2 # Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
10 ## SSL test configurations
13 use OpenSSL::Test::Utils;
19 name => "SECLEVEL 3 with default key",
20 server => { "CipherString" => "DEFAULT:\@SECLEVEL=3" },
22 test => { "ExpectedResult" => "ServerFail" },
28 name => "SECLEVEL 4 with ED448 key",
29 server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
30 "Certificate" => test_pem("server-ed448-cert.pem"),
31 "PrivateKey" => test_pem("server-ed448-key.pem") },
32 client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
33 "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
34 test => { "ExpectedResult" => "Success" },
37 # The Ed448 signature algorithm will not be enabled.
38 # Because of the config order, the certificate is first loaded, and
39 # then the security level is changed. If you try this with s_server
40 # the order will be reversed and it will instead fail to load the key.
41 name => "SECLEVEL 5 server with ED448 key",
42 server => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
43 "Certificate" => test_pem("server-ed448-cert.pem"),
44 "PrivateKey" => test_pem("server-ed448-key.pem") },
45 client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
46 "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
47 test => { "ExpectedResult" => "ServerFail" },
50 # The client will not sent the Ed448 signature algorithm, so the server
51 # doesn't have a usable signature algorithm for the certificate.
52 name => "SECLEVEL 5 client with ED448 key",
53 server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
54 "Certificate" => test_pem("server-ed448-cert.pem"),
55 "PrivateKey" => test_pem("server-ed448-key.pem") },
56 client => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
57 "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
58 test => { "ExpectedResult" => "ServerFail" },
61 name => "SECLEVEL 3 with P-384 key, X25519 ECDHE",
62 server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
63 "Certificate" => test_pem("p384-server-cert.pem"),
64 "PrivateKey" => test_pem("p384-server-key.pem"),
65 "Groups" => "X25519" },
66 client => { "CipherString" => "ECDHE:\@SECLEVEL=3",
67 "VerifyCAFile" => test_pem("p384-root.pem") },
68 test => { "ExpectedResult" => "Success" },
74 name => "SECLEVEL 3 with ED448 key, TLSv1.2",
75 server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
76 "Certificate" => test_pem("server-ed448-cert.pem"),
77 "PrivateKey" => test_pem("server-ed448-key.pem"),
78 "MaxProtocol" => "TLSv1.2" },
79 client => { "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
80 test => { "ExpectedResult" => "Success" },
84 push @tests, @tests_ec unless disabled("ecx");
85 push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ecx");