
-[4-cipher-server-pref-2-ssl]
-server = 4-cipher-server-pref-2-server
-client = 4-cipher-server-pref-2-client
-
-[4-cipher-server-pref-2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
-MaxProtocol = TLSv1.2
-Options = ServerPreference
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-cipher-server-pref-2-client]
-CipherString = ECDHE-RSA-AES128-SHA256
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedCipher = ECDHE-RSA-AES128-SHA256
-
-
-# ===========================================================
-
-[5-cipher-server-pref-client-list]
-ssl_conf = 5-cipher-server-pref-client-list-ssl
-
-[5-cipher-server-pref-client-list-ssl]
-server = 5-cipher-server-pref-client-list-server
-client = 5-cipher-server-pref-client-list-client
-
-[5-cipher-server-pref-client-list-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
-MaxProtocol = TLSv1.2
-Options = ServerPreference
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-cipher-server-pref-client-list-client]
-CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedCipher = ECDHE-RSA-AES256-SHA384
-
-
-# ===========================================================
-
-[6-cipher-server-pref-not-mobile]
-ssl_conf = 6-cipher-server-pref-not-mobile-ssl
-
-[6-cipher-server-pref-not-mobile-ssl]
-server = 6-cipher-server-pref-not-mobile-server
-client = 6-cipher-server-pref-not-mobile-client
-
-[6-cipher-server-pref-not-mobile-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305
-MaxProtocol = TLSv1.2
-Options = ServerPreference
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-cipher-server-pref-not-mobile-client]
-CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ExpectedCipher = ECDHE-RSA-AES256-SHA384
-
-
-# ===========================================================
-
-[7-cipher-server-pref-mobile]
-ssl_conf = 7-cipher-server-pref-mobile-ssl
-
-[7-cipher-server-pref-mobile-ssl]
-server = 7-cipher-server-pref-mobile-server
-client = 7-cipher-server-pref-mobile-client
-
-[7-cipher-server-pref-mobile-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305
-MaxProtocol = TLSv1.2
-Options = ServerPreference,PrioritizeChaCha
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[7-cipher-server-pref-mobile-client]
-CipherString = ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-ExpectedCipher = ECDHE-RSA-AES256-SHA384
-
-
-# ===========================================================
-
-[8-cipher-server-pref-mobile2]
-ssl_conf = 8-cipher-server-pref-mobile2-ssl
-
-[8-cipher-server-pref-mobile2-ssl]
-server = 8-cipher-server-pref-mobile2-server
-client = 8-cipher-server-pref-mobile2-client
-
-[8-cipher-server-pref-mobile2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305
-MaxProtocol = TLSv1.2
-Options = ServerPreference,PrioritizeChaCha
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[8-cipher-server-pref-mobile2-client]
-CipherString = ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-8]
-ExpectedCipher = ECDHE-RSA-CHACHA20-POLY1305
-
-
diff --git a/test/ssl-tests/25-cipher.conf.in b/test/ssl-tests/25-cipher.conf.in

deleted file mode 100644 (file)

index c7bfc61..0000000
--- a/test/ssl-tests/25-cipher.conf.in
+++ /dev/null
@@ -1,156 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test version negotiation
-
-use strict;
-use warnings;
-
-package ssltests;
-use OpenSSL::Test::Utils;
-
-our @tests = (
-    {
-        name => "cipher-server-1",
-        server => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
-    },
-        client => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES256-SHA384"
-        },
-        test => {
-            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
-        },
-    },
-    {
-        name => "cipher-server-2",
-        server => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
-        },
-        client => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES128-SHA256"
-        },
-        test => {
-            "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256",
-        },
-    },
-    {
-        name => "cipher-server-client-list",
-        server => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
-        },
-        client => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
-        },
-        test => {
-            "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256",
-        },
-    },
-    {
-        name => "cipher-server-pref-1",
-        server => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
-            "Options" => "ServerPreference",
-        },
-        client => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES256-SHA384"
-        },
-        test => {
-            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
-        },
-    },
-    {
-        name => "cipher-server-pref-2",
-        server => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
-            "Options" => "ServerPreference",
-        },
-        client => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES128-SHA256"
-        },
-        test => {
-            "ExpectedCipher" => "ECDHE-RSA-AES128-SHA256",
-        },
-    },
-    {
-        name => "cipher-server-pref-client-list",
-        server => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256",
-            "Options" => "ServerPreference",
-        },
-        client => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
-        },
-        test => {
-            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
-        },
-    },
-    {
-        name => "cipher-server-pref-not-mobile",
-        server => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305",
-            "Options" => "ServerPreference",
-        },
-        client => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
-        },
-        test => {
-            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
-        },
-    },
-    {
-        name => "cipher-server-pref-mobile",
-        server => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305",
-            "Options" => "ServerPreference,PrioritizeChaCha",
-        },
-        client => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305",
-        },
-        test => {
-            "ExpectedCipher" => "ECDHE-RSA-AES256-SHA384",
-        },
-    },
-);
-
-my @tests_poly1305 = (
-    {
-        name => "cipher-server-pref-mobile2",
-        server => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305",
-            "Options" => "ServerPreference,PrioritizeChaCha",
-        },
-        client => {
-            "MaxProtocol" => "TLSv1.2",
-            "CipherString" => "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384",
-        },
-        test => {
-            "ExpectedCipher" => "ECDHE-RSA-CHACHA20-POLY1305",
-        },
-    },
-);
-
-push @tests, @tests_poly1305 unless disabled("poly1305") || disabled("chacha");
diff --git a/test/ssl-tests/26-tls13_client_auth.cnf b/test/ssl-tests/26-tls13_client_auth.cnf

new file mode 100644 (file)

index 0000000..9c42391
--- /dev/null
+++ b/test/ssl-tests/26-tls13_client_auth.cnf
@@ -0,0 +1,488 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 14
+
+test-0 = 0-server-auth-TLSv1.3
+test-1 = 1-client-auth-TLSv1.3-request
+test-2 = 2-client-auth-TLSv1.3-require-fail
+test-3 = 3-client-auth-TLSv1.3-require
+test-4 = 4-client-auth-TLSv1.3-require-non-empty-names
+test-5 = 5-client-auth-TLSv1.3-noroot
+test-6 = 6-client-auth-TLSv1.3-request-post-handshake
+test-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake
+test-8 = 8-client-auth-TLSv1.3-require-post-handshake
+test-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake
+test-10 = 10-client-auth-TLSv1.3-noroot-post-handshake
+test-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake
+test-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake
+test-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake
+# ===========================================================
+
+[0-server-auth-TLSv1.3]
+ssl_conf = 0-server-auth-TLSv1.3-ssl
+
+[0-server-auth-TLSv1.3-ssl]
+server = 0-server-auth-TLSv1.3-server
+client = 0-server-auth-TLSv1.3-client
+
+[0-server-auth-TLSv1.3-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-server-auth-TLSv1.3-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[1-client-auth-TLSv1.3-request]
+ssl_conf = 1-client-auth-TLSv1.3-request-ssl
+
+[1-client-auth-TLSv1.3-request-ssl]
+server = 1-client-auth-TLSv1.3-request-server
+client = 1-client-auth-TLSv1.3-request-client
+
+[1-client-auth-TLSv1.3-request-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Request
+
+[1-client-auth-TLSv1.3-request-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[2-client-auth-TLSv1.3-require-fail]
+ssl_conf = 2-client-auth-TLSv1.3-require-fail-ssl
+
+[2-client-auth-TLSv1.3-require-fail-ssl]
+server = 2-client-auth-TLSv1.3-require-fail-server
+client = 2-client-auth-TLSv1.3-require-fail-client
+
+[2-client-auth-TLSv1.3-require-fail-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Require
+
+[2-client-auth-TLSv1.3-require-fail-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = ServerFail
+ExpectedServerAlert = CertificateRequired
+
+
+# ===========================================================
+
+[3-client-auth-TLSv1.3-require]
+ssl_conf = 3-client-auth-TLSv1.3-require-ssl
+
+[3-client-auth-TLSv1.3-require-ssl]
+server = 3-client-auth-TLSv1.3-require-server
+client = 3-client-auth-TLSv1.3-require-client
+
+[3-client-auth-TLSv1.3-require-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = PSS+SHA256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[3-client-auth-TLSv1.3-require-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedClientCANames = empty
+ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
+ExpectedClientSignType = RSA-PSS
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[4-client-auth-TLSv1.3-require-non-empty-names]
+ssl_conf = 4-client-auth-TLSv1.3-require-non-empty-names-ssl
+
+[4-client-auth-TLSv1.3-require-non-empty-names-ssl]
+server = 4-client-auth-TLSv1.3-require-non-empty-names-server
+client = 4-client-auth-TLSv1.3-require-non-empty-names-client
+
+[4-client-auth-TLSv1.3-require-non-empty-names-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ClientSignatureAlgorithms = PSS+SHA256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = Request
+
+[4-client-auth-TLSv1.3-require-non-empty-names-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
+ExpectedClientSignType = RSA-PSS
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[5-client-auth-TLSv1.3-noroot]
+ssl_conf = 5-client-auth-TLSv1.3-noroot-ssl
+
+[5-client-auth-TLSv1.3-noroot-ssl]
+server = 5-client-auth-TLSv1.3-noroot-server
+client = 5-client-auth-TLSv1.3-noroot-client
+
+[5-client-auth-TLSv1.3-noroot-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = Require
+
+[5-client-auth-TLSv1.3-noroot-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = ServerFail
+ExpectedServerAlert = UnknownCA
+
+
+# ===========================================================
+
+[6-client-auth-TLSv1.3-request-post-handshake]
+ssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl
+
+[6-client-auth-TLSv1.3-request-post-handshake-ssl]
+server = 6-client-auth-TLSv1.3-request-post-handshake-server
+client = 6-client-auth-TLSv1.3-request-post-handshake-client
+
+[6-client-auth-TLSv1.3-request-post-handshake-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = RequestPostHandshake
+
+[6-client-auth-TLSv1.3-request-post-handshake-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = ServerFail
+HandshakeMode = PostHandshakeAuth
+
+
+# ===========================================================
+
+[7-client-auth-TLSv1.3-require-fail-post-handshake]
+ssl_conf = 7-client-auth-TLSv1.3-require-fail-post-handshake-ssl
+
+[7-client-auth-TLSv1.3-require-fail-post-handshake-ssl]
+server = 7-client-auth-TLSv1.3-require-fail-post-handshake-server
+client = 7-client-auth-TLSv1.3-require-fail-post-handshake-client
+
+[7-client-auth-TLSv1.3-require-fail-post-handshake-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = RequirePostHandshake
+
+[7-client-auth-TLSv1.3-require-fail-post-handshake-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-7]
+ExpectedResult = ServerFail
+HandshakeMode = PostHandshakeAuth
+
+
+# ===========================================================
+
+[8-client-auth-TLSv1.3-require-post-handshake]
+ssl_conf = 8-client-auth-TLSv1.3-require-post-handshake-ssl
+
+[8-client-auth-TLSv1.3-require-post-handshake-ssl]
+server = 8-client-auth-TLSv1.3-require-post-handshake-server
+client = 8-client-auth-TLSv1.3-require-post-handshake-client
+
+[8-client-auth-TLSv1.3-require-post-handshake-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientSignatureAlgorithms = PSS+SHA256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = RequestPostHandshake
+
+[8-client-auth-TLSv1.3-require-post-handshake-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-8]
+ExpectedClientCANames = empty
+ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
+ExpectedClientSignType = RSA-PSS
+ExpectedResult = Success
+HandshakeMode = PostHandshakeAuth
+client = 8-client-auth-TLSv1.3-require-post-handshake-client-extra
+
+[8-client-auth-TLSv1.3-require-post-handshake-client-extra]
+EnablePHA = Yes
+
+
+# ===========================================================
+
+[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake]
+ssl_conf = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl
+
+[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl]
+server = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server
+client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client
+
+[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ClientSignatureAlgorithms = PSS+SHA256
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+VerifyMode = RequestPostHandshake
+
+[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-9]
+ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
+ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
+ExpectedClientSignType = RSA-PSS
+ExpectedResult = Success
+HandshakeMode = PostHandshakeAuth
+client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra
+
+[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra]
+EnablePHA = Yes
+
+
+# ===========================================================
+
+[10-client-auth-TLSv1.3-noroot-post-handshake]
+ssl_conf = 10-client-auth-TLSv1.3-noroot-post-handshake-ssl
+
+[10-client-auth-TLSv1.3-noroot-post-handshake-ssl]
+server = 10-client-auth-TLSv1.3-noroot-post-handshake-server
+client = 10-client-auth-TLSv1.3-noroot-post-handshake-client
+
+[10-client-auth-TLSv1.3-noroot-post-handshake-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = RequirePostHandshake
+
+[10-client-auth-TLSv1.3-noroot-post-handshake-client]
+Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-10]
+ExpectedResult = ServerFail
+ExpectedServerAlert = UnknownCA
+HandshakeMode = PostHandshakeAuth
+client = 10-client-auth-TLSv1.3-noroot-post-handshake-client-extra
+
+[10-client-auth-TLSv1.3-noroot-post-handshake-client-extra]
+EnablePHA = Yes
+
+
+# ===========================================================
+
+[11-client-auth-TLSv1.3-request-force-client-post-handshake]
+ssl_conf = 11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl
+
+[11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl]
+server = 11-client-auth-TLSv1.3-request-force-client-post-handshake-server
+client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client
+
+[11-client-auth-TLSv1.3-request-force-client-post-handshake-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = RequestPostHandshake
+
+[11-client-auth-TLSv1.3-request-force-client-post-handshake-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-11]
+ExpectedResult = Success
+HandshakeMode = PostHandshakeAuth
+client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra
+
+[11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra]
+EnablePHA = Yes
+
+
+# ===========================================================
+
+[12-client-auth-TLSv1.3-request-force-server-post-handshake]
+ssl_conf = 12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl
+
+[12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl]
+server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server
+client = 12-client-auth-TLSv1.3-request-force-server-post-handshake-client
+
+[12-client-auth-TLSv1.3-request-force-server-post-handshake-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = RequestPostHandshake
+
+[12-client-auth-TLSv1.3-request-force-server-post-handshake-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-12]
+ExpectedResult = ClientFail
+HandshakeMode = PostHandshakeAuth
+server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra
+
+[12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra]
+ForcePHA = Yes
+
+
+# ===========================================================
+
+[13-client-auth-TLSv1.3-request-force-both-post-handshake]
+ssl_conf = 13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl
+
+[13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl]
+server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server
+client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client
+
+[13-client-auth-TLSv1.3-request-force-both-post-handshake-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+VerifyMode = RequestPostHandshake
+
+[13-client-auth-TLSv1.3-request-force-both-post-handshake-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+MinProtocol = TLSv1.3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-13]
+ExpectedResult = Success
+HandshakeMode = PostHandshakeAuth
+server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra
+client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra
+
+[13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra]
+ForcePHA = Yes
+
+[13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra]
+EnablePHA = Yes
+
+
diff --git a/test/ssl-tests/26-tls13_client_auth.cnf.in b/test/ssl-tests/26-tls13_client_auth.cnf.in

new file mode 100644 (file)

index 0000000..82d3ac2
--- /dev/null
+++ b/test/ssl-tests/26-tls13_client_auth.cnf.in
@@ -0,0 +1,302 @@
+# -*- mode: perl; -*-
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test TLSv1.3 certificate authentication
+## Similar to 04-client_auth.cnf.in output, but specific for
+## TLSv1.3 and post-handshake authentication
+
+use strict;
+use warnings;
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+our @tests = (
+    {
+        name => "server-auth-TLSv1.3",
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+        },
+        client => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+        },
+        test => {
+            "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "client-auth-TLSv1.3-request",
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "VerifyMode" => "Request",
+        },
+        client => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+        },
+        test => {
+            "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "client-auth-TLSv1.3-require-fail",
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Require",
+        },
+        client => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+        },
+        test => {
+            "ExpectedResult" => "ServerFail",
+            "ExpectedServerAlert" => "CertificateRequired",
+        },
+    },
+    {
+        name => "client-auth-TLSv1.3-require",
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "ClientSignatureAlgorithms" => "PSS+SHA256",
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Request",
+        },
+        client => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "Certificate" => test_pem("ee-client-chain.pem"),
+            "PrivateKey" => test_pem("ee-key.pem"),
+        },
+        test => {
+            "ExpectedResult" => "Success",
+            "ExpectedClientCertType" => "RSA",
+            "ExpectedClientSignType" => "RSA-PSS",
+            "ExpectedClientSignHash" => "SHA256",
+            "ExpectedClientCANames" => "empty"
+        },
+    },
+    {
+        name => "client-auth-TLSv1.3-require-non-empty-names",
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "ClientSignatureAlgorithms" => "PSS+SHA256",
+            "ClientCAFile" => test_pem("root-cert.pem"),
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "Request",
+        },
+        client => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "Certificate" => test_pem("ee-client-chain.pem"),
+            "PrivateKey" => test_pem("ee-key.pem"),
+        },
+        test => {
+            "ExpectedResult" => "Success",
+            "ExpectedClientCertType" => "RSA",
+            "ExpectedClientSignType" => "RSA-PSS",
+            "ExpectedClientSignHash" => "SHA256",
+            "ExpectedClientCANames" => test_pem("root-cert.pem"),
+        },
+    },
+    {
+        name => "client-auth-TLSv1.3-noroot",
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "VerifyMode" => "Require",
+        },
+        client => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "Certificate" => test_pem("ee-client-chain.pem"),
+            "PrivateKey" => test_pem("ee-key.pem"),
+        },
+        test => {
+            "ExpectedResult" => "ServerFail",
+            "ExpectedServerAlert" => "UnknownCA",
+        },
+    },
+    {
+        name => "client-auth-TLSv1.3-request-post-handshake",
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "VerifyMode" => "RequestPostHandshake",
+        },
+        client => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+        },
+        test => {
+            "ExpectedResult" => "ServerFail",
+            "HandshakeMode" => "PostHandshakeAuth",
+        },
+    },
+    {
+        name => "client-auth-TLSv1.3-require-fail-post-handshake",
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "RequirePostHandshake",
+        },
+        client => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+        },
+        test => {
+            "ExpectedResult" => "ServerFail",
+            "HandshakeMode" => "PostHandshakeAuth",
+        },
+    },
+    {
+        name => "client-auth-TLSv1.3-require-post-handshake",
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "ClientSignatureAlgorithms" => "PSS+SHA256",
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "RequestPostHandshake",
+        },
+        client => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "Certificate" => test_pem("ee-client-chain.pem"),
+            "PrivateKey" => test_pem("ee-key.pem"),
+            extra => {
+                "EnablePHA" => "Yes",
+            },
+        },
+        test => {
+            "ExpectedResult" => "Success",
+            "HandshakeMode" => "PostHandshakeAuth",
+            "ExpectedClientCertType" => "RSA",
+            "ExpectedClientSignType" => "RSA-PSS",
+            "ExpectedClientSignHash" => "SHA256",
+            "ExpectedClientCANames" => "empty"
+        },
+    },
+    {
+        name => "client-auth-TLSv1.3-require-non-empty-names-post-handshake",
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "ClientSignatureAlgorithms" => "PSS+SHA256",
+            "ClientCAFile" => test_pem("root-cert.pem"),
+            "VerifyCAFile" => test_pem("root-cert.pem"),
+            "VerifyMode" => "RequestPostHandshake",
+        },
+        client => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "Certificate" => test_pem("ee-client-chain.pem"),
+            "PrivateKey" => test_pem("ee-key.pem"),
+            extra => {
+                "EnablePHA" => "Yes",
+            },
+        },
+        test => {
+            "ExpectedResult" => "Success",
+            "HandshakeMode" => "PostHandshakeAuth",
+            "ExpectedClientCertType" => "RSA",
+            "ExpectedClientSignType" => "RSA-PSS",
+            "ExpectedClientSignHash" => "SHA256",
+            "ExpectedClientCANames" => test_pem("root-cert.pem"),
+        },
+    },
+    {
+        name => "client-auth-TLSv1.3-noroot-post-handshake",
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "VerifyMode" => "RequirePostHandshake",
+        },
+        client => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "Certificate" => test_pem("ee-client-chain.pem"),
+            "PrivateKey" => test_pem("ee-key.pem"),
+            extra => {
+                "EnablePHA" => "Yes",
+            },
+        },
+        test => {
+            "ExpectedResult" => "ServerFail",
+            "HandshakeMode" => "PostHandshakeAuth",
+            "ExpectedServerAlert" => "UnknownCA",
+        },
+    },
+    {
+        name => "client-auth-TLSv1.3-request-force-client-post-handshake",
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "VerifyMode" => "RequestPostHandshake",
+        },
+        client => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            extra => {
+                "EnablePHA" => "Yes",
+            },
+        },
+        test => {
+            "ExpectedResult" => "Success",
+            "HandshakeMode" => "PostHandshakeAuth",
+        },
+    },
+    {
+        name => "client-auth-TLSv1.3-request-force-server-post-handshake",
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "VerifyMode" => "RequestPostHandshake",
+            extra => {
+                "ForcePHA" => "Yes",
+            },
+        },
+        client => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+        },
+        test => {
+            "ExpectedResult" => "ClientFail",
+            "HandshakeMode" => "PostHandshakeAuth",
+        },
+    },
+    {
+        name => "client-auth-TLSv1.3-request-force-both-post-handshake",
+        server => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            "VerifyMode" => "RequestPostHandshake",
+            extra => {
+                "ForcePHA" => "Yes",
+            },
+        },
+        client => {
+            "MinProtocol" => "TLSv1.3",
+            "MaxProtocol" => "TLSv1.3",
+            extra => {
+                "EnablePHA" => "Yes",
+            },
+        },
+        test => {
+            "ExpectedResult" => "Success",
+            "HandshakeMode" => "PostHandshakeAuth",
+        },
+    },
+);
diff --git a/test/ssl-tests/26-tls13_client_auth.conf b/test/ssl-tests/26-tls13_client_auth.conf

deleted file mode 100644 (file)

index 9c42391..0000000
--- a/test/ssl-tests/26-tls13_client_auth.conf
+++ /dev/null
@@ -1,488 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 14
-
-test-0 = 0-server-auth-TLSv1.3
-test-1 = 1-client-auth-TLSv1.3-request
-test-2 = 2-client-auth-TLSv1.3-require-fail
-test-3 = 3-client-auth-TLSv1.3-require
-test-4 = 4-client-auth-TLSv1.3-require-non-empty-names
-test-5 = 5-client-auth-TLSv1.3-noroot
-test-6 = 6-client-auth-TLSv1.3-request-post-handshake
-test-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake
-test-8 = 8-client-auth-TLSv1.3-require-post-handshake
-test-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake
-test-10 = 10-client-auth-TLSv1.3-noroot-post-handshake
-test-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake
-test-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake
-test-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake
-# ===========================================================
-
-[0-server-auth-TLSv1.3]
-ssl_conf = 0-server-auth-TLSv1.3-ssl
-
-[0-server-auth-TLSv1.3-ssl]
-server = 0-server-auth-TLSv1.3-server
-client = 0-server-auth-TLSv1.3-client
-
-[0-server-auth-TLSv1.3-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-server-auth-TLSv1.3-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[1-client-auth-TLSv1.3-request]
-ssl_conf = 1-client-auth-TLSv1.3-request-ssl
-
-[1-client-auth-TLSv1.3-request-ssl]
-server = 1-client-auth-TLSv1.3-request-server
-client = 1-client-auth-TLSv1.3-request-client
-
-[1-client-auth-TLSv1.3-request-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Request
-
-[1-client-auth-TLSv1.3-request-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[2-client-auth-TLSv1.3-require-fail]
-ssl_conf = 2-client-auth-TLSv1.3-require-fail-ssl
-
-[2-client-auth-TLSv1.3-require-fail-ssl]
-server = 2-client-auth-TLSv1.3-require-fail-server
-client = 2-client-auth-TLSv1.3-require-fail-client
-
-[2-client-auth-TLSv1.3-require-fail-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Require
-
-[2-client-auth-TLSv1.3-require-fail-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedResult = ServerFail
-ExpectedServerAlert = CertificateRequired
-
-
-# ===========================================================
-
-[3-client-auth-TLSv1.3-require]
-ssl_conf = 3-client-auth-TLSv1.3-require-ssl
-
-[3-client-auth-TLSv1.3-require-ssl]
-server = 3-client-auth-TLSv1.3-require-server
-client = 3-client-auth-TLSv1.3-require-client
-
-[3-client-auth-TLSv1.3-require-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ClientSignatureAlgorithms = PSS+SHA256
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-[3-client-auth-TLSv1.3-require-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedClientCANames = empty
-ExpectedClientCertType = RSA
-ExpectedClientSignHash = SHA256
-ExpectedClientSignType = RSA-PSS
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[4-client-auth-TLSv1.3-require-non-empty-names]
-ssl_conf = 4-client-auth-TLSv1.3-require-non-empty-names-ssl
-
-[4-client-auth-TLSv1.3-require-non-empty-names-ssl]
-server = 4-client-auth-TLSv1.3-require-non-empty-names-server
-client = 4-client-auth-TLSv1.3-require-non-empty-names-client
-
-[4-client-auth-TLSv1.3-require-non-empty-names-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-ClientSignatureAlgorithms = PSS+SHA256
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = Request
-
-[4-client-auth-TLSv1.3-require-non-empty-names-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-ExpectedClientCertType = RSA
-ExpectedClientSignHash = SHA256
-ExpectedClientSignType = RSA-PSS
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[5-client-auth-TLSv1.3-noroot]
-ssl_conf = 5-client-auth-TLSv1.3-noroot-ssl
-
-[5-client-auth-TLSv1.3-noroot-ssl]
-server = 5-client-auth-TLSv1.3-noroot-server
-client = 5-client-auth-TLSv1.3-noroot-client
-
-[5-client-auth-TLSv1.3-noroot-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = Require
-
-[5-client-auth-TLSv1.3-noroot-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedResult = ServerFail
-ExpectedServerAlert = UnknownCA
-
-
-# ===========================================================
-
-[6-client-auth-TLSv1.3-request-post-handshake]
-ssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl
-
-[6-client-auth-TLSv1.3-request-post-handshake-ssl]
-server = 6-client-auth-TLSv1.3-request-post-handshake-server
-client = 6-client-auth-TLSv1.3-request-post-handshake-client
-
-[6-client-auth-TLSv1.3-request-post-handshake-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = RequestPostHandshake
-
-[6-client-auth-TLSv1.3-request-post-handshake-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ExpectedResult = ServerFail
-HandshakeMode = PostHandshakeAuth
-
-
-# ===========================================================
-
-[7-client-auth-TLSv1.3-require-fail-post-handshake]
-ssl_conf = 7-client-auth-TLSv1.3-require-fail-post-handshake-ssl
-
-[7-client-auth-TLSv1.3-require-fail-post-handshake-ssl]
-server = 7-client-auth-TLSv1.3-require-fail-post-handshake-server
-client = 7-client-auth-TLSv1.3-require-fail-post-handshake-client
-
-[7-client-auth-TLSv1.3-require-fail-post-handshake-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = RequirePostHandshake
-
-[7-client-auth-TLSv1.3-require-fail-post-handshake-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-7]
-ExpectedResult = ServerFail
-HandshakeMode = PostHandshakeAuth
-
-
-# ===========================================================
-
-[8-client-auth-TLSv1.3-require-post-handshake]
-ssl_conf = 8-client-auth-TLSv1.3-require-post-handshake-ssl
-
-[8-client-auth-TLSv1.3-require-post-handshake-ssl]
-server = 8-client-auth-TLSv1.3-require-post-handshake-server
-client = 8-client-auth-TLSv1.3-require-post-handshake-client
-
-[8-client-auth-TLSv1.3-require-post-handshake-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ClientSignatureAlgorithms = PSS+SHA256
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = RequestPostHandshake
-
-[8-client-auth-TLSv1.3-require-post-handshake-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-8]
-ExpectedClientCANames = empty
-ExpectedClientCertType = RSA
-ExpectedClientSignHash = SHA256
-ExpectedClientSignType = RSA-PSS
-ExpectedResult = Success
-HandshakeMode = PostHandshakeAuth
-client = 8-client-auth-TLSv1.3-require-post-handshake-client-extra
-
-[8-client-auth-TLSv1.3-require-post-handshake-client-extra]
-EnablePHA = Yes
-
-
-# ===========================================================
-
-[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake]
-ssl_conf = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl
-
-[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-ssl]
-server = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server
-client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client
-
-[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-ClientCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-ClientSignatureAlgorithms = PSS+SHA256
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-VerifyMode = RequestPostHandshake
-
-[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-9]
-ExpectedClientCANames = ${ENV::TEST_CERTS_DIR}/root-cert.pem
-ExpectedClientCertType = RSA
-ExpectedClientSignHash = SHA256
-ExpectedClientSignType = RSA-PSS
-ExpectedResult = Success
-HandshakeMode = PostHandshakeAuth
-client = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra
-
-[9-client-auth-TLSv1.3-require-non-empty-names-post-handshake-client-extra]
-EnablePHA = Yes
-
-
-# ===========================================================
-
-[10-client-auth-TLSv1.3-noroot-post-handshake]
-ssl_conf = 10-client-auth-TLSv1.3-noroot-post-handshake-ssl
-
-[10-client-auth-TLSv1.3-noroot-post-handshake-ssl]
-server = 10-client-auth-TLSv1.3-noroot-post-handshake-server
-client = 10-client-auth-TLSv1.3-noroot-post-handshake-client
-
-[10-client-auth-TLSv1.3-noroot-post-handshake-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = RequirePostHandshake
-
-[10-client-auth-TLSv1.3-noroot-post-handshake-client]
-Certificate = ${ENV::TEST_CERTS_DIR}/ee-client-chain.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/ee-key.pem
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-10]
-ExpectedResult = ServerFail
-ExpectedServerAlert = UnknownCA
-HandshakeMode = PostHandshakeAuth
-client = 10-client-auth-TLSv1.3-noroot-post-handshake-client-extra
-
-[10-client-auth-TLSv1.3-noroot-post-handshake-client-extra]
-EnablePHA = Yes
-
-
-# ===========================================================
-
-[11-client-auth-TLSv1.3-request-force-client-post-handshake]
-ssl_conf = 11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl
-
-[11-client-auth-TLSv1.3-request-force-client-post-handshake-ssl]
-server = 11-client-auth-TLSv1.3-request-force-client-post-handshake-server
-client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client
-
-[11-client-auth-TLSv1.3-request-force-client-post-handshake-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = RequestPostHandshake
-
-[11-client-auth-TLSv1.3-request-force-client-post-handshake-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-11]
-ExpectedResult = Success
-HandshakeMode = PostHandshakeAuth
-client = 11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra
-
-[11-client-auth-TLSv1.3-request-force-client-post-handshake-client-extra]
-EnablePHA = Yes
-
-
-# ===========================================================
-
-[12-client-auth-TLSv1.3-request-force-server-post-handshake]
-ssl_conf = 12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl
-
-[12-client-auth-TLSv1.3-request-force-server-post-handshake-ssl]
-server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server
-client = 12-client-auth-TLSv1.3-request-force-server-post-handshake-client
-
-[12-client-auth-TLSv1.3-request-force-server-post-handshake-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = RequestPostHandshake
-
-[12-client-auth-TLSv1.3-request-force-server-post-handshake-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-12]
-ExpectedResult = ClientFail
-HandshakeMode = PostHandshakeAuth
-server = 12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra
-
-[12-client-auth-TLSv1.3-request-force-server-post-handshake-server-extra]
-ForcePHA = Yes
-
-
-# ===========================================================
-
-[13-client-auth-TLSv1.3-request-force-both-post-handshake]
-ssl_conf = 13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl
-
-[13-client-auth-TLSv1.3-request-force-both-post-handshake-ssl]
-server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server
-client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client
-
-[13-client-auth-TLSv1.3-request-force-both-post-handshake-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-VerifyMode = RequestPostHandshake
-
-[13-client-auth-TLSv1.3-request-force-both-post-handshake-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-MinProtocol = TLSv1.3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-13]
-ExpectedResult = Success
-HandshakeMode = PostHandshakeAuth
-server = 13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra
-client = 13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra
-
-[13-client-auth-TLSv1.3-request-force-both-post-handshake-server-extra]
-ForcePHA = Yes
-
-[13-client-auth-TLSv1.3-request-force-both-post-handshake-client-extra]
-EnablePHA = Yes
-
-
diff --git a/test/ssl-tests/26-tls13_client_auth.conf.in b/test/ssl-tests/26-tls13_client_auth.conf.in

deleted file mode 100644 (file)

index 02a1ee2..0000000
--- a/test/ssl-tests/26-tls13_client_auth.conf.in
+++ /dev/null
@@ -1,302 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test TLSv1.3 certificate authentication
-## Similar to 04-client_auth.conf.in output, but specific for
-## TLSv1.3 and post-handshake authentication
-
-use strict;
-use warnings;
-
-package ssltests;
-use OpenSSL::Test::Utils;
-
-our @tests = (
-    {
-        name => "server-auth-TLSv1.3",
-        server => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-        },
-        client => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-        },
-        test => {
-            "ExpectedResult" => "Success",
-        },
-    },
-    {
-        name => "client-auth-TLSv1.3-request",
-        server => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "VerifyMode" => "Request",
-        },
-        client => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-        },
-        test => {
-            "ExpectedResult" => "Success",
-        },
-    },
-    {
-        name => "client-auth-TLSv1.3-require-fail",
-        server => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "Require",
-        },
-        client => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-        },
-        test => {
-            "ExpectedResult" => "ServerFail",
-            "ExpectedServerAlert" => "CertificateRequired",
-        },
-    },
-    {
-        name => "client-auth-TLSv1.3-require",
-        server => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "ClientSignatureAlgorithms" => "PSS+SHA256",
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "Request",
-        },
-        client => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "Certificate" => test_pem("ee-client-chain.pem"),
-            "PrivateKey" => test_pem("ee-key.pem"),
-        },
-        test => {
-            "ExpectedResult" => "Success",
-            "ExpectedClientCertType" => "RSA",
-            "ExpectedClientSignType" => "RSA-PSS",
-            "ExpectedClientSignHash" => "SHA256",
-            "ExpectedClientCANames" => "empty"
-        },
-    },
-    {
-        name => "client-auth-TLSv1.3-require-non-empty-names",
-        server => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "ClientSignatureAlgorithms" => "PSS+SHA256",
-            "ClientCAFile" => test_pem("root-cert.pem"),
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "Request",
-        },
-        client => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "Certificate" => test_pem("ee-client-chain.pem"),
-            "PrivateKey" => test_pem("ee-key.pem"),
-        },
-        test => {
-            "ExpectedResult" => "Success",
-            "ExpectedClientCertType" => "RSA",
-            "ExpectedClientSignType" => "RSA-PSS",
-            "ExpectedClientSignHash" => "SHA256",
-            "ExpectedClientCANames" => test_pem("root-cert.pem"),
-        },
-    },
-    {
-        name => "client-auth-TLSv1.3-noroot",
-        server => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "VerifyMode" => "Require",
-        },
-        client => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "Certificate" => test_pem("ee-client-chain.pem"),
-            "PrivateKey" => test_pem("ee-key.pem"),
-        },
-        test => {
-            "ExpectedResult" => "ServerFail",
-            "ExpectedServerAlert" => "UnknownCA",
-        },
-    },
-    {
-        name => "client-auth-TLSv1.3-request-post-handshake",
-        server => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "VerifyMode" => "RequestPostHandshake",
-        },
-        client => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-        },
-        test => {
-            "ExpectedResult" => "ServerFail",
-            "HandshakeMode" => "PostHandshakeAuth",
-        },
-    },
-    {
-        name => "client-auth-TLSv1.3-require-fail-post-handshake",
-        server => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "RequirePostHandshake",
-        },
-        client => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-        },
-        test => {
-            "ExpectedResult" => "ServerFail",
-            "HandshakeMode" => "PostHandshakeAuth",
-        },
-    },
-    {
-        name => "client-auth-TLSv1.3-require-post-handshake",
-        server => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "ClientSignatureAlgorithms" => "PSS+SHA256",
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "RequestPostHandshake",
-        },
-        client => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "Certificate" => test_pem("ee-client-chain.pem"),
-            "PrivateKey" => test_pem("ee-key.pem"),
-            extra => {
-                "EnablePHA" => "Yes",
-            },
-        },
-        test => {
-            "ExpectedResult" => "Success",
-            "HandshakeMode" => "PostHandshakeAuth",
-            "ExpectedClientCertType" => "RSA",
-            "ExpectedClientSignType" => "RSA-PSS",
-            "ExpectedClientSignHash" => "SHA256",
-            "ExpectedClientCANames" => "empty"
-        },
-    },
-    {
-        name => "client-auth-TLSv1.3-require-non-empty-names-post-handshake",
-        server => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "ClientSignatureAlgorithms" => "PSS+SHA256",
-            "ClientCAFile" => test_pem("root-cert.pem"),
-            "VerifyCAFile" => test_pem("root-cert.pem"),
-            "VerifyMode" => "RequestPostHandshake",
-        },
-        client => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "Certificate" => test_pem("ee-client-chain.pem"),
-            "PrivateKey" => test_pem("ee-key.pem"),
-            extra => {
-                "EnablePHA" => "Yes",
-            },
-        },
-        test => {
-            "ExpectedResult" => "Success",
-            "HandshakeMode" => "PostHandshakeAuth",
-            "ExpectedClientCertType" => "RSA",
-            "ExpectedClientSignType" => "RSA-PSS",
-            "ExpectedClientSignHash" => "SHA256",
-            "ExpectedClientCANames" => test_pem("root-cert.pem"),
-        },
-    },
-    {
-        name => "client-auth-TLSv1.3-noroot-post-handshake",
-        server => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "VerifyMode" => "RequirePostHandshake",
-        },
-        client => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "Certificate" => test_pem("ee-client-chain.pem"),
-            "PrivateKey" => test_pem("ee-key.pem"),
-            extra => {
-                "EnablePHA" => "Yes",
-            },
-        },
-        test => {
-            "ExpectedResult" => "ServerFail",
-            "HandshakeMode" => "PostHandshakeAuth",
-            "ExpectedServerAlert" => "UnknownCA",
-        },
-    },
-    {
-        name => "client-auth-TLSv1.3-request-force-client-post-handshake",
-        server => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "VerifyMode" => "RequestPostHandshake",
-        },
-        client => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            extra => {
-                "EnablePHA" => "Yes",
-            },
-        },
-        test => {
-            "ExpectedResult" => "Success",
-            "HandshakeMode" => "PostHandshakeAuth",
-        },
-    },
-    {
-        name => "client-auth-TLSv1.3-request-force-server-post-handshake",
-        server => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "VerifyMode" => "RequestPostHandshake",
-            extra => {
-                "ForcePHA" => "Yes",
-            },
-        },
-        client => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-        },
-        test => {
-            "ExpectedResult" => "ClientFail",
-            "HandshakeMode" => "PostHandshakeAuth",
-        },
-    },
-    {
-        name => "client-auth-TLSv1.3-request-force-both-post-handshake",
-        server => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            "VerifyMode" => "RequestPostHandshake",
-            extra => {
-                "ForcePHA" => "Yes",
-            },
-        },
-        client => {
-            "MinProtocol" => "TLSv1.3",
-            "MaxProtocol" => "TLSv1.3",
-            extra => {
-                "EnablePHA" => "Yes",
-            },
-        },
-        test => {
-            "ExpectedResult" => "Success",
-            "HandshakeMode" => "PostHandshakeAuth",
-        },
-    },
-);
diff --git a/test/ssl-tests/27-ticket-appdata.cnf b/test/ssl-tests/27-ticket-appdata.cnf

new file mode 100644 (file)

index 0000000..863ca7a
--- /dev/null
+++ b/test/ssl-tests/27-ticket-appdata.cnf
@@ -0,0 +1,146 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 4
+
+test-0 = 0-session-ticket-app-data12
+test-1 = 1-session-ticket-app-data12
+test-2 = 2-session-ticket-app-data13
+test-3 = 3-session-ticket-app-data13
+# ===========================================================
+
+[0-session-ticket-app-data12]
+ssl_conf = 0-session-ticket-app-data12-ssl
+
+[0-session-ticket-app-data12-ssl]
+server = 0-session-ticket-app-data12-server
+client = 0-session-ticket-app-data12-client
+resume-server = 0-session-ticket-app-data12-server
+resume-client = 0-session-ticket-app-data12-client
+
+[0-session-ticket-app-data12-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-session-ticket-app-data12-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+ExpectedSessionTicketAppData = HelloWorld
+HandshakeMode = Resume
+ResumptionExpected = Yes
+SessionTicketExpected = Yes
+server = 0-session-ticket-app-data12-server-extra
+resume-server = 0-session-ticket-app-data12-server-extra
+
+[0-session-ticket-app-data12-server-extra]
+SessionTicketAppData = HelloWorld
+
+
+# ===========================================================
+
+[1-session-ticket-app-data12]
+ssl_conf = 1-session-ticket-app-data12-ssl
+
+[1-session-ticket-app-data12-ssl]
+server = 1-session-ticket-app-data12-server
+client = 1-session-ticket-app-data12-client
+resume-server = 1-session-ticket-app-data12-server
+resume-client = 1-session-ticket-app-data12-client
+
+[1-session-ticket-app-data12-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-session-ticket-app-data12-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.2
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+ExpectedSessionTicketAppData = 
+HandshakeMode = Resume
+ResumptionExpected = Yes
+SessionTicketExpected = Yes
+
+
+# ===========================================================
+
+[2-session-ticket-app-data13]
+ssl_conf = 2-session-ticket-app-data13-ssl
+
+[2-session-ticket-app-data13-ssl]
+server = 2-session-ticket-app-data13-server
+client = 2-session-ticket-app-data13-client
+resume-server = 2-session-ticket-app-data13-server
+resume-client = 2-session-ticket-app-data13-client
+
+[2-session-ticket-app-data13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-session-ticket-app-data13-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+ExpectedSessionTicketAppData = HelloWorld
+HandshakeMode = Resume
+ResumptionExpected = Yes
+SessionTicketExpected = Yes
+server = 2-session-ticket-app-data13-server-extra
+resume-server = 2-session-ticket-app-data13-server-extra
+
+[2-session-ticket-app-data13-server-extra]
+SessionTicketAppData = HelloWorld
+
+
+# ===========================================================
+
+[3-session-ticket-app-data13]
+ssl_conf = 3-session-ticket-app-data13-ssl
+
+[3-session-ticket-app-data13-ssl]
+server = 3-session-ticket-app-data13-server
+client = 3-session-ticket-app-data13-client
+resume-server = 3-session-ticket-app-data13-server
+resume-client = 3-session-ticket-app-data13-client
+
+[3-session-ticket-app-data13-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = SessionTicket
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-session-ticket-app-data13-client]
+CipherString = DEFAULT
+MaxProtocol = TLSv1.3
+Options = SessionTicket
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+ExpectedSessionTicketAppData = 
+HandshakeMode = Resume
+ResumptionExpected = Yes
+SessionTicketExpected = Yes
+
+
diff --git a/test/ssl-tests/27-ticket-appdata.cnf.in b/test/ssl-tests/27-ticket-appdata.cnf.in

new file mode 100644 (file)

index 0000000..c515859
--- /dev/null
+++ b/test/ssl-tests/27-ticket-appdata.cnf.in
@@ -0,0 +1,99 @@
+# -*- mode: perl; -*-
+# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test session ticket app data
+
+use strict;
+use warnings;
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+our @tests12 = (
+    {
+       "name" => "session-ticket-app-data12",
+       "client" => {
+           "MaxProtocol" => "TLSv1.2",
+           "Options" => "SessionTicket",
+       },
+       "server" => {
+           "Options" => "SessionTicket",
+           "extra" => {
+               "SessionTicketAppData" => "HelloWorld",
+           },
+       },
+       "test" => {
+           "HandshakeMode" => "Resume",
+           "ExpectedResult" => "Success",
+           "SessionTicketExpected" => "Yes",
+           "ResumptionExpected" => "Yes",
+           "ExpectedSessionTicketAppData" => "HelloWorld",
+       }
+    },
+    {
+       "name" => "session-ticket-app-data12",
+       "client" => {
+           "MaxProtocol" => "TLSv1.2",
+           "Options" => "SessionTicket",
+       },
+       "server" => {
+           "Options" => "SessionTicket",
+       },
+       "test" => {
+           "HandshakeMode" => "Resume",
+           "ExpectedResult" => "Success",
+           "SessionTicketExpected" => "Yes",
+           "ResumptionExpected" => "Yes",
+           "ExpectedSessionTicketAppData" => "",
+       }
+    }
+);
+our @tests13 = (
+    {
+       "name" => "session-ticket-app-data13",
+       "client" => {
+           "MaxProtocol" => "TLSv1.3",
+           "Options" => "SessionTicket",
+       },
+       "server" => {
+           "Options" => "SessionTicket",
+           "extra" => {
+               "SessionTicketAppData" => "HelloWorld",
+           },
+       },
+       "test" => {
+           "HandshakeMode" => "Resume",
+           "ExpectedResult" => "Success",
+           "SessionTicketExpected" => "Yes",
+           "ResumptionExpected" => "Yes",
+           "ExpectedSessionTicketAppData" => "HelloWorld",
+       }
+    },
+    {
+       "name" => "session-ticket-app-data13",
+       "client" => {
+           "MaxProtocol" => "TLSv1.3",
+           "Options" => "SessionTicket",
+       },
+       "server" => {
+           "Options" => "SessionTicket",
+       },
+       "test" => {
+           "HandshakeMode" => "Resume",
+           "ExpectedResult" => "Success",
+           "SessionTicketExpected" => "Yes",
+           "ResumptionExpected" => "Yes",
+           "ExpectedSessionTicketAppData" => "",
+       }
+    }
+);
+
+our @tests = ();
+push @tests, @tests12 unless disabled("tls1_2");
+push @tests, @tests13 unless disabled("tls1_3");
diff --git a/test/ssl-tests/27-ticket-appdata.conf b/test/ssl-tests/27-ticket-appdata.conf

deleted file mode 100644 (file)

index 863ca7a..0000000
--- a/test/ssl-tests/27-ticket-appdata.conf
+++ /dev/null
@@ -1,146 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 4
-
-test-0 = 0-session-ticket-app-data12
-test-1 = 1-session-ticket-app-data12
-test-2 = 2-session-ticket-app-data13
-test-3 = 3-session-ticket-app-data13
-# ===========================================================
-
-[0-session-ticket-app-data12]
-ssl_conf = 0-session-ticket-app-data12-ssl
-
-[0-session-ticket-app-data12-ssl]
-server = 0-session-ticket-app-data12-server
-client = 0-session-ticket-app-data12-client
-resume-server = 0-session-ticket-app-data12-server
-resume-client = 0-session-ticket-app-data12-client
-
-[0-session-ticket-app-data12-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-session-ticket-app-data12-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-ExpectedSessionTicketAppData = HelloWorld
-HandshakeMode = Resume
-ResumptionExpected = Yes
-SessionTicketExpected = Yes
-server = 0-session-ticket-app-data12-server-extra
-resume-server = 0-session-ticket-app-data12-server-extra
-
-[0-session-ticket-app-data12-server-extra]
-SessionTicketAppData = HelloWorld
-
-
-# ===========================================================
-
-[1-session-ticket-app-data12]
-ssl_conf = 1-session-ticket-app-data12-ssl
-
-[1-session-ticket-app-data12-ssl]
-server = 1-session-ticket-app-data12-server
-client = 1-session-ticket-app-data12-client
-resume-server = 1-session-ticket-app-data12-server
-resume-client = 1-session-ticket-app-data12-client
-
-[1-session-ticket-app-data12-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-session-ticket-app-data12-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.2
-Options = SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = Success
-ExpectedSessionTicketAppData = 
-HandshakeMode = Resume
-ResumptionExpected = Yes
-SessionTicketExpected = Yes
-
-
-# ===========================================================
-
-[2-session-ticket-app-data13]
-ssl_conf = 2-session-ticket-app-data13-ssl
-
-[2-session-ticket-app-data13-ssl]
-server = 2-session-ticket-app-data13-server
-client = 2-session-ticket-app-data13-client
-resume-server = 2-session-ticket-app-data13-server
-resume-client = 2-session-ticket-app-data13-client
-
-[2-session-ticket-app-data13-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-session-ticket-app-data13-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-Options = SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedResult = Success
-ExpectedSessionTicketAppData = HelloWorld
-HandshakeMode = Resume
-ResumptionExpected = Yes
-SessionTicketExpected = Yes
-server = 2-session-ticket-app-data13-server-extra
-resume-server = 2-session-ticket-app-data13-server-extra
-
-[2-session-ticket-app-data13-server-extra]
-SessionTicketAppData = HelloWorld
-
-
-# ===========================================================
-
-[3-session-ticket-app-data13]
-ssl_conf = 3-session-ticket-app-data13-ssl
-
-[3-session-ticket-app-data13-ssl]
-server = 3-session-ticket-app-data13-server
-client = 3-session-ticket-app-data13-client
-resume-server = 3-session-ticket-app-data13-server
-resume-client = 3-session-ticket-app-data13-client
-
-[3-session-ticket-app-data13-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = SessionTicket
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-session-ticket-app-data13-client]
-CipherString = DEFAULT
-MaxProtocol = TLSv1.3
-Options = SessionTicket
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedResult = Success
-ExpectedSessionTicketAppData = 
-HandshakeMode = Resume
-ResumptionExpected = Yes
-SessionTicketExpected = Yes
-
-
diff --git a/test/ssl-tests/27-ticket-appdata.conf.in b/test/ssl-tests/27-ticket-appdata.conf.in

deleted file mode 100644 (file)

index c515859..0000000
--- a/test/ssl-tests/27-ticket-appdata.conf.in
+++ /dev/null
@@ -1,99 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test session ticket app data
-
-use strict;
-use warnings;
-
-package ssltests;
-use OpenSSL::Test::Utils;
-
-our @tests12 = (
-    {
-       "name" => "session-ticket-app-data12",
-       "client" => {
-           "MaxProtocol" => "TLSv1.2",
-           "Options" => "SessionTicket",
-       },
-       "server" => {
-           "Options" => "SessionTicket",
-           "extra" => {
-               "SessionTicketAppData" => "HelloWorld",
-           },
-       },
-       "test" => {
-           "HandshakeMode" => "Resume",
-           "ExpectedResult" => "Success",
-           "SessionTicketExpected" => "Yes",
-           "ResumptionExpected" => "Yes",
-           "ExpectedSessionTicketAppData" => "HelloWorld",
-       }
-    },
-    {
-       "name" => "session-ticket-app-data12",
-       "client" => {
-           "MaxProtocol" => "TLSv1.2",
-           "Options" => "SessionTicket",
-       },
-       "server" => {
-           "Options" => "SessionTicket",
-       },
-       "test" => {
-           "HandshakeMode" => "Resume",
-           "ExpectedResult" => "Success",
-           "SessionTicketExpected" => "Yes",
-           "ResumptionExpected" => "Yes",
-           "ExpectedSessionTicketAppData" => "",
-       }
-    }
-);
-our @tests13 = (
-    {
-       "name" => "session-ticket-app-data13",
-       "client" => {
-           "MaxProtocol" => "TLSv1.3",
-           "Options" => "SessionTicket",
-       },
-       "server" => {
-           "Options" => "SessionTicket",
-           "extra" => {
-               "SessionTicketAppData" => "HelloWorld",
-           },
-       },
-       "test" => {
-           "HandshakeMode" => "Resume",
-           "ExpectedResult" => "Success",
-           "SessionTicketExpected" => "Yes",
-           "ResumptionExpected" => "Yes",
-           "ExpectedSessionTicketAppData" => "HelloWorld",
-       }
-    },
-    {
-       "name" => "session-ticket-app-data13",
-       "client" => {
-           "MaxProtocol" => "TLSv1.3",
-           "Options" => "SessionTicket",
-       },
-       "server" => {
-           "Options" => "SessionTicket",
-       },
-       "test" => {
-           "HandshakeMode" => "Resume",
-           "ExpectedResult" => "Success",
-           "SessionTicketExpected" => "Yes",
-           "ResumptionExpected" => "Yes",
-           "ExpectedSessionTicketAppData" => "",
-       }
-    }
-);
-
-our @tests = ();
-push @tests, @tests12 unless disabled("tls1_2");
-push @tests, @tests13 unless disabled("tls1_3");
diff --git a/test/ssl-tests/28-seclevel.cnf b/test/ssl-tests/28-seclevel.cnf

new file mode 100644 (file)

index 0000000..99fa810
--- /dev/null
+++ b/test/ssl-tests/28-seclevel.cnf
@@ -0,0 +1,150 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 6
+
+test-0 = 0-SECLEVEL 3 with default key
+test-1 = 1-SECLEVEL 4 with ED448 key
+test-2 = 2-SECLEVEL 5 server with ED448 key
+test-3 = 3-SECLEVEL 5 client with ED448 key
+test-4 = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE
+test-5 = 5-SECLEVEL 3 with ED448 key, TLSv1.2
+# ===========================================================
+
+[0-SECLEVEL 3 with default key]
+ssl_conf = 0-SECLEVEL 3 with default key-ssl
+
+[0-SECLEVEL 3 with default key-ssl]
+server = 0-SECLEVEL 3 with default key-server
+client = 0-SECLEVEL 3 with default key-client
+
+[0-SECLEVEL 3 with default key-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT:@SECLEVEL=3
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-SECLEVEL 3 with default key-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[1-SECLEVEL 4 with ED448 key]
+ssl_conf = 1-SECLEVEL 4 with ED448 key-ssl
+
+[1-SECLEVEL 4 with ED448 key-ssl]
+server = 1-SECLEVEL 4 with ED448 key-server
+client = 1-SECLEVEL 4 with ED448 key-client
+
+[1-SECLEVEL 4 with ED448 key-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+CipherString = DEFAULT:@SECLEVEL=4
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+
+[1-SECLEVEL 4 with ED448 key-client]
+CipherString = DEFAULT:@SECLEVEL=4
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[2-SECLEVEL 5 server with ED448 key]
+ssl_conf = 2-SECLEVEL 5 server with ED448 key-ssl
+
+[2-SECLEVEL 5 server with ED448 key-ssl]
+server = 2-SECLEVEL 5 server with ED448 key-server
+client = 2-SECLEVEL 5 server with ED448 key-client
+
+[2-SECLEVEL 5 server with ED448 key-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+CipherString = DEFAULT:@SECLEVEL=5
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+
+[2-SECLEVEL 5 server with ED448 key-client]
+CipherString = DEFAULT:@SECLEVEL=4
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[3-SECLEVEL 5 client with ED448 key]
+ssl_conf = 3-SECLEVEL 5 client with ED448 key-ssl
+
+[3-SECLEVEL 5 client with ED448 key-ssl]
+server = 3-SECLEVEL 5 client with ED448 key-server
+client = 3-SECLEVEL 5 client with ED448 key-client
+
+[3-SECLEVEL 5 client with ED448 key-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+CipherString = DEFAULT:@SECLEVEL=4
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+
+[3-SECLEVEL 5 client with ED448 key-client]
+CipherString = DEFAULT:@SECLEVEL=5
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[4-SECLEVEL 3 with P-384 key, X25519 ECDHE]
+ssl_conf = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl
+
+[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl]
+server = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-server
+client = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-client
+
+[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
+CipherString = DEFAULT:@SECLEVEL=3
+Groups = X25519
+PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
+
+[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-client]
+CipherString = ECDHE:@SECLEVEL=3
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[5-SECLEVEL 3 with ED448 key, TLSv1.2]
+ssl_conf = 5-SECLEVEL 3 with ED448 key, TLSv1.2-ssl
+
+[5-SECLEVEL 3 with ED448 key, TLSv1.2-ssl]
+server = 5-SECLEVEL 3 with ED448 key, TLSv1.2-server
+client = 5-SECLEVEL 3 with ED448 key, TLSv1.2-client
+
+[5-SECLEVEL 3 with ED448 key, TLSv1.2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
+CipherString = DEFAULT:@SECLEVEL=3
+MaxProtocol = TLSv1.2
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
+
+[5-SECLEVEL 3 with ED448 key, TLSv1.2-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+
+
diff --git a/test/ssl-tests/28-seclevel.cnf.in b/test/ssl-tests/28-seclevel.cnf.in

new file mode 100644 (file)

index 0000000..aba5007
--- /dev/null
+++ b/test/ssl-tests/28-seclevel.cnf.in
@@ -0,0 +1,83 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## SSL test configurations
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+our @tests = (
+    {
+        name => "SECLEVEL 3 with default key",
+        server => { "CipherString" => "DEFAULT:\@SECLEVEL=3" },
+        client => { },
+        test   => { "ExpectedResult" => "ServerFail" },
+    },
+);
+
+our @tests_ec = (
+    {
+        name => "SECLEVEL 4 with ED448 key",
+        server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
+                    "Certificate" => test_pem("server-ed448-cert.pem"),
+                    "PrivateKey" => test_pem("server-ed448-key.pem") },
+        client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
+                    "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
+        test   => { "ExpectedResult" => "Success" },
+    },
+    {
+        # The Ed488 signature algorithm will not be enabled.
+        # Because of the config order, the certificate is first loaded, and
+        # then the security level is chaged. If you try this with s_server
+        # the order will be reversed and it will instead fail to load the key.
+        name => "SECLEVEL 5 server with ED448 key",
+        server => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
+                    "Certificate" => test_pem("server-ed448-cert.pem"),
+                    "PrivateKey" => test_pem("server-ed448-key.pem") },
+        client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
+                    "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
+        test   => { "ExpectedResult" => "ServerFail" },
+    },
+    {
+        # The client will not sent the Ed488 signature algorithm, so the server
+        # doesn't have a useable signature algorithm for the certificate.
+        name => "SECLEVEL 5 client with ED448 key",
+        server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
+                    "Certificate" => test_pem("server-ed448-cert.pem"),
+                    "PrivateKey" => test_pem("server-ed448-key.pem") },
+        client => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
+                    "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
+        test   => { "ExpectedResult" => "ServerFail" },
+    },
+    {
+        name => "SECLEVEL 3 with P-384 key, X25519 ECDHE",
+        server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
+                    "Certificate" => test_pem("p384-server-cert.pem"),
+                    "PrivateKey" => test_pem("p384-server-key.pem"),
+                    "Groups" => "X25519" },
+        client => { "CipherString" => "ECDHE:\@SECLEVEL=3",
+                    "VerifyCAFile" => test_pem("p384-root.pem") },
+        test   => { "ExpectedResult" => "Success" },
+    },
+);
+
+our @tests_tls1_2 = (
+    {
+        name => "SECLEVEL 3 with ED448 key, TLSv1.2",
+        server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
+                    "Certificate" => test_pem("server-ed448-cert.pem"),
+                    "PrivateKey" => test_pem("server-ed448-key.pem"),
+                    "MaxProtocol" => "TLSv1.2" },
+        client => { "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
+        test   => { "ExpectedResult" => "Success" },
+    },
+);
+
+push @tests, @tests_ec unless disabled("ec");
+push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec");
diff --git a/test/ssl-tests/28-seclevel.conf b/test/ssl-tests/28-seclevel.conf

deleted file mode 100644 (file)

index 99fa810..0000000
--- a/test/ssl-tests/28-seclevel.conf
+++ /dev/null
@@ -1,150 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 6
-
-test-0 = 0-SECLEVEL 3 with default key
-test-1 = 1-SECLEVEL 4 with ED448 key
-test-2 = 2-SECLEVEL 5 server with ED448 key
-test-3 = 3-SECLEVEL 5 client with ED448 key
-test-4 = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE
-test-5 = 5-SECLEVEL 3 with ED448 key, TLSv1.2
-# ===========================================================
-
-[0-SECLEVEL 3 with default key]
-ssl_conf = 0-SECLEVEL 3 with default key-ssl
-
-[0-SECLEVEL 3 with default key-ssl]
-server = 0-SECLEVEL 3 with default key-server
-client = 0-SECLEVEL 3 with default key-client
-
-[0-SECLEVEL 3 with default key-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT:@SECLEVEL=3
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-SECLEVEL 3 with default key-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[1-SECLEVEL 4 with ED448 key]
-ssl_conf = 1-SECLEVEL 4 with ED448 key-ssl
-
-[1-SECLEVEL 4 with ED448 key-ssl]
-server = 1-SECLEVEL 4 with ED448 key-server
-client = 1-SECLEVEL 4 with ED448 key-client
-
-[1-SECLEVEL 4 with ED448 key-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-CipherString = DEFAULT:@SECLEVEL=4
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-
-[1-SECLEVEL 4 with ED448 key-client]
-CipherString = DEFAULT:@SECLEVEL=4
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[2-SECLEVEL 5 server with ED448 key]
-ssl_conf = 2-SECLEVEL 5 server with ED448 key-ssl
-
-[2-SECLEVEL 5 server with ED448 key-ssl]
-server = 2-SECLEVEL 5 server with ED448 key-server
-client = 2-SECLEVEL 5 server with ED448 key-client
-
-[2-SECLEVEL 5 server with ED448 key-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-CipherString = DEFAULT:@SECLEVEL=5
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-
-[2-SECLEVEL 5 server with ED448 key-client]
-CipherString = DEFAULT:@SECLEVEL=4
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[3-SECLEVEL 5 client with ED448 key]
-ssl_conf = 3-SECLEVEL 5 client with ED448 key-ssl
-
-[3-SECLEVEL 5 client with ED448 key-ssl]
-server = 3-SECLEVEL 5 client with ED448 key-server
-client = 3-SECLEVEL 5 client with ED448 key-client
-
-[3-SECLEVEL 5 client with ED448 key-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-CipherString = DEFAULT:@SECLEVEL=4
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-
-[3-SECLEVEL 5 client with ED448 key-client]
-CipherString = DEFAULT:@SECLEVEL=5
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedResult = ServerFail
-
-
-# ===========================================================
-
-[4-SECLEVEL 3 with P-384 key, X25519 ECDHE]
-ssl_conf = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl
-
-[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl]
-server = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-server
-client = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-client
-
-[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
-CipherString = DEFAULT:@SECLEVEL=3
-Groups = X25519
-PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
-
-[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-client]
-CipherString = ECDHE:@SECLEVEL=3
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[5-SECLEVEL 3 with ED448 key, TLSv1.2]
-ssl_conf = 5-SECLEVEL 3 with ED448 key, TLSv1.2-ssl
-
-[5-SECLEVEL 3 with ED448 key, TLSv1.2-ssl]
-server = 5-SECLEVEL 3 with ED448 key, TLSv1.2-server
-client = 5-SECLEVEL 3 with ED448 key, TLSv1.2-client
-
-[5-SECLEVEL 3 with ED448 key, TLSv1.2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
-CipherString = DEFAULT:@SECLEVEL=3
-MaxProtocol = TLSv1.2
-PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
-
-[5-SECLEVEL 3 with ED448 key, TLSv1.2-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedResult = Success
-
-
diff --git a/test/ssl-tests/28-seclevel.conf.in b/test/ssl-tests/28-seclevel.conf.in

deleted file mode 100644 (file)

index aba5007..0000000
--- a/test/ssl-tests/28-seclevel.conf.in
+++ /dev/null
@@ -1,83 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## SSL test configurations
-
-package ssltests;
-use OpenSSL::Test::Utils;
-
-our @tests = (
-    {
-        name => "SECLEVEL 3 with default key",
-        server => { "CipherString" => "DEFAULT:\@SECLEVEL=3" },
-        client => { },
-        test   => { "ExpectedResult" => "ServerFail" },
-    },
-);
-
-our @tests_ec = (
-    {
-        name => "SECLEVEL 4 with ED448 key",
-        server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
-                    "Certificate" => test_pem("server-ed448-cert.pem"),
-                    "PrivateKey" => test_pem("server-ed448-key.pem") },
-        client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
-                    "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
-        test   => { "ExpectedResult" => "Success" },
-    },
-    {
-        # The Ed488 signature algorithm will not be enabled.
-        # Because of the config order, the certificate is first loaded, and
-        # then the security level is chaged. If you try this with s_server
-        # the order will be reversed and it will instead fail to load the key.
-        name => "SECLEVEL 5 server with ED448 key",
-        server => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
-                    "Certificate" => test_pem("server-ed448-cert.pem"),
-                    "PrivateKey" => test_pem("server-ed448-key.pem") },
-        client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
-                    "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
-        test   => { "ExpectedResult" => "ServerFail" },
-    },
-    {
-        # The client will not sent the Ed488 signature algorithm, so the server
-        # doesn't have a useable signature algorithm for the certificate.
-        name => "SECLEVEL 5 client with ED448 key",
-        server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
-                    "Certificate" => test_pem("server-ed448-cert.pem"),
-                    "PrivateKey" => test_pem("server-ed448-key.pem") },
-        client => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
-                    "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
-        test   => { "ExpectedResult" => "ServerFail" },
-    },
-    {
-        name => "SECLEVEL 3 with P-384 key, X25519 ECDHE",
-        server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
-                    "Certificate" => test_pem("p384-server-cert.pem"),
-                    "PrivateKey" => test_pem("p384-server-key.pem"),
-                    "Groups" => "X25519" },
-        client => { "CipherString" => "ECDHE:\@SECLEVEL=3",
-                    "VerifyCAFile" => test_pem("p384-root.pem") },
-        test   => { "ExpectedResult" => "Success" },
-    },
-);
-
-our @tests_tls1_2 = (
-    {
-        name => "SECLEVEL 3 with ED448 key, TLSv1.2",
-        server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
-                    "Certificate" => test_pem("server-ed448-cert.pem"),
-                    "PrivateKey" => test_pem("server-ed448-key.pem"),
-                    "MaxProtocol" => "TLSv1.2" },
-        client => { "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
-        test   => { "ExpectedResult" => "Success" },
-    },
-);
-
-push @tests, @tests_ec unless disabled("ec");
-push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec");
diff --git a/test/ssl-tests/29-dtls-sctp-label-bug.cnf b/test/ssl-tests/29-dtls-sctp-label-bug.cnf

new file mode 100644 (file)

index 0000000..24f9e04
--- /dev/null
+++ b/test/ssl-tests/29-dtls-sctp-label-bug.cnf
@@ -0,0 +1,116 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 4
+
+test-0 = 0-SCTPLabelBug-good1
+test-1 = 1-SCTPLabelBug-good2
+test-2 = 2-SCTPLabelBug-bad1
+test-3 = 3-SCTPLabelBug-bad2
+# ===========================================================
+
+[0-SCTPLabelBug-good1]
+ssl_conf = 0-SCTPLabelBug-good1-ssl
+
+[0-SCTPLabelBug-good1-ssl]
+server = 0-SCTPLabelBug-good1-server
+client = 0-SCTPLabelBug-good1-client
+
+[0-SCTPLabelBug-good1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-SCTPLabelBug-good1-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+EnableClientSCTPLabelBug = No
+EnableServerSCTPLabelBug = No
+ExpectedResult = Success
+Method = DTLS
+UseSCTP = Yes
+
+
+# ===========================================================
+
+[1-SCTPLabelBug-good2]
+ssl_conf = 1-SCTPLabelBug-good2-ssl
+
+[1-SCTPLabelBug-good2-ssl]
+server = 1-SCTPLabelBug-good2-server
+client = 1-SCTPLabelBug-good2-client
+
+[1-SCTPLabelBug-good2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-SCTPLabelBug-good2-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+EnableClientSCTPLabelBug = Yes
+EnableServerSCTPLabelBug = Yes
+ExpectedResult = Success
+Method = DTLS
+UseSCTP = Yes
+
+
+# ===========================================================
+
+[2-SCTPLabelBug-bad1]
+ssl_conf = 2-SCTPLabelBug-bad1-ssl
+
+[2-SCTPLabelBug-bad1-ssl]
+server = 2-SCTPLabelBug-bad1-server
+client = 2-SCTPLabelBug-bad1-client
+
+[2-SCTPLabelBug-bad1-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-SCTPLabelBug-bad1-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+EnableClientSCTPLabelBug = Yes
+EnableServerSCTPLabelBug = No
+ExpectedResult = ClientFail
+Method = DTLS
+UseSCTP = Yes
+
+
+# ===========================================================
+
+[3-SCTPLabelBug-bad2]
+ssl_conf = 3-SCTPLabelBug-bad2-ssl
+
+[3-SCTPLabelBug-bad2-ssl]
+server = 3-SCTPLabelBug-bad2-server
+client = 3-SCTPLabelBug-bad2-client
+
+[3-SCTPLabelBug-bad2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-SCTPLabelBug-bad2-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+EnableClientSCTPLabelBug = No
+EnableServerSCTPLabelBug = Yes
+ExpectedResult = ClientFail
+Method = DTLS
+UseSCTP = Yes
+
+
diff --git a/test/ssl-tests/29-dtls-sctp-label-bug.cnf.in b/test/ssl-tests/29-dtls-sctp-label-bug.cnf.in

new file mode 100644 (file)

index 0000000..ab04d05
--- /dev/null
+++ b/test/ssl-tests/29-dtls-sctp-label-bug.cnf.in
@@ -0,0 +1,67 @@
+# -*- mode: perl; -*-
+# Copyright 2019-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Test SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG handling
+
+use strict;
+use warnings;
+
+package ssltests;
+use OpenSSL::Test::Utils;
+
+our @tests = (
+    {
+        name => "SCTPLabelBug-good1",
+        server => {},
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "UseSCTP" => "Yes",
+            "EnableClientSCTPLabelBug" => "No",
+            "EnableServerSCTPLabelBug" => "No",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "SCTPLabelBug-good2",
+        server => {},
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "UseSCTP" => "Yes",
+            "EnableClientSCTPLabelBug" => "Yes",
+            "EnableServerSCTPLabelBug" => "Yes",
+            "ExpectedResult" => "Success"
+        }
+    },
+    {
+        name => "SCTPLabelBug-bad1",
+        server => {},
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "UseSCTP" => "Yes",
+            "EnableClientSCTPLabelBug" => "Yes",
+            "EnableServerSCTPLabelBug" => "No",
+            "ExpectedResult" => "ClientFail"
+        }
+    },
+    {
+        name => "SCTPLabelBug-bad2",
+        server => {},
+        client => {},
+        test => {
+            "Method" => "DTLS",
+            "UseSCTP" => "Yes",
+            "EnableClientSCTPLabelBug" => "No",
+            "EnableServerSCTPLabelBug" => "Yes",
+            "ExpectedResult" => "ClientFail"
+        }
+    },
+);
diff --git a/test/ssl-tests/29-dtls-sctp-label-bug.conf b/test/ssl-tests/29-dtls-sctp-label-bug.conf

deleted file mode 100644 (file)

index 24f9e04..0000000
--- a/test/ssl-tests/29-dtls-sctp-label-bug.conf
+++ /dev/null
@@ -1,116 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 4
-
-test-0 = 0-SCTPLabelBug-good1
-test-1 = 1-SCTPLabelBug-good2
-test-2 = 2-SCTPLabelBug-bad1
-test-3 = 3-SCTPLabelBug-bad2
-# ===========================================================
-
-[0-SCTPLabelBug-good1]
-ssl_conf = 0-SCTPLabelBug-good1-ssl
-
-[0-SCTPLabelBug-good1-ssl]
-server = 0-SCTPLabelBug-good1-server
-client = 0-SCTPLabelBug-good1-client
-
-[0-SCTPLabelBug-good1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-SCTPLabelBug-good1-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-EnableClientSCTPLabelBug = No
-EnableServerSCTPLabelBug = No
-ExpectedResult = Success
-Method = DTLS
-UseSCTP = Yes
-
-
-# ===========================================================
-
-[1-SCTPLabelBug-good2]
-ssl_conf = 1-SCTPLabelBug-good2-ssl
-
-[1-SCTPLabelBug-good2-ssl]
-server = 1-SCTPLabelBug-good2-server
-client = 1-SCTPLabelBug-good2-client
-
-[1-SCTPLabelBug-good2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-SCTPLabelBug-good2-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-EnableClientSCTPLabelBug = Yes
-EnableServerSCTPLabelBug = Yes
-ExpectedResult = Success
-Method = DTLS
-UseSCTP = Yes
-
-
-# ===========================================================
-
-[2-SCTPLabelBug-bad1]
-ssl_conf = 2-SCTPLabelBug-bad1-ssl
-
-[2-SCTPLabelBug-bad1-ssl]
-server = 2-SCTPLabelBug-bad1-server
-client = 2-SCTPLabelBug-bad1-client
-
-[2-SCTPLabelBug-bad1-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-SCTPLabelBug-bad1-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-EnableClientSCTPLabelBug = Yes
-EnableServerSCTPLabelBug = No
-ExpectedResult = ClientFail
-Method = DTLS
-UseSCTP = Yes
-
-
-# ===========================================================
-
-[3-SCTPLabelBug-bad2]
-ssl_conf = 3-SCTPLabelBug-bad2-ssl
-
-[3-SCTPLabelBug-bad2-ssl]
-server = 3-SCTPLabelBug-bad2-server
-client = 3-SCTPLabelBug-bad2-client
-
-[3-SCTPLabelBug-bad2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-SCTPLabelBug-bad2-client]
-CipherString = DEFAULT
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-EnableClientSCTPLabelBug = No
-EnableServerSCTPLabelBug = Yes
-ExpectedResult = ClientFail
-Method = DTLS
-UseSCTP = Yes
-
-
diff --git a/test/ssl-tests/29-dtls-sctp-label-bug.conf.in b/test/ssl-tests/29-dtls-sctp-label-bug.conf.in

deleted file mode 100644 (file)

index ab04d05..0000000
--- a/test/ssl-tests/29-dtls-sctp-label-bug.conf.in
+++ /dev/null
@@ -1,67 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2019-2019 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## Test SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG handling
-
-use strict;
-use warnings;
-
-package ssltests;
-use OpenSSL::Test::Utils;
-
-our @tests = (
-    {
-        name => "SCTPLabelBug-good1",
-        server => {},
-        client => {},
-        test => {
-            "Method" => "DTLS",
-            "UseSCTP" => "Yes",
-            "EnableClientSCTPLabelBug" => "No",
-            "EnableServerSCTPLabelBug" => "No",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "SCTPLabelBug-good2",
-        server => {},
-        client => {},
-        test => {
-            "Method" => "DTLS",
-            "UseSCTP" => "Yes",
-            "EnableClientSCTPLabelBug" => "Yes",
-            "EnableServerSCTPLabelBug" => "Yes",
-            "ExpectedResult" => "Success"
-        }
-    },
-    {
-        name => "SCTPLabelBug-bad1",
-        server => {},
-        client => {},
-        test => {
-            "Method" => "DTLS",
-            "UseSCTP" => "Yes",
-            "EnableClientSCTPLabelBug" => "Yes",
-            "EnableServerSCTPLabelBug" => "No",
-            "ExpectedResult" => "ClientFail"
-        }
-    },
-    {
-        name => "SCTPLabelBug-bad2",
-        server => {},
-        client => {},
-        test => {
-            "Method" => "DTLS",
-            "UseSCTP" => "Yes",
-            "EnableClientSCTPLabelBug" => "No",
-            "EnableServerSCTPLabelBug" => "Yes",
-            "ExpectedResult" => "ClientFail"
-        }
-    },
-);
diff --git a/test/ssl-tests/30-extended-master-secret.cnf b/test/ssl-tests/30-extended-master-secret.cnf

new file mode 100644 (file)

index 0000000..9dae431
--- /dev/null
+++ b/test/ssl-tests/30-extended-master-secret.cnf
@@ -0,0 +1,203 @@
+# Generated with generate_ssl_tests.pl
+
+num_tests = 7
+
+test-0 = 0-disable-extended-master-secret-server-sha
+test-1 = 1-disable-extended-master-secret-client-sha
+test-2 = 2-disable-extended-master-secret-both-sha
+test-3 = 3-disable-extended-master-secret-both-resume
+test-4 = 4-disable-extended-master-secret-server-sha2
+test-5 = 5-disable-extended-master-secret-client-sha2
+test-6 = 6-disable-extended-master-secret-both-sha2
+# ===========================================================
+
+[0-disable-extended-master-secret-server-sha]
+ssl_conf = 0-disable-extended-master-secret-server-sha-ssl
+
+[0-disable-extended-master-secret-server-sha-ssl]
+server = 0-disable-extended-master-secret-server-sha-server
+client = 0-disable-extended-master-secret-server-sha-client
+
+[0-disable-extended-master-secret-server-sha-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -ExtendedMasterSecret
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-disable-extended-master-secret-server-sha-client]
+CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[1-disable-extended-master-secret-client-sha]
+ssl_conf = 1-disable-extended-master-secret-client-sha-ssl
+
+[1-disable-extended-master-secret-client-sha-ssl]
+server = 1-disable-extended-master-secret-client-sha-server
+client = 1-disable-extended-master-secret-client-sha-client
+
+[1-disable-extended-master-secret-client-sha-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[1-disable-extended-master-secret-client-sha-client]
+CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
+Options = -ExtendedMasterSecret
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-1]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[2-disable-extended-master-secret-both-sha]
+ssl_conf = 2-disable-extended-master-secret-both-sha-ssl
+
+[2-disable-extended-master-secret-both-sha-ssl]
+server = 2-disable-extended-master-secret-both-sha-server
+client = 2-disable-extended-master-secret-both-sha-client
+
+[2-disable-extended-master-secret-both-sha-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -ExtendedMasterSecret
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[2-disable-extended-master-secret-both-sha-client]
+CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
+Options = -ExtendedMasterSecret
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-2]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[3-disable-extended-master-secret-both-resume]
+ssl_conf = 3-disable-extended-master-secret-both-resume-ssl
+
+[3-disable-extended-master-secret-both-resume-ssl]
+server = 3-disable-extended-master-secret-both-resume-server
+client = 3-disable-extended-master-secret-both-resume-client
+resume-server = 3-disable-extended-master-secret-both-resume-resume-server
+resume-client = 3-disable-extended-master-secret-both-resume-resume-client
+
+[3-disable-extended-master-secret-both-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -ExtendedMasterSecret
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-disable-extended-master-secret-both-resume-resume-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[3-disable-extended-master-secret-both-resume-client]
+CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
+Options = -ExtendedMasterSecret
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[3-disable-extended-master-secret-both-resume-resume-client]
+CipherString = AES128-SHA
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-3]
+ExpectedResult = Success
+HandshakeMode = Resume
+
+
+# ===========================================================
+
+[4-disable-extended-master-secret-server-sha2]
+ssl_conf = 4-disable-extended-master-secret-server-sha2-ssl
+
+[4-disable-extended-master-secret-server-sha2-ssl]
+server = 4-disable-extended-master-secret-server-sha2-server
+client = 4-disable-extended-master-secret-server-sha2-client
+
+[4-disable-extended-master-secret-server-sha2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -ExtendedMasterSecret
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[4-disable-extended-master-secret-server-sha2-client]
+CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-4]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[5-disable-extended-master-secret-client-sha2]
+ssl_conf = 5-disable-extended-master-secret-client-sha2-ssl
+
+[5-disable-extended-master-secret-client-sha2-ssl]
+server = 5-disable-extended-master-secret-client-sha2-server
+client = 5-disable-extended-master-secret-client-sha2-client
+
+[5-disable-extended-master-secret-client-sha2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[5-disable-extended-master-secret-client-sha2-client]
+CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
+Options = -ExtendedMasterSecret
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-5]
+ExpectedResult = Success
+
+
+# ===========================================================
+
+[6-disable-extended-master-secret-both-sha2]
+ssl_conf = 6-disable-extended-master-secret-both-sha2-ssl
+
+[6-disable-extended-master-secret-both-sha2-ssl]
+server = 6-disable-extended-master-secret-both-sha2-server
+client = 6-disable-extended-master-secret-both-sha2-client
+
+[6-disable-extended-master-secret-both-sha2-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+Options = -ExtendedMasterSecret
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[6-disable-extended-master-secret-both-sha2-client]
+CipherString = AES128-SHA256
+MaxProtocol = TLSv1.2
+Options = -ExtendedMasterSecret
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-6]
+ExpectedResult = Success
+
+
diff --git a/test/ssl-tests/30-extended-master-secret.cnf.in b/test/ssl-tests/30-extended-master-secret.cnf.in

new file mode 100644 (file)

index 0000000..2386c98
--- /dev/null
+++ b/test/ssl-tests/30-extended-master-secret.cnf.in
@@ -0,0 +1,122 @@
+# -*- mode: perl; -*-
+# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## SSL test configurations
+
+package ssltests;
+
+use OpenSSL::Test::Utils;
+
+our @tests = ();
+
+my @tests_tls1_2 = (
+    {
+        name => "disable-extended-master-secret-server-sha",
+        server => {
+          "Options" => "-ExtendedMasterSecret",
+        },
+        client => {
+          "CipherString" => "AES128-SHA",
+          "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "disable-extended-master-secret-client-sha",
+        server => {
+        },
+        client => {
+          "CipherString" => "AES128-SHA",
+          "Options" => "-ExtendedMasterSecret",
+          "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "disable-extended-master-secret-both-sha",
+        server => {
+          "Options" => "-ExtendedMasterSecret",
+        },
+        client => {
+          "CipherString" => "AES128-SHA",
+          "Options" => "-ExtendedMasterSecret",
+          "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "disable-extended-master-secret-both-resume",
+        server => {
+          "Options" => "-ExtendedMasterSecret",
+        },
+        resume_server => {
+        },
+        client => {
+          "CipherString" => "AES128-SHA",
+          "Options" => "-ExtendedMasterSecret",
+          "MaxProtocol" => "TLSv1.2"
+        },
+        resume_client => {
+          "CipherString" => "AES128-SHA",
+          "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+         "HandshakeMode" => "Resume",
+          "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "disable-extended-master-secret-server-sha2",
+        server => {
+          "Options" => "-ExtendedMasterSecret",
+        },
+        client => {
+          "CipherString" => "AES128-SHA256",
+          "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "disable-extended-master-secret-client-sha2",
+        server => {
+        },
+        client => {
+          "CipherString" => "AES128-SHA256",
+          "Options" => "-ExtendedMasterSecret",
+          "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+    {
+        name => "disable-extended-master-secret-both-sha2",
+        server => {
+          "Options" => "-ExtendedMasterSecret",
+        },
+        client => {
+          "CipherString" => "AES128-SHA256",
+          "Options" => "-ExtendedMasterSecret",
+          "MaxProtocol" => "TLSv1.2"
+        },
+        test   => {
+          "ExpectedResult" => "Success",
+        },
+    },
+);
+
+push @tests, @tests_tls1_2 unless disabled("tls1_2");
diff --git a/test/ssl-tests/30-extended-master-secret.conf b/test/ssl-tests/30-extended-master-secret.conf

deleted file mode 100644 (file)

index 9dae431..0000000
--- a/test/ssl-tests/30-extended-master-secret.conf
+++ /dev/null
@@ -1,203 +0,0 @@
-# Generated with generate_ssl_tests.pl
-
-num_tests = 7
-
-test-0 = 0-disable-extended-master-secret-server-sha
-test-1 = 1-disable-extended-master-secret-client-sha
-test-2 = 2-disable-extended-master-secret-both-sha
-test-3 = 3-disable-extended-master-secret-both-resume
-test-4 = 4-disable-extended-master-secret-server-sha2
-test-5 = 5-disable-extended-master-secret-client-sha2
-test-6 = 6-disable-extended-master-secret-both-sha2
-# ===========================================================
-
-[0-disable-extended-master-secret-server-sha]
-ssl_conf = 0-disable-extended-master-secret-server-sha-ssl
-
-[0-disable-extended-master-secret-server-sha-ssl]
-server = 0-disable-extended-master-secret-server-sha-server
-client = 0-disable-extended-master-secret-server-sha-client
-
-[0-disable-extended-master-secret-server-sha-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -ExtendedMasterSecret
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[0-disable-extended-master-secret-server-sha-client]
-CipherString = AES128-SHA
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-0]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[1-disable-extended-master-secret-client-sha]
-ssl_conf = 1-disable-extended-master-secret-client-sha-ssl
-
-[1-disable-extended-master-secret-client-sha-ssl]
-server = 1-disable-extended-master-secret-client-sha-server
-client = 1-disable-extended-master-secret-client-sha-client
-
-[1-disable-extended-master-secret-client-sha-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[1-disable-extended-master-secret-client-sha-client]
-CipherString = AES128-SHA
-MaxProtocol = TLSv1.2
-Options = -ExtendedMasterSecret
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-1]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[2-disable-extended-master-secret-both-sha]
-ssl_conf = 2-disable-extended-master-secret-both-sha-ssl
-
-[2-disable-extended-master-secret-both-sha-ssl]
-server = 2-disable-extended-master-secret-both-sha-server
-client = 2-disable-extended-master-secret-both-sha-client
-
-[2-disable-extended-master-secret-both-sha-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -ExtendedMasterSecret
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[2-disable-extended-master-secret-both-sha-client]
-CipherString = AES128-SHA
-MaxProtocol = TLSv1.2
-Options = -ExtendedMasterSecret
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-2]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[3-disable-extended-master-secret-both-resume]
-ssl_conf = 3-disable-extended-master-secret-both-resume-ssl
-
-[3-disable-extended-master-secret-both-resume-ssl]
-server = 3-disable-extended-master-secret-both-resume-server
-client = 3-disable-extended-master-secret-both-resume-client
-resume-server = 3-disable-extended-master-secret-both-resume-resume-server
-resume-client = 3-disable-extended-master-secret-both-resume-resume-client
-
-[3-disable-extended-master-secret-both-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -ExtendedMasterSecret
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-disable-extended-master-secret-both-resume-resume-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[3-disable-extended-master-secret-both-resume-client]
-CipherString = AES128-SHA
-MaxProtocol = TLSv1.2
-Options = -ExtendedMasterSecret
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[3-disable-extended-master-secret-both-resume-resume-client]
-CipherString = AES128-SHA
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-3]
-ExpectedResult = Success
-HandshakeMode = Resume
-
-
-# ===========================================================
-
-[4-disable-extended-master-secret-server-sha2]
-ssl_conf = 4-disable-extended-master-secret-server-sha2-ssl
-
-[4-disable-extended-master-secret-server-sha2-ssl]
-server = 4-disable-extended-master-secret-server-sha2-server
-client = 4-disable-extended-master-secret-server-sha2-client
-
-[4-disable-extended-master-secret-server-sha2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -ExtendedMasterSecret
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[4-disable-extended-master-secret-server-sha2-client]
-CipherString = AES128-SHA256
-MaxProtocol = TLSv1.2
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-4]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[5-disable-extended-master-secret-client-sha2]
-ssl_conf = 5-disable-extended-master-secret-client-sha2-ssl
-
-[5-disable-extended-master-secret-client-sha2-ssl]
-server = 5-disable-extended-master-secret-client-sha2-server
-client = 5-disable-extended-master-secret-client-sha2-client
-
-[5-disable-extended-master-secret-client-sha2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[5-disable-extended-master-secret-client-sha2-client]
-CipherString = AES128-SHA256
-MaxProtocol = TLSv1.2
-Options = -ExtendedMasterSecret
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-5]
-ExpectedResult = Success
-
-
-# ===========================================================
-
-[6-disable-extended-master-secret-both-sha2]
-ssl_conf = 6-disable-extended-master-secret-both-sha2-ssl
-
-[6-disable-extended-master-secret-both-sha2-ssl]
-server = 6-disable-extended-master-secret-both-sha2-server
-client = 6-disable-extended-master-secret-both-sha2-client
-
-[6-disable-extended-master-secret-both-sha2-server]
-Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
-CipherString = DEFAULT
-Options = -ExtendedMasterSecret
-PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
-
-[6-disable-extended-master-secret-both-sha2-client]
-CipherString = AES128-SHA256
-MaxProtocol = TLSv1.2
-Options = -ExtendedMasterSecret
-VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
-VerifyMode = Peer
-
-[test-6]
-ExpectedResult = Success
-
-
diff --git a/test/ssl-tests/30-extended-master-secret.conf.in b/test/ssl-tests/30-extended-master-secret.conf.in

deleted file mode 100644 (file)

index 2386c98..0000000
--- a/test/ssl-tests/30-extended-master-secret.conf.in
+++ /dev/null
@@ -1,122 +0,0 @@
-# -*- mode: perl; -*-
-# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the OpenSSL license (the "License").  You may not use
-# this file except in compliance with the License.  You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-## SSL test configurations
-
-package ssltests;
-
-use OpenSSL::Test::Utils;
-
-our @tests = ();
-
-my @tests_tls1_2 = (
-    {
-        name => "disable-extended-master-secret-server-sha",
-        server => {
-          "Options" => "-ExtendedMasterSecret",
-        },
-        client => {
-          "CipherString" => "AES128-SHA",
-          "MaxProtocol" => "TLSv1.2"
-        },
-        test   => {
-          "ExpectedResult" => "Success",
-        },
-    },
-    {
-        name => "disable-extended-master-secret-client-sha",
-        server => {
-        },
-        client => {
-          "CipherString" => "AES128-SHA",
-          "Options" => "-ExtendedMasterSecret",
-          "MaxProtocol" => "TLSv1.2"
-        },
-        test   => {
-          "ExpectedResult" => "Success",
-        },
-    },
-    {
-        name => "disable-extended-master-secret-both-sha",
-        server => {
-          "Options" => "-ExtendedMasterSecret",
-        },
-        client => {
-          "CipherString" => "AES128-SHA",
-          "Options" => "-ExtendedMasterSecret",
-          "MaxProtocol" => "TLSv1.2"
-        },
-        test   => {
-          "ExpectedResult" => "Success",
-        },
-    },
-    {
-        name => "disable-extended-master-secret-both-resume",
-        server => {
-          "Options" => "-ExtendedMasterSecret",
-        },
-        resume_server => {
-        },
-        client => {
-          "CipherString" => "AES128-SHA",
-          "Options" => "-ExtendedMasterSecret",
-          "MaxProtocol" => "TLSv1.2"
-        },
-        resume_client => {
-          "CipherString" => "AES128-SHA",
-          "MaxProtocol" => "TLSv1.2"
-        },
-        test   => {
-         "HandshakeMode" => "Resume",
-          "ExpectedResult" => "Success",
-        },
-    },
-    {
-        name => "disable-extended-master-secret-server-sha2",
-        server => {
-          "Options" => "-ExtendedMasterSecret",
-        },
-        client => {
-          "CipherString" => "AES128-SHA256",
-          "MaxProtocol" => "TLSv1.2"
-        },
-        test   => {
-          "ExpectedResult" => "Success",
-        },
-    },
-    {
-        name => "disable-extended-master-secret-client-sha2",
-        server => {
-        },
-        client => {
-          "CipherString" => "AES128-SHA256",
-          "Options" => "-ExtendedMasterSecret",
-          "MaxProtocol" => "TLSv1.2"
-        },
-        test   => {
-          "ExpectedResult" => "Success",
-        },
-    },
-    {
-        name => "disable-extended-master-secret-both-sha2",
-        server => {
-          "Options" => "-ExtendedMasterSecret",
-        },
-        client => {
-          "CipherString" => "AES128-SHA256",
-          "Options" => "-ExtendedMasterSecret",
-          "MaxProtocol" => "TLSv1.2"
-        },
-        test   => {
-          "ExpectedResult" => "Success",
-        },
-    },
-);
-
-push @tests, @tests_tls1_2 unless disabled("tls1_2");
diff --git a/test/ssl_test_ctx_test.c b/test/ssl_test_ctx_test.c

index fc7ec68f29d16d2308a192ca5e161a85904c4e30..877c8607e376c3b7e2fb833857509814cffeeaa9 100644 (file)
--- a/test/ssl_test_ctx_test.c
+++ b/test/ssl_test_ctx_test.c
@@ -251,7 +251,7 @@ int setup_tests(void)
  
      if (!TEST_ptr(conf = NCONF_new(NULL)))
          return 0;
-    /* argument should point to test/ssl_test_ctx_test.conf */
+    /* argument should point to test/ssl_test_ctx_test.cnf */
      if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0))
          return 0;
  
diff --git a/test/ssl_test_ctx_test.cnf b/test/ssl_test_ctx_test.cnf

new file mode 100644 (file)

index 0000000..91e1465
--- /dev/null
+++ b/test/ssl_test_ctx_test.cnf
@@ -0,0 +1,97 @@
+[ssltest_default]
+
+[ssltest_good]
+client = ssltest_good_client_extra
+server = ssltest_good_server_extra
+resume-server2 = ssltest_good_resume_server2_extra
+resume-client = ssltest_good_resume_client_extra
+
+Method = DTLS
+HandshakeMode = Resume
+ApplicationData = 1024
+MaxFragmentSize = 2048
+
+ExpectedResult = ServerFail
+ExpectedClientAlert = UnknownCA
+ExpectedProtocol = TLSv1.1
+ExpectedServerName = server2
+SessionTicketExpected = Yes
+ResumptionExpected = Yes
+
+[ssltest_good_client_extra]
+VerifyCallback = RejectAll
+ServerName = server2
+NPNProtocols = foo,bar
+
+[ssltest_good_resume_client_extra]
+CTValidation = Strict
+
+[ssltest_good_server_extra]
+ServerNameCallback = IgnoreMismatch
+BrokenSessionTicket = Yes
+
+[ssltest_good_resume_server2_extra]
+ALPNProtocols = baz
+
+[ssltest_unknown_option]
+UnknownOption = Foo
+
+[ssltest_wrong_section]
+server = ssltest_wrong_section_server
+
+[ssltest_wrong_section_server]
+VerifyCallback = RejectAll
+
+[ssltest_unknown_expected_result]
+ExpectedResult = Foo
+
+[ssltest_unknown_alert]
+ExpectedServerAlert = Foo
+
+[ssltest_unknown_protocol]
+Protocol = Foo
+
+[ssltest_unknown_verify_callback]
+client = ssltest_unknown_verify_callback_client
+
+[ssltest_unknown_verify_callback_client]
+VerifyCallback = Foo
+
+[ssltest_unknown_servername]
+client = ssltest_unknown_servername_client
+
+[ssltest_unknown_servername_client]
+ServerName = Foo
+
+[ssltest_unknown_servername_callback]
+server = ssltest_unknown_servername_server
+
+[ssltest_unknown_servername_server]
+ServerNameCallback = Foo
+
+[ssltest_unknown_session_ticket_expected]
+SessionTicketExpected = Foo
+
+[ssltest_unknown_compression_expected]
+CompressionExpected = Foo
+
+[ssltest_unknown_session_id_expected]
+SessionIdExpected = Foo
+
+[ssltest_unknown_method]
+Method = TLS2
+
+[ssltest_unknown_handshake_mode]
+HandshakeMode = Foo
+
+[ssltest_unknown_resumption_expected]
+ResumptionExpected = Foo
+
+[ssltest_unknown_ct_validation]
+client = ssltest_unknown_ct_validation_client
+
+[ssltest_unknown_ct_validation_client]
+CTCallback = Foo
+
+[ssltest_invalid_max_fragment_len]
+MaxFragmentLenExt = 421
diff --git a/test/ssl_test_ctx_test.conf b/test/ssl_test_ctx_test.conf

deleted file mode 100644 (file)

index 91e1465..0000000
--- a/test/ssl_test_ctx_test.conf
+++ /dev/null
@@ -1,97 +0,0 @@
-[ssltest_default]
-
-[ssltest_good]
-client = ssltest_good_client_extra
-server = ssltest_good_server_extra
-resume-server2 = ssltest_good_resume_server2_extra
-resume-client = ssltest_good_resume_client_extra
-
-Method = DTLS
-HandshakeMode = Resume
-ApplicationData = 1024
-MaxFragmentSize = 2048
-
-ExpectedResult = ServerFail
-ExpectedClientAlert = UnknownCA
-ExpectedProtocol = TLSv1.1
-ExpectedServerName = server2
-SessionTicketExpected = Yes
-ResumptionExpected = Yes
-
-[ssltest_good_client_extra]
-VerifyCallback = RejectAll
-ServerName = server2
-NPNProtocols = foo,bar
-
-[ssltest_good_resume_client_extra]
-CTValidation = Strict
-
-[ssltest_good_server_extra]
-ServerNameCallback = IgnoreMismatch
-BrokenSessionTicket = Yes
-
-[ssltest_good_resume_server2_extra]
-ALPNProtocols = baz
-
-[ssltest_unknown_option]
-UnknownOption = Foo
-
-[ssltest_wrong_section]
-server = ssltest_wrong_section_server
-
-[ssltest_wrong_section_server]
-VerifyCallback = RejectAll
-
-[ssltest_unknown_expected_result]
-ExpectedResult = Foo
-
-[ssltest_unknown_alert]
-ExpectedServerAlert = Foo
-
-[ssltest_unknown_protocol]
-Protocol = Foo
-
-[ssltest_unknown_verify_callback]
-client = ssltest_unknown_verify_callback_client
-
-[ssltest_unknown_verify_callback_client]
-VerifyCallback = Foo
-
-[ssltest_unknown_servername]
-client = ssltest_unknown_servername_client
-
-[ssltest_unknown_servername_client]
-ServerName = Foo
-
-[ssltest_unknown_servername_callback]
-server = ssltest_unknown_servername_server
-
-[ssltest_unknown_servername_server]
-ServerNameCallback = Foo
-
-[ssltest_unknown_session_ticket_expected]
-SessionTicketExpected = Foo
-
-[ssltest_unknown_compression_expected]
-CompressionExpected = Foo
-
-[ssltest_unknown_session_id_expected]
-SessionIdExpected = Foo
-
-[ssltest_unknown_method]
-Method = TLS2
-
-[ssltest_unknown_handshake_mode]
-HandshakeMode = Foo
-
-[ssltest_unknown_resumption_expected]
-ResumptionExpected = Foo
-
-[ssltest_unknown_ct_validation]
-client = ssltest_unknown_ct_validation_client
-
-[ssltest_unknown_ct_validation_client]
-CTCallback = Foo
-
-[ssltest_invalid_max_fragment_len]
-MaxFragmentLenExt = 421
diff --git a/util/fix-includes b/util/fix-includes

index c49163875b642b0e5f78d937d844d4f525e3c944..c1435a7628b0bbe8a41689a7cc7950846a6e6817 100755 (executable)
--- a/util/fix-includes
+++ b/util/fix-includes
@@ -14,6 +14,6 @@ find -name ossl_typ.h -o \( \
          -name '*.ec' -o \
          -name 'README*' -o \
          -name '*.pod' -o \
-        -name '*.conf' \
+        -name '*.cnf' -o -name '*.conf' \
          \) -exec sed -E -i \
          -f util/fix-includes.sed {} \;
author	Rich Salz <rsalz@akamai.com>
	Tue, 25 Feb 2020 18:25:13 +0000 (13:25 -0500)
committer	Tomas Mraz <tmraz@fedoraproject.org>
	Fri, 6 Mar 2020 17:25:13 +0000 (18:25 +0100)
.gitignore		patch \| blob \| history
doc/man1/openssl-fipsinstall.pod		patch \| blob \| history
test/CAss.cnf		patch \| blob \| history
test/P1ss.cnf		patch \| blob \| history
test/P2ss.cnf		patch \| blob \| history
test/README.ssltest.md		patch \| blob \| history
test/Uss.cnf		patch \| blob \| history
test/build.info		patch \| blob \| history
test/ct/log_list.cnf	[new file with mode: 0644]	patch \| blob
test/ct/log_list.conf	[deleted file]	patch \| blob \| history
test/default-and-fips.cnf		patch \| blob \| history
test/fips.cnf		patch \| blob \| history
test/provider_internal_test.cnf.in	[new file with mode: 0644]	patch \| blob
test/provider_internal_test.conf.in	[deleted file]	patch \| blob \| history
test/recipes/02-test_internal_provider.t		patch \| blob \| history
test/recipes/03-test_fipsinstall.t		patch \| blob \| history
test/recipes/04-test_conf.t		patch \| blob \| history
test/recipes/04-test_conf_data/dollarid_off.cnf	[new file with mode: 0644]	patch \| blob
test/recipes/04-test_conf_data/dollarid_off.conf	[deleted file]	patch \| blob \| history
test/recipes/04-test_conf_data/dollarid_on.cnf	[new file with mode: 0644]	patch \| blob
test/recipes/04-test_conf_data/dollarid_on.conf	[deleted file]	patch \| blob \| history
test/recipes/30-test_evp.t		patch \| blob \| history
test/recipes/30-test_evp_fetch_prov.t		patch \| blob \| history
test/recipes/70-test_comp.t		patch \| blob \| history
test/recipes/70-test_sslmessages.t		patch \| blob \| history
test/recipes/70-test_sslversions.t		patch \| blob \| history
test/recipes/70-test_tls13kexmodes.t		patch \| blob \| history
test/recipes/70-test_tls13messages.t		patch \| blob \| history
test/recipes/70-test_tls13psk.t		patch \| blob \| history
test/recipes/80-test_ct.t		patch \| blob \| history
test/recipes/80-test_ssl_new.t		patch \| blob \| history
test/recipes/80-test_ssl_old.t		patch \| blob \| history
test/recipes/80-test_ssl_test_ctx.t		patch \| blob \| history
test/recipes/90-test_gost.t		patch \| blob \| history
test/recipes/90-test_gost_data/gost.cnf	[new file with mode: 0644]	patch \| blob
test/recipes/90-test_gost_data/gost.conf	[deleted file]	patch \| blob \| history
test/recipes/90-test_includes_data/vms-includes.cnf		patch \| blob \| history
test/ssl-tests/01-simple.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/01-simple.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/01-simple.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/01-simple.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/02-protocol-version.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/02-protocol-version.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/02-protocol-version.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/02-protocol-version.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/03-custom_verify.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/03-custom_verify.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/03-custom_verify.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/03-custom_verify.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/04-client_auth.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/04-client_auth.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/04-client_auth.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/04-client_auth.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/05-sni.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/05-sni.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/05-sni.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/05-sni.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/06-sni-ticket.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/06-sni-ticket.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/06-sni-ticket.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/06-sni-ticket.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/07-dtls-protocol-version.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/07-dtls-protocol-version.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/07-dtls-protocol-version.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/07-dtls-protocol-version.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/08-npn.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/08-npn.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/08-npn.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/08-npn.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/09-alpn.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/09-alpn.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/09-alpn.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/09-alpn.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/10-resumption.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/10-resumption.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/10-resumption.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/10-resumption.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/11-dtls_resumption.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/11-dtls_resumption.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/11-dtls_resumption.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/11-dtls_resumption.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/12-ct.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/12-ct.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/12-ct.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/12-ct.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/13-fragmentation.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/13-fragmentation.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/13-fragmentation.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/13-fragmentation.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/14-curves.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/14-curves.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/14-curves.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/14-curves.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/15-certstatus.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/15-certstatus.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/15-certstatus.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/15-certstatus.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/16-dtls-certstatus.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/16-dtls-certstatus.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/16-dtls-certstatus.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/16-dtls-certstatus.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/17-renegotiate.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/17-renegotiate.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/17-renegotiate.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/17-renegotiate.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/18-dtls-renegotiate.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/18-dtls-renegotiate.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/18-dtls-renegotiate.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/18-dtls-renegotiate.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/19-mac-then-encrypt.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/19-mac-then-encrypt.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/19-mac-then-encrypt.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/19-mac-then-encrypt.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/20-cert-select.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/20-cert-select.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/20-cert-select.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/20-cert-select.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/21-key-update.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/21-key-update.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/21-key-update.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/21-key-update.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/22-compression.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/22-compression.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/22-compression.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/22-compression.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/23-srp.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/23-srp.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/23-srp.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/23-srp.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/24-padding.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/24-padding.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/24-padding.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/24-padding.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/25-cipher.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/25-cipher.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/25-cipher.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/25-cipher.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/26-tls13_client_auth.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/26-tls13_client_auth.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/26-tls13_client_auth.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/26-tls13_client_auth.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/27-ticket-appdata.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/27-ticket-appdata.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/27-ticket-appdata.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/27-ticket-appdata.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/28-seclevel.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/28-seclevel.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/28-seclevel.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/28-seclevel.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/29-dtls-sctp-label-bug.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/29-dtls-sctp-label-bug.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/29-dtls-sctp-label-bug.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/29-dtls-sctp-label-bug.conf.in	[deleted file]	patch \| blob \| history
test/ssl-tests/30-extended-master-secret.cnf	[new file with mode: 0644]	patch \| blob
test/ssl-tests/30-extended-master-secret.cnf.in	[new file with mode: 0644]	patch \| blob
test/ssl-tests/30-extended-master-secret.conf	[deleted file]	patch \| blob \| history
test/ssl-tests/30-extended-master-secret.conf.in	[deleted file]	patch \| blob \| history
test/ssl_test_ctx_test.c		patch \| blob \| history
test/ssl_test_ctx_test.cnf	[new file with mode: 0644]	patch \| blob
test/ssl_test_ctx_test.conf	[deleted file]	patch \| blob \| history
util/fix-includes		patch \| blob \| history