3 ## SSL test configurations
11 use OpenSSL::Test::Utils qw(anydisabled);
15 my @curves = ("prime256v1", "secp384r1", "secp521r1");
17 my @curves_no_fips = ("X25519", "X448");
19 push @curves, @curves_no_fips if !$fips_mode;
21 #Curves *only* suitable for use in TLSv1.3
22 my @curves_tls_1_3 = ("ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144",
24 my @curves_tls_1_3_no_fips = ("brainpoolP256r1tls13", "brainpoolP384r1tls13",
25 "brainpoolP512r1tls13");
27 push @curves_tls_1_3, @curves_tls_1_3_no_fips if !$fips_mode;
28 push @curves, @curves_tls_1_3;
30 my @curves_tls_1_2 = ("sect233k1", "sect233r1",
31 "sect283k1", "sect283r1", "sect409k1", "sect409r1",
32 "sect571k1", "sect571r1", "secp224r1");
34 my @curves_non_fips = ("sect163k1", "sect163r2", "prime192v1",
35 "sect163r1", "sect193r1", "sect193r2", "sect239k1",
36 "secp160k1", "secp160r1", "secp160r2", "secp192k1",
37 "secp224k1", "secp256k1", "brainpoolP256r1",
38 "brainpoolP384r1", "brainpoolP512r1");
40 push @curves_tls_1_2, @curves_non_fips if !$fips_mode;
48 if ($group =~ /ffdhe/) {
49 $keyType = "dhKeyAgreement";
57 sub generate_tests() {
58 foreach (0..$#curves) {
59 my $curve = $curves[$_];
61 name => "curve-${curve}",
64 "CipherString" => 'DEFAULT@SECLEVEL=1',
65 "MaxProtocol" => "TLSv1.3"
68 "CipherString" => 'ECDHE@SECLEVEL=1',
69 "MaxProtocol" => "TLSv1.3",
73 "ExpectedTmpKeyType" => get_key_type($curve),
74 "ExpectedProtocol" => "TLSv1.3",
75 "ExpectedResult" => "Success"
79 foreach (0..$#curves_tls_1_2) {
80 my $curve = $curves_tls_1_2[$_];
82 name => "curve-${curve}",
85 "CipherString" => 'DEFAULT@SECLEVEL=1',
86 "MaxProtocol" => "TLSv1.3"
89 "CipherString" => 'ECDHE@SECLEVEL=1',
90 "MaxProtocol" => "TLSv1.2",
94 "ExpectedTmpKeyType" => get_key_type($curve),
95 "ExpectedProtocol" => "TLSv1.2",
96 "ExpectedResult" => "Success"
100 foreach (0..$#curves_tls_1_2) {
101 my $curve = $curves_tls_1_2[$_];
103 name => "curve-${curve}-tls12-in-tls13",
105 "Curves" => "$curve:P-256",
106 "CipherString" => 'DEFAULT@SECLEVEL=1',
107 "MaxProtocol" => "TLSv1.3"
110 "CipherString" => 'ECDHE@SECLEVEL=1',
111 "MaxProtocol" => "TLSv1.3",
112 "MinProtocol" => "TLSv1.3",
113 "Curves" => "$curve:P-256"
116 #This curve is not allowed in a TLSv1.3 key_share. We should
117 #succeed but fallback to P-256
118 "ExpectedTmpKeyType" => "P-256",
119 "ExpectedProtocol" => "TLSv1.3",
120 "ExpectedResult" => "Success"
124 foreach (0..$#curves_tls_1_2) {
125 my $curve = $curves_tls_1_2[$_];
127 name => "curve-${curve}-tls13",
130 "CipherString" => 'DEFAULT@SECLEVEL=1',
131 "MaxProtocol" => "TLSv1.3"
134 "CipherString" => 'ECDHE@SECLEVEL=1',
135 "MinProtocol" => "TLSv1.3",
139 "ExpectedResult" => "ClientFail"
143 foreach (0..$#curves_tls_1_3) {
144 my $curve = $curves_tls_1_3[$_];
146 name => "curve-${curve}-tls13-in-tls12",
149 "CipherString" => 'DEFAULT@SECLEVEL=1',
150 "MaxProtocol" => "TLSv1.3"
153 "CipherString" => 'ECDHE@SECLEVEL=1',
154 "MaxProtocol" => "TLSv1.2",
158 #These curves are only suitable for TLSv1.3 so we expect the
159 #server to fail because it has no shared groups for TLSv1.2
161 "ExpectedResult" => "ServerFail"
165 name => "curve-${curve}-tls13-in-tls12-2",
168 "CipherString" => 'DEFAULT@SECLEVEL=1',
169 "MaxProtocol" => "TLSv1.2"
172 "CipherString" => 'DEFAULT@SECLEVEL=1',
173 "MaxProtocol" => "TLSv1.3",
177 #These curves are only suitable for TLSv1.3. We expect TLSv1.2
178 #negotiation to succeed because we fall back to some other
180 "ExpectedResult" => "Success"