3 ## SSL test configurations
11 use OpenSSL::Test::Utils qw(anydisabled);
15 my @curves = ("prime256v1", "secp384r1", "secp521r1", "X25519",
17 #Curves *only* suitable for use in TLSv1.3
18 my @curves_tls_1_3 = ("brainpoolP256r1tls13", "brainpoolP384r1tls13",
19 "brainpoolP512r1tls13");
21 #It so happens that all the curves in @curves_tls_1_3 are non-fips curves
22 push @curves, @curves_tls_1_3 if !$fips_mode;
24 my @curves_tls_1_2 = ("sect233k1", "sect233r1",
25 "sect283k1", "sect283r1", "sect409k1", "sect409r1",
26 "sect571k1", "sect571r1", "secp224r1");
28 my @curves_non_fips = ("sect163k1", "sect163r2", "prime192v1",
29 "sect163r1", "sect193r1", "sect193r2", "sect239k1",
30 "secp160k1", "secp160r1", "secp160r2", "secp192k1",
31 "secp224k1", "secp256k1", "brainpoolP256r1",
32 "brainpoolP384r1", "brainpoolP512r1");
34 push @curves_tls_1_2, @curves_non_fips if !$fips_mode;
38 sub generate_tests() {
39 foreach (0..$#curves) {
40 my $curve = $curves[$_];
42 name => "curve-${curve}",
45 "CipherString" => 'DEFAULT@SECLEVEL=1',
46 "MaxProtocol" => "TLSv1.3"
49 "CipherString" => 'ECDHE@SECLEVEL=1',
50 "MaxProtocol" => "TLSv1.3",
54 "ExpectedTmpKeyType" => $curve,
55 "ExpectedProtocol" => "TLSv1.3",
56 "ExpectedResult" => "Success"
60 foreach (0..$#curves_tls_1_2) {
61 my $curve = $curves_tls_1_2[$_];
63 name => "curve-${curve}",
66 "CipherString" => 'DEFAULT@SECLEVEL=1',
67 "MaxProtocol" => "TLSv1.3"
70 "CipherString" => 'ECDHE@SECLEVEL=1',
71 "MaxProtocol" => "TLSv1.2",
75 "ExpectedTmpKeyType" => $curve,
76 "ExpectedProtocol" => "TLSv1.2",
77 "ExpectedResult" => "Success"
81 foreach (0..$#curves_tls_1_2) {
82 my $curve = $curves_tls_1_2[$_];
84 name => "curve-${curve}-tls13",
87 "CipherString" => 'DEFAULT@SECLEVEL=1',
88 "MaxProtocol" => "TLSv1.3"
91 "CipherString" => 'ECDHE@SECLEVEL=1',
92 "MinProtocol" => "TLSv1.3",
96 "ExpectedResult" => "ClientFail"
101 foreach (0..$#curves_tls_1_3) {
102 my $curve = $curves_tls_1_3[$_];
104 name => "curve-${curve}-tls13-in-tls12",
107 "CipherString" => 'DEFAULT@SECLEVEL=1',
108 "MaxProtocol" => "TLSv1.3"
111 "CipherString" => 'ECDHE@SECLEVEL=1',
112 "MaxProtocol" => "TLSv1.2",
116 #These curves are only suitable for TLSv1.3 so we expect the
117 #server to fail because it has no shared groups for TLSv1.2
119 "ExpectedResult" => "ServerFail"