]>
Commit | Line | Data |
---|---|---|
75b68c9e | 1 | # -*- mode: perl; -*- |
c486283c | 2 | # Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. |
75b68c9e | 3 | # |
909f1a2e | 4 | # Licensed under the Apache License 2.0 (the "License"). You may not use |
75b68c9e TM |
5 | # this file except in compliance with the License. You can obtain a copy |
6 | # in the file LICENSE in the source distribution or at | |
7 | # https://www.openssl.org/source/license.html | |
8 | ||
9 | ||
10 | ## SSL test configurations | |
11 | ||
12 | package ssltests; | |
65d2c16c | 13 | use OpenSSL::Test::Utils; |
75b68c9e TM |
14 | |
15 | our @tests = ( | |
16 | { | |
17 | name => "SECLEVEL 3 with default key", | |
18 | server => { "CipherString" => "DEFAULT:\@SECLEVEL=3" }, | |
19 | client => { }, | |
20 | test => { "ExpectedResult" => "ServerFail" }, | |
21 | }, | |
65d2c16c MC |
22 | ); |
23 | ||
24 | our @tests_ec = ( | |
75b68c9e | 25 | { |
620c97b6 KR |
26 | name => "SECLEVEL 4 with ED448 key", |
27 | server => { "CipherString" => "DEFAULT:\@SECLEVEL=4", | |
75b68c9e TM |
28 | "Certificate" => test_pem("server-ed448-cert.pem"), |
29 | "PrivateKey" => test_pem("server-ed448-key.pem") }, | |
620c97b6 KR |
30 | client => { "CipherString" => "DEFAULT:\@SECLEVEL=4", |
31 | "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, | |
75b68c9e TM |
32 | test => { "ExpectedResult" => "Success" }, |
33 | }, | |
620c97b6 KR |
34 | { |
35 | # The Ed488 signature algorithm will not be enabled. | |
36 | # Because of the config order, the certificate is first loaded, and | |
37 | # then the security level is chaged. If you try this with s_server | |
38 | # the order will be reversed and it will instead fail to load the key. | |
39 | name => "SECLEVEL 5 server with ED448 key", | |
40 | server => { "CipherString" => "DEFAULT:\@SECLEVEL=5", | |
41 | "Certificate" => test_pem("server-ed448-cert.pem"), | |
42 | "PrivateKey" => test_pem("server-ed448-key.pem") }, | |
43 | client => { "CipherString" => "DEFAULT:\@SECLEVEL=4", | |
44 | "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, | |
45 | test => { "ExpectedResult" => "ServerFail" }, | |
46 | }, | |
47 | { | |
48 | # The client will not sent the Ed488 signature algorithm, so the server | |
49 | # doesn't have a useable signature algorithm for the certificate. | |
50 | name => "SECLEVEL 5 client with ED448 key", | |
51 | server => { "CipherString" => "DEFAULT:\@SECLEVEL=4", | |
52 | "Certificate" => test_pem("server-ed448-cert.pem"), | |
53 | "PrivateKey" => test_pem("server-ed448-key.pem") }, | |
54 | client => { "CipherString" => "DEFAULT:\@SECLEVEL=5", | |
55 | "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, | |
56 | test => { "ExpectedResult" => "ServerFail" }, | |
57 | }, | |
75b68c9e TM |
58 | { |
59 | name => "SECLEVEL 3 with P-384 key, X25519 ECDHE", | |
60 | server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", | |
61 | "Certificate" => test_pem("p384-server-cert.pem"), | |
62 | "PrivateKey" => test_pem("p384-server-key.pem"), | |
63 | "Groups" => "X25519" }, | |
64 | client => { "CipherString" => "ECDHE:\@SECLEVEL=3", | |
65 | "VerifyCAFile" => test_pem("p384-root.pem") }, | |
66 | test => { "ExpectedResult" => "Success" }, | |
67 | }, | |
68 | ); | |
65d2c16c MC |
69 | |
70 | our @tests_tls1_2 = ( | |
71 | { | |
72 | name => "SECLEVEL 3 with ED448 key, TLSv1.2", | |
73 | server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", | |
74 | "Certificate" => test_pem("server-ed448-cert.pem"), | |
75 | "PrivateKey" => test_pem("server-ed448-key.pem"), | |
76 | "MaxProtocol" => "TLSv1.2" }, | |
77c4d397 | 77 | client => { "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, |
65d2c16c MC |
78 | test => { "ExpectedResult" => "Success" }, |
79 | }, | |
80 | ); | |
81 | ||
82 | push @tests, @tests_ec unless disabled("ec"); | |
83 | push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec"); |