From: Kurt Roeckx Date: Tue, 15 Jul 2025 09:38:21 +0000 (+0200) Subject: Remove support for SSLv3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=60c15b2aff152a64523cf3904a4f8d19ee8aceee;p=thirdparty%2Fopenssl.git Remove support for SSLv3 Reviewed-by: Saša Nedvědický Reviewed-by: Neil Horman Reviewed-by: Saša Nedvědický Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/29338) --- diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d4712c262ed..20079baca2f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -144,7 +144,7 @@ jobs: with: persist-credentials: false - name: config - run: ./config --strict-warnings enable-demos enable-fips enable-lms enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace + run: ./config --strict-warnings enable-demos enable-fips enable-lms enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-trace - name: config dump run: ./configdata.pm --dump - name: make @@ -217,7 +217,7 @@ jobs: shutdown_vm: false run: | sudo pkg install -y gcc perl5 - ./config --strict-warnings enable-fips enable-lms enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace + ./config --strict-warnings enable-fips enable-lms enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-trace - name: config dump uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0 with: @@ -418,7 +418,7 @@ jobs: sudo cat /proc/sys/vm/mmap_rnd_bits sudo sysctl -w vm.mmap_rnd_bits=28 - name: config - run: ./config --strict-warnings --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg && perl configdata.pm --dump + run: ./config --strict-warnings --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-nextprotoneg && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -538,7 +538,7 @@ jobs: - name: install extra config support run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd - name: config - run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo enable-ktls enable-fips enable-lms enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-zlib enable-zstd && perl configdata.pm --dump + run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo enable-ktls enable-fips enable-lms enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-weak-ssl-ciphers enable-trace enable-zlib enable-zstd && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -588,7 +588,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: ./config --strict-warnings --banner=Configured --debug enable-demos enable-h3demo no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump + run: ./config --strict-warnings --banner=Configured --debug enable-demos enable-h3demo no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -711,7 +711,7 @@ jobs: - name: setup hostname workaround run: sudo hostname localhost - name: config - run: ./config --strict-warnings --banner=Configured --debug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump + run: ./config --strict-warnings --banner=Configured --debug enable-rc5 enable-md2 enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump - name: make run: make -s -j4 - uses: dtolnay/rust-toolchain@0f44b27771c32bda9f458f75a1e241b09791b331 diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml index c219577991e..e413f71d959 100644 --- a/.github/workflows/coveralls.yml +++ b/.github/workflows/coveralls.yml @@ -107,7 +107,7 @@ jobs: - name: setup hostname workaround run: sudo hostname localhost - name: config - run: CC=gcc ./config --debug --coverage ${{ matrix.branches.extra_config }} no-asm enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-buildtest-c++ enable-ssl-trace enable-trace + run: CC=gcc ./config --debug --coverage ${{ matrix.branches.extra_config }} no-asm enable-rc5 enable-md2 enable-nextprotoneg enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-buildtest-c++ enable-ssl-trace enable-trace - name: config dump run: ./configdata.pm --dump - name: make diff --git a/.github/workflows/fips-checksums.yml b/.github/workflows/fips-checksums.yml index 67e7cd13a96..c7d8f223a07 100644 --- a/.github/workflows/fips-checksums.yml +++ b/.github/workflows/fips-checksums.yml @@ -79,7 +79,7 @@ jobs: compute-abidiff: runs-on: ubuntu-latest env: - BUILD_OPTS: -g --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd + BUILD_OPTS: -g --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-trace enable-zlib enable-zstd steps: - name: create build dirs run: | diff --git a/.github/workflows/fuzz-checker.yml b/.github/workflows/fuzz-checker.yml index 184fd7b7398..ade5c92826b 100644 --- a/.github/workflows/fuzz-checker.yml +++ b/.github/workflows/fuzz-checker.yml @@ -35,7 +35,7 @@ jobs: name: libFuzzer+, config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer, - extra: enable-fips enable-lms enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg, + extra: enable-fips enable-lms enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-nextprotoneg, install: libfuzzer-18-dev, cc: clang-18, linker: clang++-18, diff --git a/.github/workflows/os-zoo.yml b/.github/workflows/os-zoo.yml index ebcf1fc2df4..ba39c7a137c 100644 --- a/.github/workflows/os-zoo.yml +++ b/.github/workflows/os-zoo.yml @@ -192,7 +192,7 @@ jobs: with: persist-credentials: false - name: config - run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace + run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-trace - name: config dump run: ./configdata.pm --dump - name: make @@ -251,7 +251,7 @@ jobs: with: persist-credentials: false - name: config - run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace + run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-trace - name: config dump run: ./configdata.pm --dump - name: make @@ -271,7 +271,7 @@ jobs: with: persist-credentials: false - name: config - run: ./config --strict-warnings enable-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace + run: ./config --strict-warnings enable-fips enable-md2 enable-rc5 enable-trace - name: config dump run: ./configdata.pm --dump - name: make @@ -291,7 +291,7 @@ jobs: with: persist-credentials: false - name: config - run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace + run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-trace - name: config dump run: ./configdata.pm --dump - name: make @@ -318,7 +318,7 @@ jobs: shutdown_vm: false run: | sudo pkg install -y gcc perl5 - ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace + ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-trace - name: config dump uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0 with: diff --git a/.github/workflows/prov-compat-label.yml b/.github/workflows/prov-compat-label.yml index 4fa4759c3d1..c8e74ca89e4 100644 --- a/.github/workflows/prov-compat-label.yml +++ b/.github/workflows/prov-compat-label.yml @@ -16,7 +16,7 @@ permissions: contents: read env: - opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib + opts: enable-rc5 enable-md2 enable-weak-ssl-ciphers enable-zlib jobs: fips-releases: diff --git a/.github/workflows/provider-compatibility.yml b/.github/workflows/provider-compatibility.yml index 290c2751ad0..73dcf4cba1d 100644 --- a/.github/workflows/provider-compatibility.yml +++ b/.github/workflows/provider-compatibility.yml @@ -24,7 +24,7 @@ permissions: contents: read env: - opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib + opts: enable-rc5 enable-md2 enable-weak-ssl-ciphers enable-zlib jobs: fips-releases: diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml index c301b342900..6ae86ed2b2a 100644 --- a/.github/workflows/run-checker-daily.yml +++ b/.github/workflows/run-checker-daily.yml @@ -104,8 +104,6 @@ jobs: no-sse2, no-ssl, no-ssl-trace, - enable-ssl3, - enable-ssl3-method, enable-sslkeylog, no-shared, no-tests, diff --git a/.github/workflows/static-analysis-on-prem.yml b/.github/workflows/static-analysis-on-prem.yml index 0dc82eb427c..30973ba49a7 100644 --- a/.github/workflows/static-analysis-on-prem.yml +++ b/.github/workflows/static-analysis-on-prem.yml @@ -31,7 +31,7 @@ jobs: with: persist-credentials: false - name: Config - run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-lms enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC + run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-lms enable-fips enable-rc5 enable-md2 enable-nextprotoneg enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC - name: Config dump run: ./configdata.pm --dump - name: Make diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index 3ee2769a136..b68cdb8af18 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -30,7 +30,7 @@ jobs: --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openssl%2Fopenssl" \ --progress=dot:giga -O coverity_tool.tgz - name: config - run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-lms enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC + run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-lms enable-fips enable-rc5 enable-md2 enable-nextprotoneg enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC - name: config dump run: ./configdata.pm --dump - name: tool install diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index 55eac915cc8..b364db30bc1 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -115,7 +115,7 @@ jobs: shell: cmd run: | call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat" - perl ..\Configure --banner=Configured --strict-warnings enable-demos no-makedepend no-shared no-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-crypto-mdebug -DOSSL_WINCTX=openssl VC-WIN64A-masm + perl ..\Configure --banner=Configured --strict-warnings enable-demos no-makedepend no-shared no-fips enable-md2 enable-rc5 enable-weak-ssl-ciphers enable-trace enable-crypto-mdebug -DOSSL_WINCTX=openssl VC-WIN64A-masm perl configdata.pm --dump - name: build working-directory: _build diff --git a/CHANGES.md b/CHANGES.md index 3bf218a50a6..43019834e17 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -32,6 +32,11 @@ OpenSSL 4.0 ### Changes between 3.6 and 4.0 [xx XXX xxxx] + * Support for SSLv3 was removed. SSLv3 has been deprecated since + 2015, and OpenSSL had it disabled by default since 1.1.0 (2016). + + *Kurt Roeckx* + * The script tool `c_rehash` was removed. Use `openssl rehash` instead. *Norbert Pocs* diff --git a/Configure b/Configure index c365a61c971..5923af9a69b 100755 --- a/Configure +++ b/Configure @@ -413,7 +413,7 @@ my $auto_threads=1; # enable threads automatically? true by default my $default_ranlib; # Known TLS and DTLS protocols -my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3); +my @tls = qw(tls1 tls1_1 tls1_2 tls1_3); my @dtls = qw(dtls1 dtls1_2); # Explicitly known options that are possible to disable. They can diff --git a/apps/ciphers.c b/apps/ciphers.c index dc52b9f912a..3f2e73c13ad 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -20,7 +20,6 @@ typedef enum OPTION_choice { OPT_COMMON, OPT_STDNAME, OPT_CONVERT, - OPT_SSL3, OPT_TLS1, OPT_TLS1_1, OPT_TLS1_2, @@ -48,9 +47,6 @@ const OPTIONS ciphers_options[] = { OPT_SECTION("Cipher specification"), { "s", OPT_S, '-', "Only supported ciphers" }, -#ifndef OPENSSL_NO_SSL3 - { "ssl3", OPT_SSL3, '-', "Ciphers compatible with SSL3" }, -#endif #ifndef OPENSSL_NO_TLS1 { "tls1", OPT_TLS1, '-', "Ciphers compatible with TLS1" }, #endif @@ -135,10 +131,6 @@ int ciphers_main(int argc, char **argv) case OPT_CONVERT: convert = opt_arg(); break; - case OPT_SSL3: - min_version = SSL3_VERSION; - max_version = SSL3_VERSION; - break; case OPT_TLS1: min_version = TLS1_VERSION; max_version = TLS1_VERSION; diff --git a/apps/include/opt.h b/apps/include/opt.h index a2facb02521..a9b50c3f008 100644 --- a/apps/include/opt.h +++ b/apps/include/opt.h @@ -157,7 +157,7 @@ */ #define OPT_S_ENUM \ OPT_S__FIRST = 3000, \ - OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \ + OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \ OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \ OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_CLIENTRENEG, \ OPT_S_LEGACYCONN, \ @@ -176,7 +176,6 @@ #define OPT_S_OPTIONS \ OPT_SECTION("TLS/SSL"), \ - { "no_ssl3", OPT_S_NOSSL3, '-', "Just disable SSLv3" }, \ { "no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1" }, \ { "no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \ { "no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2" }, \ @@ -239,7 +238,6 @@ OPT_S__FIRST: \ case OPT_S__LAST: \ break; \ - case OPT_S_NOSSL3: \ case OPT_S_NOTLS1: \ case OPT_S_NOTLS1_1: \ case OPT_S_NOTLS1_2: \ @@ -276,8 +274,8 @@ case OPT_S_NO_ETM: \ case OPT_S_NO_EMS -#define IS_NO_PROT_FLAG(o) \ - (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \ +#define IS_NO_PROT_FLAG(o) \ + (o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \ || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3) /* diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 016adb50435..0cca3a8fed9 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -583,7 +583,6 @@ void apps_ssl_info_callback(const SSL *s, int where, int ret) } static STRINT_PAIR ssl_versions[] = { - { "SSL 3.0", SSL3_VERSION }, { "TLS 1.0", TLS1_VERSION }, { "TLS 1.1", TLS1_1_VERSION }, { "TLS 1.2", TLS1_2_VERSION }, @@ -666,7 +665,7 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, const char *str_version, *str_content_type = "", *str_details1 = "", *str_details2 = ""; const unsigned char *bp = buf; - if (version == SSL3_VERSION || version == TLS1_VERSION || version == TLS1_1_VERSION || version == TLS1_2_VERSION || version == TLS1_3_VERSION || version == DTLS1_VERSION || version == DTLS1_BAD_VER) { + if (version == TLS1_VERSION || version == TLS1_1_VERSION || version == TLS1_2_VERSION || version == TLS1_3_VERSION || version == DTLS1_VERSION || version == DTLS1_BAD_VER) { str_version = lookup(version, ssl_versions, "???"); switch (content_type) { case SSL3_RT_CHANGE_CIPHER_SPEC: diff --git a/apps/list.c b/apps/list.c index f735101aab8..5a9673180d7 100644 --- a/apps/list.c +++ b/apps/list.c @@ -1548,9 +1548,6 @@ static void list_disabled(void) #ifdef OPENSSL_NO_SRTP BIO_puts(bio_out, "SRTP\n"); #endif -#ifdef OPENSSL_NO_SSL3 - BIO_puts(bio_out, "SSL3\n"); -#endif #ifdef OPENSSL_NO_TLS1 BIO_puts(bio_out, "TLS1\n"); #endif diff --git a/apps/s_client.c b/apps/s_client.c index 55e8b022562..7b2cabdc428 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -530,7 +530,6 @@ typedef enum OPTION_choice { OPT_SRP_LATEUSER, OPT_SRP_MOREGROUPS, #endif - OPT_SSL3, OPT_SSL_CONFIG, OPT_TLS1_3, OPT_TLS1_2, @@ -760,9 +759,6 @@ const OPTIONS s_client_options[] = { { "nbio", OPT_NBIO, '-', "Use non-blocking IO" }, OPT_SECTION("Protocol and version"), -#ifndef OPENSSL_NO_SSL3 - { "ssl3", OPT_SSL3, '-', "Just use SSLv3" }, -#endif #ifndef OPENSSL_NO_TLS1 { "tls1", OPT_TLS1, '-', "Just use TLSv1" }, #endif @@ -888,7 +884,7 @@ static const OPT_PAIR services[] = { #define IS_UNIX_FLAG(o) (o == OPT_UNIX) #define IS_PROT_FLAG(o) \ - (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ + (o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2 \ || o == OPT_QUIC) @@ -1369,15 +1365,6 @@ int s_client_main(int argc, char **argv) case OPT_SSL_CONFIG: ssl_config = opt_arg(); break; - case OPT_SSL3: - min_version = SSL3_VERSION; - max_version = SSL3_VERSION; - socket_type = SOCK_STREAM; -#ifndef OPENSSL_NO_DTLS - isdtls = 0; -#endif - isquic = 0; - break; case OPT_TLS1_3: min_version = TLS1_3_VERSION; max_version = TLS1_3_VERSION; diff --git a/apps/s_server.c b/apps/s_server.c index dd5431ca30b..2846ade6b59 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1025,7 +1025,6 @@ typedef enum OPTION_choice { OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF, - OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, @@ -1270,9 +1269,6 @@ const OPTIONS s_server_options[] = { { "no_ca_names", OPT_NOCANAMES, '-', "Disable TLS Extension CA Names" }, { "stateless", OPT_STATELESS, '-', "Require TLSv1.3 cookies" }, -#ifndef OPENSSL_NO_SSL3 - { "ssl3", OPT_SSL3, '-', "Just talk SSLv3" }, -#endif #ifndef OPENSSL_NO_TLS1 { "tls1", OPT_TLS1, '-', "Just talk TLSv1" }, #endif @@ -1326,8 +1322,8 @@ const OPTIONS s_server_options[] = { { NULL } }; -#define IS_PROT_FLAG(o) \ - (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ +#define IS_PROT_FLAG(o) \ + (o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) int s_server_main(int argc, char *argv[]) @@ -1856,10 +1852,6 @@ int s_server_main(int argc, char *argv[]) case OPT_SSL_CONFIG: ssl_config = opt_arg(); break; - case OPT_SSL3: - min_version = SSL3_VERSION; - max_version = SSL3_VERSION; - break; case OPT_TLS1_3: min_version = TLS1_3_VERSION; max_version = TLS1_3_VERSION; diff --git a/apps/s_time.c b/apps/s_time.c index e52f456838b..7e34f010454 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -61,7 +61,6 @@ typedef enum OPTION_choice { OPT_BUGS, OPT_VERIFY, OPT_TIME, - OPT_SSL3, OPT_WWW, OPT_TLS1, OPT_TLS1_1, @@ -83,9 +82,6 @@ const OPTIONS s_time_options[] = { { "cipher", OPT_CIPHER, 's', "TLSv1.2 and below cipher list to be used" }, { "ciphersuites", OPT_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used" }, -#ifndef OPENSSL_NO_SSL3 - { "ssl3", OPT_SSL3, '-', "Just use SSLv3" }, -#endif #ifndef OPENSSL_NO_TLS1 { "tls1", OPT_TLS1, '-', "Just use TLSv1.0" }, #endif @@ -226,10 +222,6 @@ int s_time_main(int argc, char **argv) goto end; } break; - case OPT_SSL3: - min_version = SSL3_VERSION; - max_version = SSL3_VERSION; - break; case OPT_TLS1: min_version = TLS1_VERSION; max_version = TLS1_VERSION; @@ -326,8 +318,6 @@ int s_time_main(int argc, char **argv) ver = SSL_version(scon); if (ver == TLS1_VERSION) ver = 't'; - else if (ver == SSL3_VERSION) - ver = '3'; else ver = '*'; } @@ -408,8 +398,6 @@ next: ver = SSL_version(scon); if (ver == TLS1_VERSION) ver = 't'; - else if (ver == SSL3_VERSION) - ver = '3'; else ver = '*'; } diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in index 217326d1221..66229eb0204 100644 --- a/doc/man1/openssl-ciphers.pod.in +++ b/doc/man1/openssl-ciphers.pod.in @@ -12,7 +12,6 @@ B B [B<-s>] [B<-v>] [B<-V>] -[B<-ssl3>] [B<-tls1>] [B<-tls1_1>] [B<-tls1_2>] @@ -76,7 +75,7 @@ L. Like B<-v>, but include the official cipher suite values in hex. -=item B<-tls1_3>, B<-tls1_2>, B<-tls1_1>, B<-tls1>, B<-ssl3> +=item B<-tls1_3>, B<-tls1_2>, B<-tls1_1>, B<-tls1> In combination with the B<-s> option, list the ciphers which could be used if the specified protocol were negotiated. diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index bc2d3c822f3..ecaf7344c89 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -912,7 +912,7 @@ then an HTTP command can be given such as "GET /" to retrieve a web page. If the handshake fails then there are several possible causes, if it is nothing obvious like no client certificate then the B<-bugs>, -B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1> options can be tried +B<-tls1>, B<-no_tls1> options can be tried in case it is a buggy server. In particular you should play with these options B submitting a bug report to an OpenSSL mailing list. diff --git a/doc/man1/openssl-s_time.pod.in b/doc/man1/openssl-s_time.pod.in index b483aab68eb..23f9d48cba1 100644 --- a/doc/man1/openssl-s_time.pod.in +++ b/doc/man1/openssl-s_time.pod.in @@ -17,7 +17,6 @@ B B [B<-new>] [B<-verify> I] [B<-time> I] -[B<-ssl3>] [B<-tls1>] [B<-tls1_1>] [B<-tls1_2>] @@ -128,7 +127,7 @@ can establish. This is an obsolete synonym for B<-CAfile>. -=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3> +=item B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3> See L. @@ -151,7 +150,7 @@ by the client the same way the aforementioned option does. This command can be used to measure the performance of an SSL connection. To connect to an SSL HTTP server and get the default page the command - openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher [-ssl3] + openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher would typically be used (https uses port 443). I is a cipher to which both client and server can agree, see the L command @@ -159,7 +158,7 @@ for details. If the handshake fails then there are several possible causes, if it is nothing obvious like no client certificate then the B<-bugs> and -B<-ssl3> options can be tried +B<-tls1> options can be tried in case it is a buggy server. In particular you should play with these options B submitting a bug report to an OpenSSL mailing list. diff --git a/doc/man1/openssl-sess_id.pod.in b/doc/man1/openssl-sess_id.pod.in index 92d7500f4f5..827a2afaca6 100644 --- a/doc/man1/openssl-sess_id.pod.in +++ b/doc/man1/openssl-sess_id.pod.in @@ -98,7 +98,7 @@ These are described below in more detail. =item B -This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3. +This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1 or TLSv1. =item B diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index 9b6ed98cfb9..ff66bcb2605 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -597,7 +597,7 @@ OpenSSL was built. =over 4 -=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> +=item B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> These options require or disable the use of the specified SSL or TLS protocols. When a specific TLS version is required, only that version will be offered or diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 3b84f16074e..5813d59128b 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -309,9 +309,9 @@ Attempts to use B as the set of temporary DH parameters for the appropriate context. This option is only supported if certificate operations are permitted. -=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> +=item B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> -Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by +Disables protocol support for TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by setting the corresponding options B, B, B, B and B respectively. These options are deprecated, use B<-min_protocol> and diff --git a/doc/man3/SSL_CTX_new.pod b/doc/man3/SSL_CTX_new.pod index 627d9e7f0dc..ba24120f771 100644 --- a/doc/man3/SSL_CTX_new.pod +++ b/doc/man3/SSL_CTX_new.pod @@ -125,7 +125,7 @@ can be one of the following: These are the general-purpose I SSL/TLS methods. The actual protocol version used will be negotiated to the highest version mutually supported by the client and the server. -The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. +The supported protocols are TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. Applications should use these methods, and avoid the version-specific methods described below, which are deprecated. @@ -155,9 +155,7 @@ TLSv1 protocol. These methods are deprecated. =item SSLv3_method(), SSLv3_server_method(), SSLv3_client_method() -A TLS/SSL connection established with these methods will only understand the -SSLv3 protocol. -The SSLv3 protocol is deprecated and should not be used. +Starting in version 3.6 those functions always return NULL. =item DTLS_method(), DTLS_server_method(), DTLS_client_method() diff --git a/doc/perlvars.pm b/doc/perlvars.pm index ae3dfad5457..82d37a60742 100644 --- a/doc/perlvars.pm +++ b/doc/perlvars.pm @@ -131,19 +131,17 @@ $OpenSSL::safe::opt_trust_item = "" # TLS Version Options $OpenSSL::safe::opt_versiontls_synopsis = "" -. "[B<-no_ssl3>]\n" . "[B<-no_tls1>]\n" . "[B<-no_tls1_1>]\n" . "[B<-no_tls1_2>]\n" . "[B<-no_tls1_3>]\n" -. "[B<-ssl3>]\n" . "[B<-tls1>]\n" . "[B<-tls1_1>]\n" . "[B<-tls1_2>]\n" . "[B<-tls1_3>]"; $OpenSSL::safe::opt_versiontls_item = "" -. "=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>,\n" -. "B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>\n" +. "=item B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>,\n" +. "B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>\n" . "\n" . "See L."; diff --git a/ssl/build.info b/ssl/build.info index 7f4ecaa68f5..d293d966b61 100644 --- a/ssl/build.info +++ b/ssl/build.info @@ -4,7 +4,7 @@ LIBS=../libssl SOURCE[../libssl]=\ pqueue.c \ - statem/statem_srvr.c statem/statem_clnt.c s3_lib.c s3_enc.c \ + statem/statem_srvr.c statem/statem_clnt.c s3_lib.c s3_enc.c \ statem/statem_lib.c statem/extensions.c statem/extensions_srvr.c \ statem/extensions_clnt.c statem/extensions_cust.c s3_msg.c \ methods.c t1_lib.c t1_enc.c tls13_enc.c \ diff --git a/ssl/methods.c b/ssl/methods.c index 07098839058..35d84444f1a 100644 --- a/ssl/methods.c +++ b/ssl/methods.c @@ -41,9 +41,6 @@ IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, tlsv1_method, ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data) #endif -#ifndef OPENSSL_NO_SSL3_METHOD -IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect) -#endif /*- * TLS/SSLv3 server methods */ @@ -73,10 +70,6 @@ IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, ossl_statem_accept, ssl_undefined_function, TLSv1_enc_data) #endif -#ifndef OPENSSL_NO_SSL3_METHOD -IMPLEMENT_ssl3_meth_func(sslv3_server_method, - ossl_statem_accept, ssl_undefined_function) -#endif /*- * TLS/SSLv3 client methods */ @@ -106,10 +99,6 @@ IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1, ssl_undefined_function, ossl_statem_connect, TLSv1_enc_data) #endif -#ifndef OPENSSL_NO_SSL3_METHOD -IMPLEMENT_ssl3_meth_func(sslv3_client_method, - ssl_undefined_function, ossl_statem_connect) -#endif /*- * DTLS methods */ @@ -228,17 +217,17 @@ const SSL_METHOD *TLSv1_client_method(void) #ifndef OPENSSL_NO_SSL3_METHOD const SSL_METHOD *SSLv3_method(void) { - return sslv3_method(); + return NULL; } const SSL_METHOD *SSLv3_server_method(void) { - return sslv3_server_method(); + return NULL; } const SSL_METHOD *SSLv3_client_method(void) { - return sslv3_client_method(); + return NULL; } #endif diff --git a/ssl/record/methods/build.info b/ssl/record/methods/build.info index 8b1af5dd5d5..4893ce9212a 100644 --- a/ssl/record/methods/build.info +++ b/ssl/record/methods/build.info @@ -4,7 +4,7 @@ IF[{- !$disabled{ktls} -}] ENDIF SOURCE[../../../libssl]=\ - tls_common.c ssl3_meth.c tls1_meth.c tls13_meth.c tlsany_meth.c \ + tls_common.c tls1_meth.c tls13_meth.c tlsany_meth.c \ dtls_meth.c tls_multib.c $KTLSSRC # For shared builds we need to include the sources needed in providers diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h index 4ffce8d6638..d2bb7b394d7 100644 --- a/ssl/record/methods/recmethod_local.h +++ b/ssl/record/methods/recmethod_local.h @@ -378,7 +378,6 @@ typedef struct dtls_rlayer_record_data_st { TLS_RL_RECORD rrec; } DTLS_RLAYER_RECORD_DATA; -extern const struct record_functions_st ssl_3_0_funcs; extern const struct record_functions_st tls_1_funcs; extern const struct record_functions_st tls_1_3_funcs; extern const struct record_functions_st tls_any_funcs; diff --git a/ssl/record/methods/ssl3_meth.c b/ssl/record/methods/ssl3_meth.c deleted file mode 100644 index 086d8f94f88..00000000000 --- a/ssl/record/methods/ssl3_meth.c +++ /dev/null @@ -1,331 +0,0 @@ -/* - * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/ssl3_cbc.h" -#include "../../ssl_local.h" -#include "../record_local.h" -#include "recmethod_local.h" - -static int ssl3_set_crypto_state(OSSL_RECORD_LAYER *rl, int level, - unsigned char *key, size_t keylen, - unsigned char *iv, size_t ivlen, - unsigned char *mackey, size_t mackeylen, - const EVP_CIPHER *ciph, - size_t taglen, - int mactype, - const EVP_MD *md, - COMP_METHOD *comp) -{ - EVP_CIPHER_CTX *ciph_ctx; - int enc = (rl->direction == OSSL_RECORD_DIRECTION_WRITE) ? 1 : 0; - - if (md == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); - return OSSL_RECORD_RETURN_FATAL; - } - - if ((rl->enc_ctx = EVP_CIPHER_CTX_new()) == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); - return OSSL_RECORD_RETURN_FATAL; - } - ciph_ctx = rl->enc_ctx; - - rl->md_ctx = EVP_MD_CTX_new(); - if (rl->md_ctx == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); - return OSSL_RECORD_RETURN_FATAL; - } - - if ((md != NULL && EVP_DigestInit_ex(rl->md_ctx, md, NULL) <= 0)) { - ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); - return OSSL_RECORD_RETURN_FATAL; - } - -#ifndef OPENSSL_NO_COMP - if (comp != NULL) { - rl->compctx = COMP_CTX_new(comp); - if (rl->compctx == NULL) { - ERR_raise(ERR_LIB_SSL, SSL_R_COMPRESSION_LIBRARY_ERROR); - return OSSL_RECORD_RETURN_FATAL; - } - } -#endif - - if (!EVP_CipherInit_ex(ciph_ctx, ciph, NULL, key, iv, enc)) { - ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); - return OSSL_RECORD_RETURN_FATAL; - } - - if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(ciph_ctx)) != NULL - && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md)) { - /* ERR_raise already called */ - return OSSL_RECORD_RETURN_FATAL; - } - - if (mackeylen > sizeof(rl->mac_secret)) { - ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); - return OSSL_RECORD_RETURN_FATAL; - } - memcpy(rl->mac_secret, mackey, mackeylen); - - return OSSL_RECORD_RETURN_SUCCESS; -} - -/* - * ssl3_cipher encrypts/decrypts |n_recs| records in |inrecs|. Calls RLAYERfatal - * on internal error, but not otherwise. It is the responsibility of the caller - * to report a bad_record_mac - * - * Returns: - * 0: if the record is publicly invalid, or an internal error - * 1: Success or Mac-then-encrypt decryption failed (MAC will be randomised) - */ -static int ssl3_cipher(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *inrecs, - size_t n_recs, int sending, SSL_MAC_BUF *mac, - size_t macsize) -{ - TLS_RL_RECORD *rec; - EVP_CIPHER_CTX *ds; - size_t l, i; - size_t bs; - const EVP_CIPHER *enc; - int provided; - - rec = inrecs; - /* - * We shouldn't ever be called with more than one record in the SSLv3 case - */ - if (n_recs != 1) - return 0; - - ds = rl->enc_ctx; - if (ds == NULL || (enc = EVP_CIPHER_CTX_get0_cipher(ds)) == NULL) - return 0; - - provided = (EVP_CIPHER_get0_provider(enc) != NULL); - - l = rec->length; - bs = EVP_CIPHER_CTX_get_block_size(ds); - - if (bs == 0) - return 0; - - /* COMPRESS */ - - if ((bs != 1) && sending && !provided) { - /* - * We only do this for legacy ciphers. Provided ciphers add the - * padding on the provider side. - */ - i = bs - (l % bs); - - /* we need to add 'i-1' padding bytes */ - l += i; - /* - * the last of these zero bytes will be overwritten with the - * padding length. - */ - memset(&rec->input[rec->length], 0, i); - rec->length += i; - rec->input[l - 1] = (unsigned char)(i - 1); - } - - if (!sending) { - if (l == 0 || l % bs != 0) { - /* Publicly invalid */ - return 0; - } - /* otherwise, rec->length >= bs */ - } - - if (provided) { - int outlen; - - if (!EVP_CipherUpdate(ds, rec->data, &outlen, rec->input, - (unsigned int)l)) - return 0; - rec->length = outlen; - - if (!sending && mac != NULL) { - /* Now get a pointer to the MAC */ - OSSL_PARAM params[2], *p = params; - - /* Get the MAC */ - mac->alloced = 0; - - *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_TLS_MAC, - (void **)&mac->mac, - macsize); - *p = OSSL_PARAM_construct_end(); - - if (!EVP_CIPHER_CTX_get_params(ds, params)) { - /* Shouldn't normally happen */ - RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - } - } else { - if (EVP_Cipher(ds, rec->data, rec->input, (unsigned int)l) < 1) { - /* Shouldn't happen */ - RLAYERfatal(rl, SSL_AD_BAD_RECORD_MAC, ERR_R_INTERNAL_ERROR); - return 0; - } - - if (!sending) - return ssl3_cbc_remove_padding_and_mac(&rec->length, - rec->orig_len, - rec->data, - (mac != NULL) ? &mac->mac : NULL, - (mac != NULL) ? &mac->alloced : NULL, - bs, - macsize, - rl->libctx); - } - - return 1; -} - -static const unsigned char ssl3_pad_1[48] = { - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 -}; - -static const unsigned char ssl3_pad_2[48] = { - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, - 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c -}; - -static int ssl3_mac(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec, unsigned char *md, - int sending) -{ - unsigned char *mac_sec, *seq = rl->sequence; - const EVP_MD_CTX *hash; - unsigned char *p, rec_char; - size_t md_size; - size_t npad; - int t; - - mac_sec = &(rl->mac_secret[0]); - hash = rl->md_ctx; - - t = EVP_MD_CTX_get_size(hash); - if (t <= 0) - return 0; - md_size = t; - npad = (48 / md_size) * md_size; - - if (!sending - && EVP_CIPHER_CTX_get_mode(rl->enc_ctx) == EVP_CIPH_CBC_MODE - && ssl3_cbc_record_digest_supported(hash)) { -#ifdef OPENSSL_NO_DEPRECATED_3_0 - return 0; -#else - /* - * This is a CBC-encrypted record. We must avoid leaking any - * timing-side channel information about how many blocks of data we - * are hashing because that gives an attacker a timing-oracle. - */ - - /*- - * npad is, at most, 48 bytes and that's with MD5: - * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75. - * - * With SHA-1 (the largest hash speced for SSLv3) the hash size - * goes up 4, but npad goes down by 8, resulting in a smaller - * total size. - */ - unsigned char header[75]; - size_t j = 0; - memcpy(header + j, mac_sec, md_size); - j += md_size; - memcpy(header + j, ssl3_pad_1, npad); - j += npad; - memcpy(header + j, seq, 8); - j += 8; - header[j++] = rec->type; - header[j++] = (unsigned char)(rec->length >> 8); - header[j++] = (unsigned char)(rec->length & 0xff); - - /* Final param == is SSLv3 */ - if (ssl3_cbc_digest_record(EVP_MD_CTX_get0_md(hash), - md, &md_size, - header, rec->input, - rec->length, rec->orig_len, - mac_sec, md_size, 1) - <= 0) - return 0; -#endif - } else { - unsigned int md_size_u; - /* Chop the digest off the end :-) */ - EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); - - if (md_ctx == NULL) - return 0; - - rec_char = rec->type; - p = md; - s2n(rec->length, p); - if (EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0 - || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0 - || EVP_DigestUpdate(md_ctx, ssl3_pad_1, npad) <= 0 - || EVP_DigestUpdate(md_ctx, seq, 8) <= 0 - || EVP_DigestUpdate(md_ctx, &rec_char, 1) <= 0 - || EVP_DigestUpdate(md_ctx, md, 2) <= 0 - || EVP_DigestUpdate(md_ctx, rec->input, rec->length) <= 0 - || EVP_DigestFinal_ex(md_ctx, md, NULL) <= 0 - || EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0 - || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0 - || EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0 - || EVP_DigestUpdate(md_ctx, md, md_size) <= 0 - || EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) { - EVP_MD_CTX_free(md_ctx); - return 0; - } - - EVP_MD_CTX_free(md_ctx); - } - - if (!tls_increment_sequence_ctr(rl)) - return 0; - - return 1; -} - -const struct record_functions_st ssl_3_0_funcs = { - ssl3_set_crypto_state, - ssl3_cipher, - ssl3_mac, - tls_default_set_protocol_version, - tls_default_read_n, - tls_get_more_records, - tls_default_validate_record_header, - tls_default_post_process_record, - tls_get_max_records_default, - tls_write_records_default, - /* These 2 functions are defined in tls1_meth.c */ - tls1_allocate_write_buffers, - tls1_initialise_write_packets, - NULL, - tls_prepare_record_header_default, - NULL, - tls_prepare_for_encryption_default, - tls_post_encryption_processing_default, - NULL -}; diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c index 4ddcb21b739..aa43dba6a42 100644 --- a/ssl/record/methods/tls_common.c +++ b/ssl/record/methods/tls_common.c @@ -1425,9 +1425,6 @@ tls_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers, case TLS1_VERSION: (*retrl)->funcs = &tls_1_funcs; break; - case SSL3_VERSION: - (*retrl)->funcs = &ssl_3_0_funcs; - break; default: /* Should not happen */ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index bcb833406fb..2f5a3945fa0 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -11,205 +11,10 @@ #include #include "ssl_local.h" #include -#include #include #include "internal/cryptlib.h" #include "internal/ssl_unwrap.h" -static int ssl3_generate_key_block(SSL_CONNECTION *s, unsigned char *km, int num) -{ - const EVP_MD *md5 = NULL, *sha1 = NULL; - EVP_MD_CTX *m5; - EVP_MD_CTX *s1; - unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; - unsigned char c = 'A'; - unsigned int i, k; - int ret = 0; - SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); - -#ifdef CHARSET_EBCDIC - c = os_toascii[c]; /* 'A' in ASCII */ -#endif - k = 0; - md5 = EVP_MD_fetch(sctx->libctx, "MD5", sctx->propq); - sha1 = EVP_MD_fetch(sctx->libctx, "SHA1", sctx->propq); - m5 = EVP_MD_CTX_new(); - s1 = EVP_MD_CTX_new(); - if (md5 == NULL || sha1 == NULL || m5 == NULL || s1 == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); - goto err; - } - for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { - k++; - if (k > sizeof(buf)) { - /* bug: 'buf' is too small for this ciphersuite */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - - memset(buf, c, k); - c++; - if (!EVP_DigestInit_ex(s1, sha1, NULL) - || !EVP_DigestUpdate(s1, buf, k) - || !EVP_DigestUpdate(s1, s->session->master_key, - s->session->master_key_length) - || !EVP_DigestUpdate(s1, s->s3.server_random, SSL3_RANDOM_SIZE) - || !EVP_DigestUpdate(s1, s->s3.client_random, SSL3_RANDOM_SIZE) - || !EVP_DigestFinal_ex(s1, smd, NULL) - || !EVP_DigestInit_ex(m5, md5, NULL) - || !EVP_DigestUpdate(m5, s->session->master_key, - s->session->master_key_length) - || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - if ((int)(i + MD5_DIGEST_LENGTH) > num) { - if (!EVP_DigestFinal_ex(m5, smd, NULL)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - memcpy(km, smd, (num - i)); - } else { - if (!EVP_DigestFinal_ex(m5, km, NULL)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - } - - km += MD5_DIGEST_LENGTH; - } - OPENSSL_cleanse(smd, sizeof(smd)); - ret = 1; -err: - EVP_MD_CTX_free(m5); - EVP_MD_CTX_free(s1); - ssl_evp_md_free(md5); - ssl_evp_md_free(sha1); - return ret; -} - -int ssl3_change_cipher_state(SSL_CONNECTION *s, int which) -{ - unsigned char *p, *mac_secret; - size_t md_len; - unsigned char *key, *iv; - const EVP_CIPHER *ciph; - const SSL_COMP *comp = NULL; - const EVP_MD *md; - int mdi; - size_t n, iv_len, key_len; - int direction = (which & SSL3_CC_READ) != 0 ? OSSL_RECORD_DIRECTION_READ - : OSSL_RECORD_DIRECTION_WRITE; - - ciph = s->s3.tmp.new_sym_enc; - md = s->s3.tmp.new_hash; - /* m == NULL will lead to a crash later */ - if (!ossl_assert(md != NULL)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } -#ifndef OPENSSL_NO_COMP - comp = s->s3.tmp.new_compression; -#endif - - p = s->s3.tmp.key_block; - mdi = EVP_MD_get_size(md); - if (mdi <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - md_len = (size_t)mdi; - key_len = EVP_CIPHER_get_key_length(ciph); - iv_len = EVP_CIPHER_get_iv_length(ciph); - - if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { - mac_secret = &(p[0]); - n = md_len + md_len; - key = &(p[n]); - n += key_len + key_len; - iv = &(p[n]); - n += iv_len + iv_len; - } else { - n = md_len; - mac_secret = &(p[n]); - n += md_len + key_len; - key = &(p[n]); - n += key_len + iv_len; - iv = &(p[n]); - n += iv_len; - } - - if (n > s->s3.tmp.key_block_length) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (!ssl_set_new_record_layer(s, SSL3_VERSION, - direction, - OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, - NULL, 0, key, key_len, iv, iv_len, mac_secret, - md_len, ciph, 0, NID_undef, md, comp, NULL)) { - /* SSLfatal already called */ - goto err; - } - - return 1; -err: - return 0; -} - -int ssl3_setup_key_block(SSL_CONNECTION *s) -{ - unsigned char *p; - const EVP_CIPHER *c; - const EVP_MD *hash; - int num; - int ret = 0; - SSL_COMP *comp; - - if (s->s3.tmp.key_block_length != 0) - return 1; - - if (!ssl_cipher_get_evp(SSL_CONNECTION_GET_CTX(s), s->session, &c, &hash, - NULL, NULL, &comp, 0)) { - /* Error is already recorded */ - SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); - return 0; - } - - ssl_evp_cipher_free(s->s3.tmp.new_sym_enc); - s->s3.tmp.new_sym_enc = c; - ssl_evp_md_free(s->s3.tmp.new_hash); - s->s3.tmp.new_hash = hash; -#ifdef OPENSSL_NO_COMP - s->s3.tmp.new_compression = NULL; -#else - s->s3.tmp.new_compression = comp; -#endif - - num = EVP_MD_get_size(hash); - if (num <= 0) - return 0; - - num = EVP_CIPHER_get_key_length(c) + num + EVP_CIPHER_get_iv_length(c); - num *= 2; - - ssl3_cleanup_key_block(s); - - if ((p = OPENSSL_malloc(num)) == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); - return 0; - } - - s->s3.tmp.key_block_length = num; - s->s3.tmp.key_block = p; - - /* Calls SSLfatal() as required */ - ret = ssl3_generate_key_block(s, p, num); - - return ret; -} - void ssl3_cleanup_key_block(SSL_CONNECTION *s) { OPENSSL_clear_free(s->s3.tmp.key_block, s->s3.tmp.key_block_length); @@ -307,199 +112,3 @@ int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep) return 1; } - -void ssl3_digest_master_key_set_params(const SSL_SESSION *session, - OSSL_PARAM params[]) -{ - int n = 0; - params[n++] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, - (void *)session->master_key, - session->master_key_length); - params[n++] = OSSL_PARAM_construct_end(); -} - -size_t ssl3_final_finish_mac(SSL_CONNECTION *s, const char *sender, size_t len, - unsigned char *p) -{ - int ret; - EVP_MD_CTX *ctx = NULL; - - if (!ssl3_digest_cached_records(s, 0)) { - /* SSLfatal() already called */ - return 0; - } - - if (EVP_MD_CTX_get_type(s->s3.handshake_dgst) != NID_md5_sha1) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_REQUIRED_DIGEST); - return 0; - } - - ctx = EVP_MD_CTX_new(); - if (ctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); - return 0; - } - if (!EVP_MD_CTX_copy_ex(ctx, s->s3.handshake_dgst)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - ret = 0; - goto err; - } - - ret = EVP_MD_CTX_get_size(ctx); - if (ret < 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - ret = 0; - goto err; - } - - if (sender != NULL) { - OSSL_PARAM digest_cmd_params[3]; - - ssl3_digest_master_key_set_params(s->session, digest_cmd_params); - - if (EVP_DigestUpdate(ctx, sender, len) <= 0 - || EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= 0 - || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - ret = 0; - } - } - -err: - EVP_MD_CTX_free(ctx); - - return ret; -} - -int ssl3_generate_master_secret(SSL_CONNECTION *s, unsigned char *out, - unsigned char *p, - size_t len, size_t *secret_size) -{ - static const unsigned char *const salt[3] = { -#ifndef CHARSET_EBCDIC - (const unsigned char *)"A", - (const unsigned char *)"BB", - (const unsigned char *)"CCC", -#else - (const unsigned char *)"\x41", - (const unsigned char *)"\x42\x42", - (const unsigned char *)"\x43\x43\x43", -#endif - }; - unsigned char buf[EVP_MAX_MD_SIZE]; - EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - int i, ret = 1; - unsigned int n; - size_t ret_secret_size = 0; - - if (ctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); - return 0; - } - for (i = 0; i < 3; i++) { - if (EVP_DigestInit_ex(ctx, SSL_CONNECTION_GET_CTX(s)->sha1, NULL) <= 0 - || EVP_DigestUpdate(ctx, salt[i], - strlen((const char *)salt[i])) - <= 0 - || EVP_DigestUpdate(ctx, p, len) <= 0 - || EVP_DigestUpdate(ctx, &(s->s3.client_random[0]), - SSL3_RANDOM_SIZE) - <= 0 - || EVP_DigestUpdate(ctx, &(s->s3.server_random[0]), - SSL3_RANDOM_SIZE) - <= 0 - || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 - || EVP_DigestInit_ex(ctx, SSL_CONNECTION_GET_CTX(s)->md5, NULL) <= 0 - || EVP_DigestUpdate(ctx, p, len) <= 0 - || EVP_DigestUpdate(ctx, buf, n) <= 0 - || EVP_DigestFinal_ex(ctx, out, &n) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - ret = 0; - break; - } - out += n; - ret_secret_size += n; - } - EVP_MD_CTX_free(ctx); - - OPENSSL_cleanse(buf, sizeof(buf)); - if (ret) - *secret_size = ret_secret_size; - return ret; -} - -int ssl3_alert_code(int code) -{ - switch (code) { - case SSL_AD_CLOSE_NOTIFY: - return SSL3_AD_CLOSE_NOTIFY; - case SSL_AD_UNEXPECTED_MESSAGE: - return SSL3_AD_UNEXPECTED_MESSAGE; - case SSL_AD_BAD_RECORD_MAC: - return SSL3_AD_BAD_RECORD_MAC; - case SSL_AD_DECRYPTION_FAILED: - return SSL3_AD_BAD_RECORD_MAC; - case SSL_AD_RECORD_OVERFLOW: - return SSL3_AD_BAD_RECORD_MAC; - case SSL_AD_DECOMPRESSION_FAILURE: - return SSL3_AD_DECOMPRESSION_FAILURE; - case SSL_AD_HANDSHAKE_FAILURE: - return SSL3_AD_HANDSHAKE_FAILURE; - case SSL_AD_NO_CERTIFICATE: - return SSL3_AD_NO_CERTIFICATE; - case SSL_AD_BAD_CERTIFICATE: - return SSL3_AD_BAD_CERTIFICATE; - case SSL_AD_UNSUPPORTED_CERTIFICATE: - return SSL3_AD_UNSUPPORTED_CERTIFICATE; - case SSL_AD_CERTIFICATE_REVOKED: - return SSL3_AD_CERTIFICATE_REVOKED; - case SSL_AD_CERTIFICATE_EXPIRED: - return SSL3_AD_CERTIFICATE_EXPIRED; - case SSL_AD_CERTIFICATE_UNKNOWN: - return SSL3_AD_CERTIFICATE_UNKNOWN; - case SSL_AD_ILLEGAL_PARAMETER: - return SSL3_AD_ILLEGAL_PARAMETER; - case SSL_AD_UNKNOWN_CA: - return SSL3_AD_BAD_CERTIFICATE; - case SSL_AD_ACCESS_DENIED: - return SSL3_AD_HANDSHAKE_FAILURE; - case SSL_AD_DECODE_ERROR: - return SSL3_AD_HANDSHAKE_FAILURE; - case SSL_AD_DECRYPT_ERROR: - return SSL3_AD_HANDSHAKE_FAILURE; - case SSL_AD_EXPORT_RESTRICTION: - return SSL3_AD_HANDSHAKE_FAILURE; - case SSL_AD_PROTOCOL_VERSION: - return SSL3_AD_HANDSHAKE_FAILURE; - case SSL_AD_INSUFFICIENT_SECURITY: - return SSL3_AD_HANDSHAKE_FAILURE; - case SSL_AD_INTERNAL_ERROR: - return SSL3_AD_HANDSHAKE_FAILURE; - case SSL_AD_USER_CANCELLED: - return SSL3_AD_HANDSHAKE_FAILURE; - case SSL_AD_NO_RENEGOTIATION: - return -1; /* Don't send it :-) */ - case SSL_AD_UNSUPPORTED_EXTENSION: - return SSL3_AD_HANDSHAKE_FAILURE; - case SSL_AD_CERTIFICATE_UNOBTAINABLE: - return SSL3_AD_HANDSHAKE_FAILURE; - case SSL_AD_UNRECOGNIZED_NAME: - return SSL3_AD_HANDSHAKE_FAILURE; - case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: - return SSL3_AD_HANDSHAKE_FAILURE; - case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: - return SSL3_AD_HANDSHAKE_FAILURE; - case SSL_AD_UNKNOWN_PSK_IDENTITY: - return TLS1_AD_UNKNOWN_PSK_IDENTITY; - case SSL_AD_INAPPROPRIATE_FALLBACK: - return TLS1_AD_INAPPROPRIATE_FALLBACK; - case SSL_AD_NO_APPLICATION_PROTOCOL: - return TLS1_AD_NO_APPLICATION_PROTOCOL; - case SSL_AD_CERTIFICATE_REQUIRED: - return SSL_AD_HANDSHAKE_FAILURE; - case TLS13_AD_MISSING_EXTENSION: - return SSL_AD_HANDSHAKE_FAILURE; - default: - return -1; - } -} diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 6a3b14975ce..397ddf4bf59 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3735,44 +3735,6 @@ void ssl_sort_cipher_list(void) qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare); } -static int sslcon_undefined_function_1(SSL_CONNECTION *sc, unsigned char *r, - size_t s, const char *t, size_t u, - const unsigned char *v, size_t w, int x) -{ - (void)r; - (void)s; - (void)t; - (void)u; - (void)v; - (void)w; - (void)x; - return ssl_undefined_function(SSL_CONNECTION_GET_SSL(sc)); -} - -const SSL3_ENC_METHOD SSLv3_enc_data = { - ssl3_setup_key_block, - ssl3_generate_master_secret, - ssl3_change_cipher_state, - ssl3_final_finish_mac, - SSL3_MD_CLIENT_FINISHED_CONST, 4, - SSL3_MD_SERVER_FINISHED_CONST, 4, - ssl3_alert_code, - sslcon_undefined_function_1, - 0, - ssl3_set_handshake_header, - tls_close_construct_packet, - ssl3_handshake_write -}; - -OSSL_TIME ssl3_default_timeout(void) -{ - /* - * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for - * http, the cache would over fill - */ - return ossl_seconds2time(60 * 60 * 2); -} - int ssl3_num_ciphers(void) { return SSL3_NUM_CIPHERS; @@ -3927,7 +3889,7 @@ int ssl3_clear(SSL *s) if (!ssl_free_wbio_buffer(sc)) return 0; - sc->version = SSL3_VERSION; + sc->version = TLS1_VERSION; #if !defined(OPENSSL_NO_NEXTPROTONEG) OPENSSL_free(sc->ext.npn); @@ -4980,7 +4942,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL_CONNECTION *s, STACK_OF(SSL_CIPHER) *cl int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt) { - uint32_t alg_k, alg_a = 0; +#ifndef OPENSSL_NO_GOST + uint32_t alg_k; +#endif + uint32_t alg_a = 0; /* If we have custom certificate types set, use them */ if (s->cert->ctype) @@ -4988,9 +4953,9 @@ int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt) /* Get mask of algorithms disabled by signature list */ ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK); +#ifndef OPENSSL_NO_GOST alg_k = s->s3.tmp.new_cipher->algorithm_mkey; -#ifndef OPENSSL_NO_GOST if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST)) if (!WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN) || !WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_IANA_SIGN) @@ -5005,13 +4970,6 @@ int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt) return 0; #endif - if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) { - if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH)) - return 0; - if (!(alg_a & SSL_aDSS) - && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH)) - return 0; - } if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN)) return 0; if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN)) diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index ffe53bfe181..c1cb8e8bb0c 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c @@ -51,9 +51,6 @@ int ssl3_send_alert(SSL_CONNECTION *s, int level, int desc) desc = tls13_alert_code(desc); else desc = ssl->method->ssl3_enc->alert_value(desc); - if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) - desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have - * protocol_version alerts */ if (desc < 0) return -1; if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index a305c8d0d99..2bafe473fbf 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -494,7 +494,7 @@ static int ssl_check_allowed_versions(int min_version, int max_version) } else { /* Regular TLS version checks. */ if (min_version == 0) - min_version = SSL3_VERSION; + min_version = TLS1_VERSION; if (max_version == 0) max_version = TLS1_3_VERSION; #ifdef OPENSSL_NO_TLS1_3 @@ -513,10 +513,6 @@ static int ssl_check_allowed_versions(int min_version, int max_version) if (max_version == TLS1_VERSION) max_version = SSL3_VERSION; #endif -#ifdef OPENSSL_NO_SSL3 - if (min_version == SSL3_VERSION) - min_version = TLS1_VERSION; -#endif #ifdef OPENSSL_NO_TLS1 if (min_version == TLS1_VERSION) min_version = TLS1_1_VERSION; @@ -531,9 +527,6 @@ static int ssl_check_allowed_versions(int min_version, int max_version) #endif /* Done massaging versions; do the check. */ if (0 -#ifdef OPENSSL_NO_SSL3 - || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version) -#endif #ifdef OPENSSL_NO_TLS1 || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version) #endif diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index ca8a8e2acaa..994bfb79431 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2297,9 +2297,6 @@ extern const unsigned char tls12downgrade[8]; extern const SSL3_ENC_METHOD ssl3_undef_enc_method; -__owur const SSL_METHOD *sslv3_method(void); -__owur const SSL_METHOD *sslv3_server_method(void); -__owur const SSL_METHOD *sslv3_client_method(void); __owur const SSL_METHOD *tlsv1_method(void); __owur const SSL_METHOD *tlsv1_server_method(void); __owur const SSL_METHOD *tlsv1_client_method(void); @@ -2324,7 +2321,6 @@ extern const SSL3_ENC_METHOD TLSv1_enc_data; extern const SSL3_ENC_METHOD TLSv1_1_enc_data; extern const SSL3_ENC_METHOD TLSv1_2_enc_data; extern const SSL3_ENC_METHOD TLSv1_3_enc_data; -extern const SSL3_ENC_METHOD SSLv3_enc_data; extern const SSL3_ENC_METHOD DTLSv1_enc_data; extern const SSL3_ENC_METHOD DTLSv1_2_enc_data; @@ -2375,46 +2371,6 @@ extern const SSL3_ENC_METHOD DTLSv1_2_enc_data; return &func_name##_data; \ } -#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect) \ - const SSL_METHOD *func_name(void) \ - { \ - static const SSL_METHOD func_name##_data = { \ - SSL3_VERSION, \ - SSL_METHOD_NO_FIPS | SSL_METHOD_NO_SUITEB, \ - SSL_OP_NO_SSLv3, \ - ossl_ssl_connection_new, \ - ossl_ssl_connection_free, \ - ossl_ssl_connection_reset, \ - ssl3_new, \ - ssl3_clear, \ - ssl3_free, \ - s_accept, \ - s_connect, \ - ssl3_read, \ - ssl3_peek, \ - ssl3_write, \ - ssl3_shutdown, \ - ssl3_renegotiate, \ - ssl3_renegotiate_check, \ - ssl3_read_bytes, \ - ssl3_write_bytes, \ - ssl3_dispatch_alert, \ - ssl3_ctrl, \ - ssl3_ctx_ctrl, \ - ssl3_get_cipher_by_char, \ - ssl3_put_cipher_by_char, \ - ssl3_pending, \ - ssl3_num_ciphers, \ - ssl3_get_cipher, \ - ssl3_default_timeout, \ - &SSLv3_enc_data, \ - ssl_undefined_void_function, \ - ssl3_callback_ctrl, \ - ssl3_ctx_callback_ctrl, \ - }; \ - return &func_name##_data; \ - } - #define IMPLEMENT_dtls1_meth_func(version, flags, mask, func_name, s_accept, \ s_connect, enc_data) \ const SSL_METHOD *func_name(void) \ @@ -2645,24 +2601,15 @@ __owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); __owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len); int ssl3_init_finished_mac(SSL_CONNECTION *s); -__owur int ssl3_setup_key_block(SSL_CONNECTION *s); -__owur int ssl3_change_cipher_state(SSL_CONNECTION *s, int which); void ssl3_cleanup_key_block(SSL_CONNECTION *s); __owur int ssl3_do_write(SSL_CONNECTION *s, uint8_t type); int ssl3_send_alert(SSL_CONNECTION *s, int level, int desc); -__owur int ssl3_generate_master_secret(SSL_CONNECTION *s, unsigned char *out, - unsigned char *p, size_t len, - size_t *secret_size); __owur int ssl3_get_req_cert_type(SSL_CONNECTION *s, WPACKET *pkt); __owur int ssl3_num_ciphers(void); __owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u); int ssl3_renegotiate(SSL *ssl); int ssl3_renegotiate_check(SSL *ssl, int initok); -void ssl3_digest_master_key_set_params(const SSL_SESSION *session, - OSSL_PARAM params[]); __owur int ssl3_dispatch_alert(SSL *s); -__owur size_t ssl3_final_finish_mac(SSL_CONNECTION *s, const char *sender, - size_t slen, unsigned char *p); __owur int ssl3_finish_mac(SSL_CONNECTION *s, const unsigned char *buf, size_t len); void ssl3_free_digest_list(SSL_CONNECTION *s); @@ -2685,7 +2632,6 @@ __owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)); __owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void)); __owur int ssl3_do_change_cipher_spec(SSL_CONNECTION *s); -__owur OSSL_TIME ssl3_default_timeout(void); __owur int ssl3_set_handshake_header(SSL_CONNECTION *s, WPACKET *pkt, int htype); @@ -2823,7 +2769,6 @@ __owur int tls13_export_keying_material_early(SSL_CONNECTION *s, size_t contextlen); __owur int tls1_alert_code(int code); __owur int tls13_alert_code(int code); -__owur int ssl3_alert_code(int code); __owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CONNECTION *s); @@ -3088,7 +3033,7 @@ long ossl_ctrl_internal(SSL *s, int cmd, long larg, void *parg, int no_quic); * allowed but ignored under QUIC. */ #define OSSL_TLS1_2_OPTIONS \ - (SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | SSL_OP_ALLOW_CLIENT_RENEGOTIATION | SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION | SSL_OP_NO_COMPRESSION | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_DTLSv1 | SSL_OP_NO_DTLSv1_2 | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_CISCO_ANYCONNECT | SSL_OP_NO_RENEGOTIATION | SSL_OP_NO_EXTENDED_MASTER_SECRET | SSL_OP_NO_ENCRYPT_THEN_MAC | SSL_OP_COOKIE_EXCHANGE | SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_IGNORE_UNEXPECTED_EOF) + (SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | SSL_OP_ALLOW_CLIENT_RENEGOTIATION | SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_DTLSv1 | SSL_OP_NO_DTLSv1_2 | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_CISCO_ANYCONNECT | SSL_OP_NO_RENEGOTIATION | SSL_OP_NO_EXTENDED_MASTER_SECRET | SSL_OP_NO_ENCRYPT_THEN_MAC | SSL_OP_COOKIE_EXCHANGE | SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_IGNORE_UNEXPECTED_EOF) /* Total mask of connection-level options permitted or ignored under QUIC. */ #define OSSL_QUIC_PERMITTED_OPTIONS_CONN \ diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 77cf2537bea..47a0e52ea97 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -351,7 +351,6 @@ int ssl_generate_session_id(SSL_CONNECTION *s, SSL_SESSION *ss) SSL *ssl = SSL_CONNECTION_GET_SSL(s); switch (s->version) { - case SSL3_VERSION: case TLS1_VERSION: case TLS1_1_VERSION: case TLS1_2_VERSION: diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 4c0d819ffee..eae6bae0f7b 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -144,7 +144,7 @@ typedef struct extensions_definition_st { static const EXTENSION_DEFINITION ext_defs[] = { { TLSEXT_TYPE_renegotiate, SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO - | SSL_EXT_SSL3_ALLOWED | SSL_EXT_TLS1_2_AND_BELOW_ONLY, + | SSL_EXT_TLS1_2_AND_BELOW_ONLY, NULL, tls_parse_ctos_renegotiate, tls_parse_stoc_renegotiate, tls_construct_stoc_renegotiate, tls_construct_ctos_renegotiate, final_renegotiate }, @@ -522,8 +522,6 @@ int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx, if ((SSL_CONNECTION_IS_DTLS(s) && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0) - || (s->version == SSL3_VERSION - && (extctx & SSL_EXT_SSL3_ALLOWED) == 0) /* * Note that SSL_IS_TLS13() means "TLS 1.3 has been negotiated", * which is never true when generating the ClientHello. diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c index 4da3c181173..1833a617992 100644 --- a/ssl/statem/extensions_clnt.c +++ b/ssl/statem/extensions_clnt.c @@ -145,10 +145,6 @@ static int use_ecc(SSL_CONNECTION *s, int min_version, int max_version) size_t num_groups, j; SSL *ssl = SSL_CONNECTION_GET_SSL(s); - /* See if we support any ECC ciphersuites */ - if (s->version == SSL3_VERSION) - return 0; - cipher_stack = SSL_get1_supported_ciphers(ssl); end = sk_SSL_CIPHER_num(cipher_stack); for (i = 0; i < end; i++) { diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index a1cbe723b62..a6723e1b667 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -55,8 +55,7 @@ static ossl_inline int received_server_cert(SSL_CONNECTION *sc) static ossl_inline int cert_req_allowed(SSL_CONNECTION *s) { /* TLS does not like anon-DH with client cert */ - if ((s->version > SSL3_VERSION - && (s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL)) + if ((s->s3.tmp.new_cipher->algorithm_auth & SSL_aNULL) || (s->s3.tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK))) return 0; @@ -3182,7 +3181,7 @@ static int tls_construct_cke_rsa(SSL_CONNECTION *s, WPACKET *pkt) } /* Fix buf for TLS and beyond */ - if (s->version > SSL3_VERSION && !WPACKET_start_sub_packet_u16(pkt)) { + if (!WPACKET_start_sub_packet_u16(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -3202,7 +3201,7 @@ static int tls_construct_cke_rsa(SSL_CONNECTION *s, WPACKET *pkt) pctx = NULL; /* Fix buf for TLS and beyond */ - if (s->version > SSL3_VERSION && !WPACKET_close(pkt)) { + if (!WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } @@ -3808,18 +3807,11 @@ WORK_STATE tls_prepare_client_certificate(SSL_CONNECTION *s, WORK_STATE wst) if (i && !ssl3_check_client_certificate(s)) i = 0; if (i == 0) { - if (s->version == SSL3_VERSION) { - s->s3.tmp.cert_req = 0; - ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE); - return WORK_FINISHED_CONTINUE; - } else { - s->s3.tmp.cert_req = 2; - s->ext.compress_certificate_from_peer[0] = TLSEXT_comp_cert_none; - if (!ssl3_digest_cached_records(s, 0)) { - /* SSLfatal() already called */ - return WORK_ERROR; - } - } + s->s3.tmp.cert_req = 2; + s->ext.compress_certificate_from_peer[0] = TLSEXT_comp_cert_none; + if (!ssl3_digest_cached_records(s, 0)) + /* SSLfatal() already called */ + return WORK_ERROR; } if (!SSL_CONNECTION_IS_TLS13(s) diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 28dc586d340..9e0c853c0d2 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -369,42 +369,20 @@ CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt) goto err; } } - if (s->version == SSL3_VERSION) { - /* - * Here we use EVP_DigestSignUpdate followed by EVP_DigestSignFinal - * in order to add the EVP_CTRL_SSL3_MASTER_SECRET call between them. - */ - if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0 - || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, - (int)s->session->master_key_length, - s->session->master_key) - <= 0 - || EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); - goto err; - } - sig = OPENSSL_malloc(siglen); - if (sig == NULL - || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); - goto err; - } - } else { - /* - * Here we *must* use EVP_DigestSign() because Ed25519/Ed448 does not - * support streaming via EVP_DigestSignUpdate/EVP_DigestSignFinal - */ - if (EVP_DigestSign(mctx, NULL, &siglen, hdata, hdatalen) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); - goto err; - } - sig = OPENSSL_malloc(siglen); - if (sig == NULL - || EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); - goto err; - } + /* + * Here we *must* use EVP_DigestSign() because Ed25519/Ed448 does not + * support streaming via EVP_DigestSignUpdate/EVP_DigestSignFinal + */ + if (EVP_DigestSign(mctx, NULL, &siglen, hdata, hdatalen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); + goto err; + } + sig = OPENSSL_malloc(siglen); + if (sig == NULL + || EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); + goto err; } #ifndef OPENSSL_NO_GOST @@ -567,30 +545,16 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, PACKET *pkt) goto err; } } - if (s->version == SSL3_VERSION) { - if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0 - || EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET, - (int)s->session->master_key_length, - s->session->master_key) - <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); - goto err; - } - if (EVP_DigestVerifyFinal(mctx, data, len) <= 0) { - SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BAD_SIGNATURE); - goto err; - } - } else { - j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen); + + j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen); #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - /* Ignore bad signatures when fuzzing */ - if (SSL_IS_QUIC_HANDSHAKE(s)) - j = 1; + /* Ignore bad signatures when fuzzing */ + if (SSL_IS_QUIC_HANDSHAKE(s)) + j = 1; #endif - if (j <= 0) { - SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BAD_SIGNATURE); - goto err; - } + if (j <= 0) { + SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_R_BAD_SIGNATURE); + goto err; } /* @@ -1859,11 +1823,6 @@ static const version_info tls_version_table[] = { { TLS1_VERSION, tlsv1_client_method, tlsv1_server_method }, #else { TLS1_VERSION, NULL, NULL }, -#endif -#ifndef OPENSSL_NO_SSL3 - { SSL3_VERSION, sslv3_client_method, sslv3_server_method }, -#else - { SSL3_VERSION, NULL, NULL }, #endif { 0, NULL, NULL }, }; @@ -2086,7 +2045,7 @@ int ssl_set_version_bound(int method_version, int version, int *bound) return 1; } - valid_tls = version >= SSL3_VERSION && version <= TLS_MAX_VERSION_INTERNAL; + valid_tls = version > SSL3_VERSION && version <= TLS_MAX_VERSION_INTERNAL; valid_dtls = /* We support client side pre-standardisation version of DTLS */ (version == DTLS1_BAD_VER) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 7bf37b0689f..e511da8585c 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -211,30 +211,10 @@ int ossl_statem_server_read_transition(SSL_CONNECTION *s, int mt) * If we get a CKE message after a ServerDone then either * 1) We didn't request a Certificate * OR - * 2) If we did request one then - * a) We allow no Certificate to be returned - * AND - * b) We are running SSL3 (in TLS1.0+ the client must return a 0 - * list if we requested a certificate) + * 2) We did request one and we allow no Certificate to be returned */ if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) { - if (s->s3.tmp.cert_request) { - if (s->version == SSL3_VERSION) { - if ((s->verify_mode & SSL_VERIFY_PEER) - && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { - /* - * This isn't an unexpected message as such - we're just - * not going to accept it because we require a client - * cert. - */ - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); - return 0; - } - st->hand_state = TLS_ST_SR_KEY_EXCH; - return 1; - } - } else { + if (!s->s3.tmp.cert_request) { st->hand_state = TLS_ST_SR_KEY_EXCH; return 1; } @@ -3154,8 +3134,8 @@ static int tls_process_cke_rsa(SSL_CONNECTION *s, PACKET *pkt) return 0; } - /* SSLv3 and pre-standard DTLS omit the length bytes. */ - if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) { + /* pre-standard DTLS omits the length bytes. */ + if (s->version == DTLS1_BAD_VER) { enc_premaster = *pkt; } else { if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster) @@ -3887,14 +3867,8 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, } if (sk_X509_num(sk) <= 0) { - /* TLS does not mind 0 certs returned */ - if (s->version == SSL3_VERSION) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, - SSL_R_NO_CERTIFICATES_RETURNED); - goto err; - } - /* Fail for TLS only if we required a certificate */ - else if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { + /* Fail only if we required a certificate */ + if ((s->verify_mode & SSL_VERIFY_PEER) && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) { SSLfatal(s, SSL_AD_CERTIFICATE_REQUIRED, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); goto err; diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index d29c1918e95..2e0266c94d3 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -63,7 +63,6 @@ static int do_ssl_trace_list(BIO *bio, int indent, /* Version number */ static const ssl_trace_tbl ssl_version_tbl[] = { - { SSL3_VERSION, "SSL 3.0" }, { TLS1_VERSION, "TLS 1.0" }, { TLS1_1_VERSION, "TLS 1.1" }, { TLS1_2_VERSION, "TLS 1.2" }, @@ -1184,14 +1183,9 @@ static int ssl_print_client_keyex(BIO *bio, int indent, const SSL_CONNECTION *sc case SSL_kRSA: case SSL_kRSAPSK: - if (TLS1_get_version(SSL_CONNECTION_GET_SSL(sc)) == SSL3_VERSION) { - ssl_print_hex(bio, indent + 2, - "EncryptedPreMasterSecret", msg, msglen); - } else { - if (!ssl_print_hexbuf(bio, indent + 2, - "EncryptedPreMasterSecret", 2, &msg, &msglen)) - return 0; - } + if (!ssl_print_hexbuf(bio, indent + 2, + "EncryptedPreMasterSecret", 2, &msg, &msglen)) + return 0; break; case SSL_kDHE: diff --git a/test/README.ssltest.md b/test/README.ssltest.md index 85a64307991..85b44dcd402 100644 --- a/test/README.ssltest.md +++ b/test/README.ssltest.md @@ -74,7 +74,7 @@ handshake. another alert.) * ExpectedProtocol - expected negotiated protocol. One of - SSLv3, TLSv1, TLSv1.1, TLSv1.2. + TLSv1, TLSv1.1, TLSv1.2. * SessionTicketExpected - whether or not a session ticket is expected - Ignore - do not check for a session ticket (default) diff --git a/test/helpers/ssl_test_ctx.c b/test/helpers/ssl_test_ctx.c index 98b3ff6d636..342308c617c 100644 --- a/test/helpers/ssl_test_ctx.c +++ b/test/helpers/ssl_test_ctx.c @@ -155,7 +155,6 @@ static const test_enum ssl_protocols[] = { { "TLSv1.2", TLS1_2_VERSION }, { "TLSv1.1", TLS1_1_VERSION }, { "TLSv1", TLS1_VERSION }, - { "SSLv3", SSL3_VERSION }, { "DTLSv1", DTLS1_VERSION }, { "DTLSv1.2", DTLS1_2_VERSION }, }; diff --git a/test/recipes/70-test_asyncio.t b/test/recipes/70-test_asyncio.t index c5b39128eb5..9364acf2dd0 100644 --- a/test/recipes/70-test_asyncio.t +++ b/test/recipes/70-test_asyncio.t @@ -13,7 +13,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_asyncio"); plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" - if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); + if alldisabled(available_protocols("tls")); plan tests => 1; diff --git a/test/recipes/70-test_clienthello.t b/test/recipes/70-test_clienthello.t index 61130bd9b49..662b31dc4ad 100644 --- a/test/recipes/70-test_clienthello.t +++ b/test/recipes/70-test_clienthello.t @@ -13,7 +13,7 @@ use OpenSSL::Test::Utils; setup("test_clienthello"); plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" - if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); + if alldisabled(available_protocols("tls")); #No EC with TLSv1.3 confuses the padding calculations in this test plan skip_all => "No EC with TLSv1.3 is not supported by this test" diff --git a/test/recipes/70-test_recordlen.t b/test/recipes/70-test_recordlen.t index 9adc71cb8fc..4901633ce50 100644 --- a/test/recipes/70-test_recordlen.t +++ b/test/recipes/70-test_recordlen.t @@ -13,7 +13,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_recordlen"); plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" - if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); + if alldisabled(available_protocols("tls")); plan tests => 1; diff --git a/test/recipes/70-test_renegotiation.t b/test/recipes/70-test_renegotiation.t index 54d2cf922ef..d2ff9a8ab6c 100644 --- a/test/recipes/70-test_renegotiation.t +++ b/test/recipes/70-test_renegotiation.t @@ -28,7 +28,7 @@ plan skip_all => "$test_name needs the sock feature enabled" if disabled("sock"); plan skip_all => "$test_name needs TLS <= 1.2 enabled" - if alldisabled(("ssl3", "tls1", "tls1_1", "tls1_2")); + if alldisabled(("tls1", "tls1_1", "tls1_2")); plan tests => 9; diff --git a/test/recipes/70-test_servername.t b/test/recipes/70-test_servername.t index f5ea9473c21..47b5e9dbec9 100644 --- a/test/recipes/70-test_servername.t +++ b/test/recipes/70-test_servername.t @@ -17,7 +17,7 @@ use OpenSSL::Test::Utils qw(alldisabled available_protocols); setup("test_servername"); plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" - if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); + if alldisabled(available_protocols("tls")); plan tests => 1; diff --git a/test/recipes/70-test_sslsessiontick.t b/test/recipes/70-test_sslsessiontick.t index 5dcdea8bc2c..59bd677d535 100644 --- a/test/recipes/70-test_sslsessiontick.t +++ b/test/recipes/70-test_sslsessiontick.t @@ -27,8 +27,8 @@ plan skip_all => "$test_name needs the module feature enabled" plan skip_all => "$test_name needs the sock feature enabled" if disabled("sock"); -plan skip_all => "$test_name needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled" - if alldisabled(("ssl3", "tls1", "tls1_1", "tls1_2")); +plan skip_all => "$test_name needs TLSv1, TLSv1.1 or TLSv1.2 enabled" + if alldisabled(("tls1", "tls1_1", "tls1_2")); sub checkmessages($$$$$$); sub clearclient(); diff --git a/test/recipes/70-test_sslsignature.t b/test/recipes/70-test_sslsignature.t index fdfa7f320cb..0d1b3584e96 100644 --- a/test/recipes/70-test_sslsignature.t +++ b/test/recipes/70-test_sslsignature.t @@ -87,7 +87,7 @@ SKIP: { SKIP: { skip "TLS <= 1.2 disabled", 2 - if alldisabled(("ssl3", "tls1", "tls1_1", "tls1_2")); + if alldisabled(("tls1", "tls1_1", "tls1_2")); #Test 3: Corrupting a CertVerify signature in <=TLSv1.2 should fail $proxy->clear(); diff --git a/test/recipes/70-test_sslvertol.t b/test/recipes/70-test_sslvertol.t index 8a675bf7a78..7ae56229db3 100644 --- a/test/recipes/70-test_sslvertol.t +++ b/test/recipes/70-test_sslvertol.t @@ -93,10 +93,10 @@ SKIP: { "Version tolerance test, max version but not TLS 1.3"); } -#Test 3: Testing something below SSLv3 should fail. We must disable TLS 1.3 +#Test 3: Testing something below TLS1.0 should fail. We must disable TLS 1.3 #to avoid having the 'supported_versions' extension kick in and override our #desires. -$client_version = TLSProxy::Record::VERS_SSL_3_0 - 1; +$client_version = TLSProxy::Record::VERS_TLS_1_0 - 1; $proxy->clear(); $proxy->clientflags("-no_tls1_3"); $proxy->start(); @@ -104,7 +104,7 @@ my $record = pop @{$proxy->record_list}; ok((note("Record version received: ". (defined $record ? $record->version() : "none")), TLSProxy::Message->fail()), - "Version tolerance test, SSL < 3.0"); + "Version tolerance test, TLS < 1.0"); sub vers_tolerance_filter { @@ -119,7 +119,7 @@ sub vers_tolerance_filter if ($message->mt == TLSProxy::Message::MT_CLIENT_HELLO) { #Set the client version #Anything above the max supported version should succeed - #Anything below SSLv3 should fail + #Anything below TLS1.0 should fail $message->client_version($client_version); $message->repack(); } diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 44c674e4675..1fd488a7959 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -50,13 +50,13 @@ map { s/\^// } @conf_files if $^O eq "VMS"; # Some test results depend on the configuration of enabled protocols. We only # verify generated sources in the default configuration. -my $is_default_tls = (disabled("ssl3") && !disabled("tls1") && - !disabled("tls1_1") && !disabled("tls1_2") && - !disabled("tls1_3") && (!disabled("ec") || !disabled("dh"))); +my $is_default_tls = (!disabled("tls1") && !disabled("tls1_1") && + !disabled("tls1_2") && !disabled("tls1_3") && + (!disabled("ec") || !disabled("dh"))); my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2")); -my @all_pre_tls1_3 = ("ssl3", "tls1", "tls1_1", "tls1_2"); +my @all_pre_tls1_3 = ("tls1", "tls1_1", "tls1_2"); my $no_tls = alldisabled(available_protocols("tls")); my $no_tls_below1_3 = $no_tls || (disabled("tls1_2") && !disabled("tls1_3")); if (!$no_tls && $no_tls_below1_3 && disabled("ec") && disabled("dh")) { diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index f7be2e18726..0039fe21725 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -25,10 +25,10 @@ use lib bldtop_dir('.'); my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk, - $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3, + $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3, $no_dtls, $no_dtls1, $no_dtls1_2, $no_ct) = anydisabled qw/rsa dsa dh ec psk - ssl3 tls1 tls1_1 tls1_2 tls1_3 + tls1 tls1_1 tls1_2 tls1_3 dtls dtls1 dtls1_2 ct/; #If ec and dh are disabled then don't use TLSv1.3 $no_tls1_3 = 1 if (!$no_tls1_3 && $no_ec && $no_dh); @@ -416,42 +416,25 @@ sub testssl { subtest 'standard SSL tests' => sub { ###################################################################### - plan tests => 19; + plan tests => 15; SKIP: { - skip "SSLv3 is not supported by this OpenSSL build", 4 - if disabled("ssl3"); - - skip "SSLv3 is not supported by the FIPS provider", 4 - if $provider eq "fips"; - - ok(run(test([@ssltest, "-bio_pair", "-ssl3"])), - 'test sslv3 via BIO pair'); - ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", @CA])), - 'test sslv3 with server authentication via BIO pair'); - ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-client_auth", @CA])), - 'test sslv3 with client authentication via BIO pair'); - ok(run(test([@ssltest, "-bio_pair", "-ssl3", "-server_auth", "-client_auth", @CA])), - 'test sslv3 with both server and client authentication via BIO pair'); - } - - SKIP: { - skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 1 + skip "No TLS versions are supported by this OpenSSL build", 1 if $no_anytls; ok(run(test([@ssltest, "-bio_pair"])), - 'test sslv2/sslv3 via BIO pair'); + 'test via BIO pair'); } SKIP: { - skip "Neither SSLv3 nor any TLS version are supported by this OpenSSL build", 14 + skip "No TLS versions are supported by this OpenSSL build", 14 if $no_anytls; SKIP: { - skip "skipping test of sslv2/sslv3 w/o (EC)DHE test", 1 if $dsa_cert; + skip "skipping test w/o (EC)DHE test", 1 if $dsa_cert; ok(run(test([@ssltest, "-bio_pair", "-no_dhe", "-no_ecdhe"])), - 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'); + 'test w/o (EC)DHE via BIO pair'); } SKIP: { @@ -459,17 +442,17 @@ sub testssl { if ($no_dh); ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])), - 'test sslv2/sslv3 with 1024bit DHE via BIO pair'); + 'test with 1024bit DHE via BIO pair'); } ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])), - 'test sslv2/sslv3 with server authentication'); + 'test with server authentication'); ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])), - 'test sslv2/sslv3 with client authentication via BIO pair'); + 'test with client authentication via BIO pair'); ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", @CA])), - 'test sslv2/sslv3 with both client and server authentication via BIO pair'); + 'test with both client and server authentication via BIO pair'); ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])), - 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify'); + 'test with both client and server authentication via BIO pair and app verify'); SKIP: { skip "No IPv4 available on this machine", 4 @@ -517,7 +500,6 @@ sub testssl { push @protocols, "-tls1_3" unless $no_tls1_3; push @protocols, "-tls1_2" unless $no_tls1_2; push @protocols, "-tls1" unless $no_tls1 || $provider eq "fips"; - push @protocols, "-ssl3" unless $no_ssl3 || $provider eq "fips"; my $protocolciphersuitecount = 0; my %ciphersuites = (); my %ciphersstatus = (); @@ -566,9 +548,6 @@ sub testssl { # DSA is not allowed in FIPS 140-3 note "*****SKIPPING $protocol $cipher"; ok(1); - } elsif ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) { - note "*****SKIPPING $protocol $cipher"; - ok(1); } else { if ($protocol eq "-tls1_3") { $ciphersuites = $cipher; @@ -601,18 +580,7 @@ sub testssl { subtest 'SSL security level failure tests' => sub { ###################################################################### - plan tests => 3; - - SKIP: { - skip "SSLv3 is not supported by this OpenSSL build", 1 - if disabled("ssl3"); - - skip "SSLv3 is not supported by the FIPS provider", 1 - if $provider eq "fips"; - - is(run(test([@ssltest, "-bio_pair", "-ssl3", "-cipher", '@SECLEVEL=1'])), - 0, "test sslv3 fails at security level 1, expecting failure"); - } + plan tests => 2; SKIP: { skip "TLSv1.0 is not supported by this OpenSSL build", 1 diff --git a/test/recipes/90-test_fatalerr.t b/test/recipes/90-test_fatalerr.t index a52878373e5..50b7a7543b3 100644 --- a/test/recipes/90-test_fatalerr.t +++ b/test/recipes/90-test_fatalerr.t @@ -13,7 +13,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_fatalerr"); plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" - if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); + if alldisabled(available_protocols("tls")); plan tests => 1; diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t index 9bb5c50c47f..25069f79858 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -32,7 +32,7 @@ my $fipsmodcfgtmp = result_file($fipsmodcfgtmp_filename); my $provconfnew = result_file("fips-and-base-temp.cnf"); plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" - if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); + if alldisabled(available_protocols("tls")); plan tests => 4; diff --git a/test/ssl-tests/02-protocol-version.cnf b/test/ssl-tests/02-protocol-version.cnf index ef5e9942779..8fc30f90877 100644 --- a/test/ssl-tests/02-protocol-version.cnf +++ b/test/ssl-tests/02-protocol-version.cnf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 678 +num_tests = 363 test-0 = 0-version-negotiation test-1 = 1-version-negotiation @@ -363,323 +363,8 @@ test-357 = 357-version-negotiation test-358 = 358-version-negotiation test-359 = 359-version-negotiation test-360 = 360-version-negotiation -test-361 = 361-version-negotiation -test-362 = 362-version-negotiation -test-363 = 363-version-negotiation -test-364 = 364-version-negotiation -test-365 = 365-version-negotiation -test-366 = 366-version-negotiation -test-367 = 367-version-negotiation -test-368 = 368-version-negotiation -test-369 = 369-version-negotiation -test-370 = 370-version-negotiation -test-371 = 371-version-negotiation -test-372 = 372-version-negotiation -test-373 = 373-version-negotiation -test-374 = 374-version-negotiation -test-375 = 375-version-negotiation -test-376 = 376-version-negotiation -test-377 = 377-version-negotiation -test-378 = 378-version-negotiation -test-379 = 379-version-negotiation -test-380 = 380-version-negotiation -test-381 = 381-version-negotiation -test-382 = 382-version-negotiation -test-383 = 383-version-negotiation -test-384 = 384-version-negotiation -test-385 = 385-version-negotiation -test-386 = 386-version-negotiation -test-387 = 387-version-negotiation -test-388 = 388-version-negotiation -test-389 = 389-version-negotiation -test-390 = 390-version-negotiation -test-391 = 391-version-negotiation -test-392 = 392-version-negotiation -test-393 = 393-version-negotiation -test-394 = 394-version-negotiation -test-395 = 395-version-negotiation -test-396 = 396-version-negotiation -test-397 = 397-version-negotiation -test-398 = 398-version-negotiation -test-399 = 399-version-negotiation -test-400 = 400-version-negotiation -test-401 = 401-version-negotiation -test-402 = 402-version-negotiation -test-403 = 403-version-negotiation -test-404 = 404-version-negotiation -test-405 = 405-version-negotiation -test-406 = 406-version-negotiation -test-407 = 407-version-negotiation -test-408 = 408-version-negotiation -test-409 = 409-version-negotiation -test-410 = 410-version-negotiation -test-411 = 411-version-negotiation -test-412 = 412-version-negotiation -test-413 = 413-version-negotiation -test-414 = 414-version-negotiation -test-415 = 415-version-negotiation -test-416 = 416-version-negotiation -test-417 = 417-version-negotiation -test-418 = 418-version-negotiation -test-419 = 419-version-negotiation -test-420 = 420-version-negotiation -test-421 = 421-version-negotiation -test-422 = 422-version-negotiation -test-423 = 423-version-negotiation -test-424 = 424-version-negotiation -test-425 = 425-version-negotiation -test-426 = 426-version-negotiation -test-427 = 427-version-negotiation -test-428 = 428-version-negotiation -test-429 = 429-version-negotiation -test-430 = 430-version-negotiation -test-431 = 431-version-negotiation -test-432 = 432-version-negotiation -test-433 = 433-version-negotiation -test-434 = 434-version-negotiation -test-435 = 435-version-negotiation -test-436 = 436-version-negotiation -test-437 = 437-version-negotiation -test-438 = 438-version-negotiation -test-439 = 439-version-negotiation -test-440 = 440-version-negotiation -test-441 = 441-version-negotiation -test-442 = 442-version-negotiation -test-443 = 443-version-negotiation -test-444 = 444-version-negotiation -test-445 = 445-version-negotiation -test-446 = 446-version-negotiation -test-447 = 447-version-negotiation -test-448 = 448-version-negotiation -test-449 = 449-version-negotiation -test-450 = 450-version-negotiation -test-451 = 451-version-negotiation -test-452 = 452-version-negotiation -test-453 = 453-version-negotiation -test-454 = 454-version-negotiation -test-455 = 455-version-negotiation -test-456 = 456-version-negotiation -test-457 = 457-version-negotiation -test-458 = 458-version-negotiation -test-459 = 459-version-negotiation -test-460 = 460-version-negotiation -test-461 = 461-version-negotiation -test-462 = 462-version-negotiation -test-463 = 463-version-negotiation -test-464 = 464-version-negotiation -test-465 = 465-version-negotiation -test-466 = 466-version-negotiation -test-467 = 467-version-negotiation -test-468 = 468-version-negotiation -test-469 = 469-version-negotiation -test-470 = 470-version-negotiation -test-471 = 471-version-negotiation -test-472 = 472-version-negotiation -test-473 = 473-version-negotiation -test-474 = 474-version-negotiation -test-475 = 475-version-negotiation -test-476 = 476-version-negotiation -test-477 = 477-version-negotiation -test-478 = 478-version-negotiation -test-479 = 479-version-negotiation -test-480 = 480-version-negotiation -test-481 = 481-version-negotiation -test-482 = 482-version-negotiation -test-483 = 483-version-negotiation -test-484 = 484-version-negotiation -test-485 = 485-version-negotiation -test-486 = 486-version-negotiation -test-487 = 487-version-negotiation -test-488 = 488-version-negotiation -test-489 = 489-version-negotiation -test-490 = 490-version-negotiation -test-491 = 491-version-negotiation -test-492 = 492-version-negotiation -test-493 = 493-version-negotiation -test-494 = 494-version-negotiation -test-495 = 495-version-negotiation -test-496 = 496-version-negotiation -test-497 = 497-version-negotiation -test-498 = 498-version-negotiation -test-499 = 499-version-negotiation -test-500 = 500-version-negotiation -test-501 = 501-version-negotiation -test-502 = 502-version-negotiation -test-503 = 503-version-negotiation -test-504 = 504-version-negotiation -test-505 = 505-version-negotiation -test-506 = 506-version-negotiation -test-507 = 507-version-negotiation -test-508 = 508-version-negotiation -test-509 = 509-version-negotiation -test-510 = 510-version-negotiation -test-511 = 511-version-negotiation -test-512 = 512-version-negotiation -test-513 = 513-version-negotiation -test-514 = 514-version-negotiation -test-515 = 515-version-negotiation -test-516 = 516-version-negotiation -test-517 = 517-version-negotiation -test-518 = 518-version-negotiation -test-519 = 519-version-negotiation -test-520 = 520-version-negotiation -test-521 = 521-version-negotiation -test-522 = 522-version-negotiation -test-523 = 523-version-negotiation -test-524 = 524-version-negotiation -test-525 = 525-version-negotiation -test-526 = 526-version-negotiation -test-527 = 527-version-negotiation -test-528 = 528-version-negotiation -test-529 = 529-version-negotiation -test-530 = 530-version-negotiation -test-531 = 531-version-negotiation -test-532 = 532-version-negotiation -test-533 = 533-version-negotiation -test-534 = 534-version-negotiation -test-535 = 535-version-negotiation -test-536 = 536-version-negotiation -test-537 = 537-version-negotiation -test-538 = 538-version-negotiation -test-539 = 539-version-negotiation -test-540 = 540-version-negotiation -test-541 = 541-version-negotiation -test-542 = 542-version-negotiation -test-543 = 543-version-negotiation -test-544 = 544-version-negotiation -test-545 = 545-version-negotiation -test-546 = 546-version-negotiation -test-547 = 547-version-negotiation -test-548 = 548-version-negotiation -test-549 = 549-version-negotiation -test-550 = 550-version-negotiation -test-551 = 551-version-negotiation -test-552 = 552-version-negotiation -test-553 = 553-version-negotiation -test-554 = 554-version-negotiation -test-555 = 555-version-negotiation -test-556 = 556-version-negotiation -test-557 = 557-version-negotiation -test-558 = 558-version-negotiation -test-559 = 559-version-negotiation -test-560 = 560-version-negotiation -test-561 = 561-version-negotiation -test-562 = 562-version-negotiation -test-563 = 563-version-negotiation -test-564 = 564-version-negotiation -test-565 = 565-version-negotiation -test-566 = 566-version-negotiation -test-567 = 567-version-negotiation -test-568 = 568-version-negotiation -test-569 = 569-version-negotiation -test-570 = 570-version-negotiation -test-571 = 571-version-negotiation -test-572 = 572-version-negotiation -test-573 = 573-version-negotiation -test-574 = 574-version-negotiation -test-575 = 575-version-negotiation -test-576 = 576-version-negotiation -test-577 = 577-version-negotiation -test-578 = 578-version-negotiation -test-579 = 579-version-negotiation -test-580 = 580-version-negotiation -test-581 = 581-version-negotiation -test-582 = 582-version-negotiation -test-583 = 583-version-negotiation -test-584 = 584-version-negotiation -test-585 = 585-version-negotiation -test-586 = 586-version-negotiation -test-587 = 587-version-negotiation -test-588 = 588-version-negotiation -test-589 = 589-version-negotiation -test-590 = 590-version-negotiation -test-591 = 591-version-negotiation -test-592 = 592-version-negotiation -test-593 = 593-version-negotiation -test-594 = 594-version-negotiation -test-595 = 595-version-negotiation -test-596 = 596-version-negotiation -test-597 = 597-version-negotiation -test-598 = 598-version-negotiation -test-599 = 599-version-negotiation -test-600 = 600-version-negotiation -test-601 = 601-version-negotiation -test-602 = 602-version-negotiation -test-603 = 603-version-negotiation -test-604 = 604-version-negotiation -test-605 = 605-version-negotiation -test-606 = 606-version-negotiation -test-607 = 607-version-negotiation -test-608 = 608-version-negotiation -test-609 = 609-version-negotiation -test-610 = 610-version-negotiation -test-611 = 611-version-negotiation -test-612 = 612-version-negotiation -test-613 = 613-version-negotiation -test-614 = 614-version-negotiation -test-615 = 615-version-negotiation -test-616 = 616-version-negotiation -test-617 = 617-version-negotiation -test-618 = 618-version-negotiation -test-619 = 619-version-negotiation -test-620 = 620-version-negotiation -test-621 = 621-version-negotiation -test-622 = 622-version-negotiation -test-623 = 623-version-negotiation -test-624 = 624-version-negotiation -test-625 = 625-version-negotiation -test-626 = 626-version-negotiation -test-627 = 627-version-negotiation -test-628 = 628-version-negotiation -test-629 = 629-version-negotiation -test-630 = 630-version-negotiation -test-631 = 631-version-negotiation -test-632 = 632-version-negotiation -test-633 = 633-version-negotiation -test-634 = 634-version-negotiation -test-635 = 635-version-negotiation -test-636 = 636-version-negotiation -test-637 = 637-version-negotiation -test-638 = 638-version-negotiation -test-639 = 639-version-negotiation -test-640 = 640-version-negotiation -test-641 = 641-version-negotiation -test-642 = 642-version-negotiation -test-643 = 643-version-negotiation -test-644 = 644-version-negotiation -test-645 = 645-version-negotiation -test-646 = 646-version-negotiation -test-647 = 647-version-negotiation -test-648 = 648-version-negotiation -test-649 = 649-version-negotiation -test-650 = 650-version-negotiation -test-651 = 651-version-negotiation -test-652 = 652-version-negotiation -test-653 = 653-version-negotiation -test-654 = 654-version-negotiation -test-655 = 655-version-negotiation -test-656 = 656-version-negotiation -test-657 = 657-version-negotiation -test-658 = 658-version-negotiation -test-659 = 659-version-negotiation -test-660 = 660-version-negotiation -test-661 = 661-version-negotiation -test-662 = 662-version-negotiation -test-663 = 663-version-negotiation -test-664 = 664-version-negotiation -test-665 = 665-version-negotiation -test-666 = 666-version-negotiation -test-667 = 667-version-negotiation -test-668 = 668-version-negotiation -test-669 = 669-version-negotiation -test-670 = 670-version-negotiation -test-671 = 671-version-negotiation -test-672 = 672-version-negotiation -test-673 = 673-version-negotiation -test-674 = 674-version-negotiation -test-675 = 675-version-negotiation -test-676 = 676-ciphersuite-sanity-check-client -test-677 = 677-ciphersuite-sanity-check-server +test-361 = 361-ciphersuite-sanity-check-client +test-362 = 362-ciphersuite-sanity-check-server # =========================================================== [0-version-negotiation] @@ -692,17 +377,18 @@ client = 0-version-negotiation-client [0-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-0] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -717,17 +403,18 @@ client = 1-version-negotiation-client [1-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-1] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -742,17 +429,18 @@ client = 2-version-negotiation-client [2-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-2] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -767,17 +455,18 @@ client = 3-version-negotiation-client [3-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-3] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -792,17 +481,17 @@ client = 4-version-negotiation-client [4-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-4] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -817,16 +506,19 @@ client = 5-version-negotiation-client [5-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-5] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -841,18 +533,19 @@ client = 6-version-negotiation-client [6-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-6] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -867,18 +560,19 @@ client = 7-version-negotiation-client [7-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-7] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -893,18 +587,19 @@ client = 8-version-negotiation-client [8-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-8] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -919,18 +614,18 @@ client = 9-version-negotiation-client [9-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-9] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -945,18 +640,18 @@ client = 10-version-negotiation-client [10-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-10] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -971,17 +666,18 @@ client = 11-version-negotiation-client [11-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-11] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -996,18 +692,18 @@ client = 12-version-negotiation-client [12-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-12] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -1022,18 +718,17 @@ client = 13-version-negotiation-client [13-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-13] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -1049,17 +744,17 @@ client = 14-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-14] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -1075,17 +770,17 @@ client = 15-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-15] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -1100,17 +795,17 @@ client = 16-version-negotiation-client [16-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-16] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -1125,18 +820,18 @@ client = 17-version-negotiation-client [17-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-17] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -1151,18 +846,17 @@ client = 18-version-negotiation-client [18-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [18-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-18] -ExpectedResult = ClientFail +ExpectedResult = ServerFail # =========================================================== @@ -1177,18 +871,18 @@ client = 19-version-negotiation-client [19-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [19-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-19] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1203,17 +897,18 @@ client = 20-version-negotiation-client [20-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [20-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-20] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1229,17 +924,17 @@ client = 21-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [21-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-21] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1255,17 +950,17 @@ client = 22-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [22-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-22] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1280,17 +975,17 @@ client = 23-version-negotiation-client [23-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [23-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-23] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1305,18 +1000,19 @@ client = 24-version-negotiation-client [24-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [24-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-24] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1331,17 +1027,19 @@ client = 25-version-negotiation-client [25-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [25-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-25] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1356,17 +1054,19 @@ client = 26-version-negotiation-client [26-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [26-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-26] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1381,17 +1081,18 @@ client = 27-version-negotiation-client [27-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [27-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-27] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -1407,17 +1108,17 @@ client = 28-version-negotiation-client [28-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [28-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-28] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -1433,17 +1134,18 @@ client = 29-version-negotiation-client [29-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [29-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-29] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -1459,17 +1161,18 @@ client = 30-version-negotiation-client [30-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [30-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-30] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -1485,16 +1188,18 @@ client = 31-version-negotiation-client [31-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [31-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-31] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -1510,18 +1215,18 @@ client = 32-version-negotiation-client [32-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [32-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-32] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1536,19 +1241,18 @@ client = 33-version-negotiation-client [33-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [33-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-33] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1563,19 +1267,18 @@ client = 34-version-negotiation-client [34-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [34-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-34] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1590,19 +1293,17 @@ client = 35-version-negotiation-client [35-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [35-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-35] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1618,18 +1319,17 @@ client = 36-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [36-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-36] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1644,18 +1344,17 @@ client = 37-version-negotiation-client [37-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [37-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-37] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -1671,12 +1370,11 @@ client = 38-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [38-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -1698,17 +1396,16 @@ client = 39-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [39-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-39] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -1725,17 +1422,16 @@ client = 40-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [40-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-40] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -1752,17 +1448,16 @@ client = 41-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [41-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-41] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -1778,17 +1473,16 @@ client = 42-version-negotiation-client [42-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [42-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-42] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -1804,18 +1498,19 @@ client = 43-version-negotiation-client [43-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [43-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-43] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -1830,18 +1525,19 @@ client = 44-version-negotiation-client [44-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [44-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-44] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1856,18 +1552,19 @@ client = 45-version-negotiation-client [45-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [45-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-45] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -1882,17 +1579,19 @@ client = 46-version-negotiation-client [46-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [46-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-46] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -1907,18 +1606,18 @@ client = 47-version-negotiation-client [47-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [47-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-47] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -1933,18 +1632,19 @@ client = 48-version-negotiation-client [48-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [48-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-48] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -1959,17 +1659,19 @@ client = 49-version-negotiation-client [49-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [49-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-49] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -1985,17 +1687,18 @@ client = 50-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [50-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-50] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2010,17 +1713,18 @@ client = 51-version-negotiation-client [51-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [51-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-51] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2035,17 +1739,19 @@ client = 52-version-negotiation-client [52-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [52-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-52] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2060,17 +1766,18 @@ client = 53-version-negotiation-client [53-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [53-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-53] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -2086,17 +1793,17 @@ client = 54-version-negotiation-client [54-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [54-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-54] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -2112,18 +1819,18 @@ client = 55-version-negotiation-client [55-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [55-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-55] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2138,18 +1845,17 @@ client = 56-version-negotiation-client [56-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [56-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-56] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -2164,16 +1870,17 @@ client = 57-version-negotiation-client [57-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [57-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-57] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -2189,18 +1896,18 @@ client = 58-version-negotiation-client [58-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [58-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-58] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -2215,18 +1922,17 @@ client = 59-version-negotiation-client [59-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [59-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-59] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -2242,18 +1948,17 @@ client = 60-version-negotiation-client [60-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [60-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-60] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -2269,18 +1974,16 @@ client = 61-version-negotiation-client [61-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [61-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-61] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -2296,18 +1999,18 @@ client = 62-version-negotiation-client [62-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [62-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-62] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -2323,12 +2026,13 @@ client = 63-version-negotiation-client [63-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [63-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2349,18 +2053,18 @@ client = 64-version-negotiation-client [64-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [64-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-64] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -2376,18 +2080,18 @@ client = 65-version-negotiation-client [65-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [65-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-65] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -2403,18 +2107,17 @@ client = 66-version-negotiation-client [66-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [66-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-66] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -2430,13 +2133,13 @@ client = 67-version-negotiation-client [67-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [67-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2457,17 +2160,18 @@ client = 68-version-negotiation-client [68-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [68-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-68] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -2483,18 +2187,18 @@ client = 69-version-negotiation-client [69-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [69-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-69] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -2510,18 +2214,17 @@ client = 70-version-negotiation-client [70-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [70-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-70] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -2537,18 +2240,18 @@ client = 71-version-negotiation-client [71-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [71-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-71] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -2564,17 +2267,18 @@ client = 72-version-negotiation-client [72-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [72-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-72] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -2590,18 +2294,18 @@ client = 73-version-negotiation-client [73-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [73-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-73] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -2617,17 +2321,18 @@ client = 74-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [74-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-74] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -2642,17 +2347,18 @@ client = 75-version-negotiation-client [75-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [75-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-75] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -2667,18 +2373,17 @@ client = 76-version-negotiation-client [76-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [76-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-76] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -2693,17 +2398,17 @@ client = 77-version-negotiation-client [77-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [77-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-77] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -2718,17 +2423,17 @@ client = 78-version-negotiation-client [78-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [78-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-78] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -2743,17 +2448,16 @@ client = 79-version-negotiation-client [79-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [79-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-79] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -2769,17 +2473,15 @@ client = 80-version-negotiation-client [80-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [80-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-80] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -2795,17 +2497,17 @@ client = 81-version-negotiation-client [81-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem +MaxProtocol = TLSv1 +MinProtocol = TLSv1 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [81-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-81] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -2821,17 +2523,17 @@ client = 82-version-negotiation-client [82-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [82-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-82] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -2847,11 +2549,12 @@ client = 83-version-negotiation-client [83-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [83-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2872,18 +2575,18 @@ client = 84-version-negotiation-client [84-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [84-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-84] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -2898,18 +2601,16 @@ client = 85-version-negotiation-client [85-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [85-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-85] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -2926,12 +2627,11 @@ client = 86-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [86-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2953,12 +2653,11 @@ client = 87-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [87-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -2980,17 +2679,16 @@ client = 88-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [88-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-88] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3006,17 +2704,16 @@ client = 89-version-negotiation-client [89-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [89-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-89] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3032,18 +2729,17 @@ client = 90-version-negotiation-client [90-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [90-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-90] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -3059,18 +2755,17 @@ client = 91-version-negotiation-client [91-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [91-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-91] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3086,18 +2781,16 @@ client = 92-version-negotiation-client [92-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [92-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-92] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3114,17 +2807,16 @@ client = 93-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [93-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-93] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3140,17 +2832,16 @@ client = 94-version-negotiation-client [94-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [94-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-94] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -3166,18 +2857,18 @@ client = 95-version-negotiation-client [95-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [95-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-95] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -3193,18 +2884,18 @@ client = 96-version-negotiation-client [96-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [96-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-96] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -3220,18 +2911,18 @@ client = 97-version-negotiation-client [97-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [97-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-97] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -3247,17 +2938,18 @@ client = 98-version-negotiation-client [98-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [98-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-98] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -3273,18 +2965,17 @@ client = 99-version-negotiation-client [99-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [99-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-99] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -3300,18 +2991,19 @@ client = 100-version-negotiation-client [100-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [100-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-100] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -3327,17 +3019,19 @@ client = 101-version-negotiation-client [101-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [101-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-101] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -3353,18 +3047,20 @@ client = 102-version-negotiation-client [102-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [102-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-102] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -3379,17 +3075,20 @@ client = 103-version-negotiation-client [103-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [103-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-103] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -3404,17 +3103,19 @@ client = 104-version-negotiation-client [104-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [104-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-104] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -3429,18 +3130,19 @@ client = 105-version-negotiation-client [105-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [105-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-105] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -3455,18 +3157,19 @@ client = 106-version-negotiation-client [106-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [106-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-106] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -3481,18 +3184,19 @@ client = 107-version-negotiation-client [107-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [107-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-107] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -3507,18 +3211,18 @@ client = 108-version-negotiation-client [108-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [108-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-108] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -3533,17 +3237,19 @@ client = 109-version-negotiation-client [109-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [109-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-109] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -3558,13 +3264,14 @@ client = 110-version-negotiation-client [110-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [110-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -3584,19 +3291,18 @@ client = 111-version-negotiation-client [111-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [111-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-111] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -3611,19 +3317,19 @@ client = 112-version-negotiation-client [112-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [112-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-112] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -3638,19 +3344,18 @@ client = 113-version-negotiation-client [113-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [113-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-113] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -3665,18 +3370,18 @@ client = 114-version-negotiation-client [114-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [114-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-114] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -3692,17 +3397,18 @@ client = 115-version-negotiation-client [115-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [115-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-115] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -3718,18 +3424,18 @@ client = 116-version-negotiation-client [116-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [116-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-116] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -3745,13 +3451,13 @@ client = 117-version-negotiation-client [117-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [117-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -3772,18 +3478,17 @@ client = 118-version-negotiation-client [118-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [118-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-118] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -3799,18 +3504,19 @@ client = 119-version-negotiation-client [119-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [119-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-119] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -3826,17 +3532,19 @@ client = 120-version-negotiation-client [120-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [120-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-120] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -3852,13 +3560,14 @@ client = 121-version-negotiation-client [121-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [121-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -3879,18 +3588,19 @@ client = 122-version-negotiation-client [122-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [122-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-122] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -3906,18 +3616,18 @@ client = 123-version-negotiation-client [123-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [123-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-123] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -3933,17 +3643,19 @@ client = 124-version-negotiation-client [124-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [124-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-124] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -3960,17 +3672,18 @@ client = 125-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [125-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-125] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -3987,17 +3700,18 @@ client = 126-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [126-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-126] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -4013,17 +3727,18 @@ client = 127-version-negotiation-client [127-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [127-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-127] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -4039,19 +3754,19 @@ client = 128-version-negotiation-client [128-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [128-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-128] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -4066,18 +3781,19 @@ client = 129-version-negotiation-client [129-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [129-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-129] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -4092,11 +3808,13 @@ client = 130-version-negotiation-client [130-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [130-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -4116,17 +3834,19 @@ client = 131-version-negotiation-client [131-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [131-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-131] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -4141,17 +3861,18 @@ client = 132-version-negotiation-client [132-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [132-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-132] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -4166,16 +3887,18 @@ client = 133-version-negotiation-client [133-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [133-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-133] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -4191,16 +3914,18 @@ client = 134-version-negotiation-client [134-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [134-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-134] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -4216,15 +3941,18 @@ client = 135-version-negotiation-client [135-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [135-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-135] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4240,17 +3968,19 @@ client = 136-version-negotiation-client [136-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [136-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-136] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -4265,17 +3995,17 @@ client = 137-version-negotiation-client [137-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [137-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-137] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4291,17 +4021,19 @@ client = 138-version-negotiation-client [138-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [138-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-138] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -4317,17 +4049,19 @@ client = 139-version-negotiation-client [139-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [139-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-139] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -4343,17 +4077,19 @@ client = 140-version-negotiation-client [140-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [140-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-140] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4369,16 +4105,19 @@ client = 141-version-negotiation-client [141-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [141-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-141] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4394,17 +4133,18 @@ client = 142-version-negotiation-client [142-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [142-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-142] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4421,11 +4161,13 @@ client = 143-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [143-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -4447,11 +4189,13 @@ client = 144-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [144-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -4473,16 +4217,18 @@ client = 145-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [145-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-145] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4498,16 +4244,18 @@ client = 146-version-negotiation-client [146-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [146-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-146] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4523,17 +4271,19 @@ client = 147-version-negotiation-client [147-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [147-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-147] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4549,12 +4299,14 @@ client = 148-version-negotiation-client [148-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [148-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -4575,17 +4327,18 @@ client = 149-version-negotiation-client [149-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [149-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-149] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4601,17 +4354,19 @@ client = 150-version-negotiation-client [150-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [150-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-150] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -4626,18 +4381,18 @@ client = 151-version-negotiation-client [151-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [151-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-151] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -4652,17 +4407,18 @@ client = 152-version-negotiation-client [152-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [152-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-152] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1 ExpectedResult = Success @@ -4678,16 +4434,18 @@ client = 153-version-negotiation-client [153-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [153-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-153] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -4703,17 +4461,18 @@ client = 154-version-negotiation-client [154-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [154-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-154] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -4729,11 +4488,13 @@ client = 155-version-negotiation-client [155-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [155-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -4754,18 +4515,18 @@ client = 156-version-negotiation-client [156-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [156-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-156] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -4781,17 +4542,19 @@ client = 157-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [157-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-157] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -4807,17 +4570,19 @@ client = 158-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [158-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-158] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -4833,17 +4598,19 @@ client = 159-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [159-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-159] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -4859,17 +4626,19 @@ client = 160-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [160-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-160] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -4884,17 +4653,19 @@ client = 161-version-negotiation-client [161-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [161-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-161] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -4909,19 +4680,20 @@ client = 162-version-negotiation-client [162-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [162-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-162] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -4936,19 +4708,20 @@ client = 163-version-negotiation-client [163-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [163-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-163] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -4963,19 +4736,20 @@ client = 164-version-negotiation-client [164-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [164-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-164] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -4990,19 +4764,19 @@ client = 165-version-negotiation-client [165-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [165-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-165] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -5017,19 +4791,20 @@ client = 166-version-negotiation-client [166-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [166-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-166] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -5044,18 +4819,20 @@ client = 167-version-negotiation-client [167-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [167-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-167] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -5070,19 +4847,19 @@ client = 168-version-negotiation-client [168-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [168-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-168] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -5097,19 +4874,20 @@ client = 169-version-negotiation-client [169-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [169-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-169] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -5124,19 +4902,19 @@ client = 170-version-negotiation-client [170-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [170-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-170] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -5151,19 +4929,18 @@ client = 171-version-negotiation-client [171-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [171-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-171] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -5178,18 +4955,18 @@ client = 172-version-negotiation-client [172-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [172-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-172] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -5204,19 +4981,18 @@ client = 173-version-negotiation-client [173-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [173-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-173] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -5231,19 +5007,18 @@ client = 174-version-negotiation-client [174-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [174-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-174] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -5258,19 +5033,17 @@ client = 175-version-negotiation-client [175-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [175-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-175] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -5285,18 +5058,19 @@ client = 176-version-negotiation-client [176-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [176-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-176] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1 +ExpectedResult = Success # =========================================================== @@ -5311,19 +5085,19 @@ client = 177-version-negotiation-client [177-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [177-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-177] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -5338,19 +5112,19 @@ client = 178-version-negotiation-client [178-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [178-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-178] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -5365,18 +5139,19 @@ client = 179-version-negotiation-client [179-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [179-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-179] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -5391,19 +5166,18 @@ client = 180-version-negotiation-client [180-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [180-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-180] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -5418,18 +5192,19 @@ client = 181-version-negotiation-client [181-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [181-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-181] -ExpectedResult = ClientFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -5444,18 +5219,19 @@ client = 182-version-negotiation-client [182-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [182-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-182] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -5470,18 +5246,18 @@ client = 183-version-negotiation-client [183-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [183-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-183] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -5497,18 +5273,17 @@ client = 184-version-negotiation-client [184-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [184-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-184] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -5525,17 +5300,17 @@ client = 185-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [185-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-185] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -5552,17 +5327,17 @@ client = 186-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [186-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-186] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -5578,17 +5353,17 @@ client = 187-version-negotiation-client [187-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [187-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-187] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -5604,19 +5379,19 @@ client = 188-version-negotiation-client [188-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [188-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-188] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -5631,19 +5406,17 @@ client = 189-version-negotiation-client [189-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [189-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-189] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -5659,20 +5432,18 @@ client = 190-version-negotiation-client [190-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [190-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-190] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -5687,19 +5458,18 @@ client = 191-version-negotiation-client [191-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [191-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-191] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -5715,19 +5485,18 @@ client = 192-version-negotiation-client [192-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [192-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-192] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -5743,18 +5512,18 @@ client = 193-version-negotiation-client [193-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [193-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-193] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -5770,19 +5539,17 @@ client = 194-version-negotiation-client [194-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [194-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-194] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -5798,20 +5565,19 @@ client = 195-version-negotiation-client [195-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [195-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-195] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -5826,19 +5592,19 @@ client = 196-version-negotiation-client [196-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [196-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-196] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -5854,19 +5620,19 @@ client = 197-version-negotiation-client [197-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.2 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [197-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-197] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -5882,18 +5648,19 @@ client = 198-version-negotiation-client [198-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [198-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-198] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -5909,19 +5676,19 @@ client = 199-version-negotiation-client [199-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [199-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-199] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -5936,19 +5703,20 @@ client = 200-version-negotiation-client [200-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [200-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-200] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -5963,19 +5731,20 @@ client = 201-version-negotiation-client [201-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.2 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [201-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-201] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -5990,18 +5759,20 @@ client = 202-version-negotiation-client [202-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [202-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-202] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -6016,19 +5787,19 @@ client = 203-version-negotiation-client [203-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [203-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-203] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -6043,14 +5814,14 @@ client = 204-version-negotiation-client [204-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [204-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6070,13 +5841,14 @@ client = 205-version-negotiation-client [205-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [205-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6096,14 +5868,13 @@ client = 206-version-negotiation-client [206-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [206-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6123,13 +5894,14 @@ client = 207-version-negotiation-client [207-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [207-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6149,13 +5921,13 @@ client = 208-version-negotiation-client [208-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [208-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6180,14 +5952,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [209-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-209] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -6207,8 +5978,8 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [210-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6234,13 +6005,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [211-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-211] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6261,13 +6032,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [212-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-212] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6287,13 +6058,13 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [213-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-213] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6309,19 +6080,19 @@ client = 214-version-negotiation-client [214-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [214-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-214] -ExpectedResult = ServerFail +ExpectedResult = ClientFail # =========================================================== @@ -6336,19 +6107,19 @@ client = 215-version-negotiation-client [215-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [215-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-215] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -6364,19 +6135,19 @@ client = 216-version-negotiation-client [216-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [216-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-216] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6392,19 +6163,19 @@ client = 217-version-negotiation-client [217-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [217-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-217] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6420,19 +6191,18 @@ client = 218-version-negotiation-client [218-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [218-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-218] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6448,13 +6218,14 @@ client = 219-version-negotiation-client [219-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [219-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6475,19 +6246,19 @@ client = 220-version-negotiation-client [220-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [220-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-220] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6503,19 +6274,19 @@ client = 221-version-negotiation-client [221-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [221-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-221] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6531,19 +6302,18 @@ client = 222-version-negotiation-client [222-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [222-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-222] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6559,19 +6329,19 @@ client = 223-version-negotiation-client [223-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [223-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-223] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6587,18 +6357,19 @@ client = 224-version-negotiation-client [224-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [224-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-224] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6614,19 +6385,18 @@ client = 225-version-negotiation-client [225-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [225-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-225] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6642,20 +6412,19 @@ client = 226-version-negotiation-client [226-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [226-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-226] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6670,20 +6439,18 @@ client = 227-version-negotiation-client [227-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [227-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-227] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6698,19 +6465,18 @@ client = 228-version-negotiation-client [228-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [228-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-228] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -6725,19 +6491,19 @@ client = 229-version-negotiation-client [229-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [229-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-229] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -6752,19 +6518,19 @@ client = 230-version-negotiation-client [230-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [230-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-230] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -6779,18 +6545,19 @@ client = 231-version-negotiation-client [231-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [231-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-231] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -6805,19 +6572,18 @@ client = 232-version-negotiation-client [232-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [232-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-232] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -6832,13 +6598,14 @@ client = 233-version-negotiation-client [233-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [233-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -6858,18 +6625,20 @@ client = 234-version-negotiation-client [234-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [234-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-234] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.1 +ExpectedResult = Success # =========================================================== @@ -6884,18 +6653,19 @@ client = 235-version-negotiation-client [235-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [235-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-235] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -6911,18 +6681,19 @@ client = 236-version-negotiation-client [236-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [236-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-236] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -6938,18 +6709,18 @@ client = 237-version-negotiation-client [237-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [237-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-237] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -6965,18 +6736,19 @@ client = 238-version-negotiation-client [238-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [238-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-238] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -6992,12 +6764,14 @@ client = 239-version-negotiation-client [239-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [239-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7018,19 +6792,20 @@ client = 240-version-negotiation-client [240-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [240-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-240] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -7045,19 +6820,18 @@ client = 241-version-negotiation-client [241-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [241-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-241] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7073,19 +6847,19 @@ client = 242-version-negotiation-client [242-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [242-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-242] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7101,19 +6875,19 @@ client = 243-version-negotiation-client [243-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [243-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-243] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7129,19 +6903,18 @@ client = 244-version-negotiation-client [244-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [244-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-244] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7157,18 +6930,19 @@ client = 245-version-negotiation-client [245-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [245-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-245] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7184,19 +6958,18 @@ client = 246-version-negotiation-client [246-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [246-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-246] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7212,20 +6985,17 @@ client = 247-version-negotiation-client [247-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [247-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-247] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -7240,19 +7010,17 @@ client = 248-version-negotiation-client [248-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [248-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-248] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -7268,14 +7036,12 @@ client = 249-version-negotiation-client [249-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [249-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7296,18 +7062,17 @@ client = 250-version-negotiation-client [250-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [250-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-250] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7323,19 +7088,16 @@ client = 251-version-negotiation-client [251-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [251-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-251] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7351,20 +7113,18 @@ client = 252-version-negotiation-client [252-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [252-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-252] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -7379,19 +7139,18 @@ client = 253-version-negotiation-client [253-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [253-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-253] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -7407,13 +7166,13 @@ client = 254-version-negotiation-client [254-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [254-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7434,19 +7193,18 @@ client = 255-version-negotiation-client [255-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [255-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-255] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7462,19 +7220,17 @@ client = 256-version-negotiation-client [256-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [256-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-256] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7490,18 +7246,18 @@ client = 257-version-negotiation-client [257-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [257-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-257] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.1 ExpectedResult = Success @@ -7517,19 +7273,19 @@ client = 258-version-negotiation-client [258-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [258-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-258] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -7544,18 +7300,19 @@ client = 259-version-negotiation-client [259-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [259-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-259] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -7570,18 +7327,18 @@ client = 260-version-negotiation-client [260-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [260-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-260] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -7596,18 +7353,18 @@ client = 261-version-negotiation-client [261-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [261-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-261] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7623,18 +7380,18 @@ client = 262-version-negotiation-client [262-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [262-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-262] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7650,18 +7407,17 @@ client = 263-version-negotiation-client [263-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [263-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-263] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -7678,12 +7434,12 @@ client = 264-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [264-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7704,12 +7460,12 @@ client = 265-version-negotiation-client [265-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [265-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7730,19 +7486,18 @@ client = 266-version-negotiation-client [266-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [266-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-266] -ExpectedResult = ServerFail +ExpectedResult = ClientFail # =========================================================== @@ -7757,20 +7512,18 @@ client = 267-version-negotiation-client [267-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [267-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-267] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -7785,19 +7538,18 @@ client = 268-version-negotiation-client [268-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [268-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-268] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7813,14 +7565,13 @@ client = 269-version-negotiation-client [269-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [269-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7841,19 +7592,17 @@ client = 270-version-negotiation-client [270-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [270-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-270] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7869,19 +7618,19 @@ client = 271-version-negotiation-client [271-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [271-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-271] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -7896,20 +7645,19 @@ client = 272-version-negotiation-client [272-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [272-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-272] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -7924,19 +7672,19 @@ client = 273-version-negotiation-client [273-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [273-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-273] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -7952,14 +7700,14 @@ client = 274-version-negotiation-client [274-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [274-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -7980,19 +7728,18 @@ client = 275-version-negotiation-client [275-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [275-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-275] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -8008,19 +7755,19 @@ client = 276-version-negotiation-client [276-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [276-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-276] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success +ExpectedResult = ClientFail # =========================================================== @@ -8035,19 +7782,19 @@ client = 277-version-negotiation-client [277-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [277-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-277] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -8063,14 +7810,14 @@ client = 278-version-negotiation-client [278-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [278-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8091,19 +7838,18 @@ client = 279-version-negotiation-client [279-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [279-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-279] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -8119,18 +7865,19 @@ client = 280-version-negotiation-client [280-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [280-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-280] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -8146,14 +7893,14 @@ client = 281-version-negotiation-client [281-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [281-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8174,19 +7921,18 @@ client = 282-version-negotiation-client [282-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [282-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-282] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -8202,19 +7948,19 @@ client = 283-version-negotiation-client [283-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [283-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-283] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8229,20 +7975,18 @@ client = 284-version-negotiation-client [284-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [284-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-284] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8257,19 +8001,18 @@ client = 285-version-negotiation-client [285-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [285-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-285] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8284,12 +8027,13 @@ client = 286-version-negotiation-client [286-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [286-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8309,17 +8053,18 @@ client = 287-version-negotiation-client [287-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [287-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-287] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -8335,17 +8080,18 @@ client = 288-version-negotiation-client [288-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [288-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-288] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8361,17 +8107,17 @@ client = 289-version-negotiation-client [289-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [289-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-289] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8387,18 +8133,19 @@ client = 290-version-negotiation-client [290-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [290-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-290] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8413,17 +8160,19 @@ client = 291-version-negotiation-client [291-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [291-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-291] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8438,18 +8187,20 @@ client = 292-version-negotiation-client [292-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [292-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-292] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -8464,18 +8215,19 @@ client = 293-version-negotiation-client [293-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [293-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-293] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8491,18 +8243,18 @@ client = 294-version-negotiation-client [294-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [294-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-294] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8518,19 +8270,19 @@ client = 295-version-negotiation-client [295-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [295-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-295] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8545,18 +8297,19 @@ client = 296-version-negotiation-client [296-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [296-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-296] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -8572,12 +8325,14 @@ client = 297-version-negotiation-client [297-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [297-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8598,18 +8353,18 @@ client = 298-version-negotiation-client [298-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [298-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-298] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8625,18 +8380,19 @@ client = 299-version-negotiation-client [299-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [299-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-299] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -8652,18 +8408,19 @@ client = 300-version-negotiation-client [300-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [300-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-300] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8679,13 +8436,13 @@ client = 301-version-negotiation-client [301-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [301-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8706,12 +8463,14 @@ client = 302-version-negotiation-client [302-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [302-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8732,18 +8491,18 @@ client = 303-version-negotiation-client [303-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [303-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-303] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8759,19 +8518,17 @@ client = 304-version-negotiation-client [304-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [304-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-304] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8786,19 +8543,17 @@ client = 305-version-negotiation-client [305-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [305-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-305] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8813,17 +8568,17 @@ client = 306-version-negotiation-client [306-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [306-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-306] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -8839,18 +8594,17 @@ client = 307-version-negotiation-client [307-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [307-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-307] -ExpectedProtocol = TLSv1.2 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -8866,13 +8620,11 @@ client = 308-version-negotiation-client [308-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [308-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -8893,18 +8645,18 @@ client = 309-version-negotiation-client [309-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [309-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-309] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8919,19 +8671,18 @@ client = 310-version-negotiation-client [310-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [310-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-310] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -8946,17 +8697,18 @@ client = 311-version-negotiation-client [311-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [311-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-311] -ExpectedProtocol = TLSv1.3 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -8972,18 +8724,19 @@ client = 312-version-negotiation-client [312-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [312-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-312] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -8998,18 +8751,17 @@ client = 313-version-negotiation-client [313-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [313-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-313] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -9026,18 +8778,17 @@ client = 314-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [314-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-314] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9053,17 +8804,17 @@ client = 315-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [315-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-315] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.2 ExpectedResult = Success @@ -9080,17 +8831,17 @@ client = 316-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [316-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-316] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -9106,17 +8857,17 @@ client = 317-version-negotiation-client [317-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [317-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-317] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -9132,19 +8883,19 @@ client = 318-version-negotiation-client [318-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [318-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-318] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.2 +ExpectedResult = Success # =========================================================== @@ -9159,19 +8910,18 @@ client = 319-version-negotiation-client [319-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [319-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-319] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -9187,19 +8937,17 @@ client = 320-version-negotiation-client [320-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [320-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-320] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -9215,19 +8963,18 @@ client = 321-version-negotiation-client [321-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [321-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-321] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -9243,19 +8990,17 @@ client = 322-version-negotiation-client [322-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [322-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-322] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -9271,19 +9016,18 @@ client = 323-version-negotiation-client [323-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [323-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-323] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9298,20 +9042,18 @@ client = 324-version-negotiation-client [324-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [324-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-324] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9326,20 +9068,18 @@ client = 325-version-negotiation-client [325-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [325-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-325] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9354,19 +9094,18 @@ client = 326-version-negotiation-client [326-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [326-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-326] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -9382,19 +9121,17 @@ client = 327-version-negotiation-client [327-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [327-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-327] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -9410,19 +9147,19 @@ client = 328-version-negotiation-client [328-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [328-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-328] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9438,13 +9175,13 @@ client = 329-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [329-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -9465,13 +9202,13 @@ client = 330-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [330-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -9492,18 +9229,19 @@ client = 331-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [331-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-331] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -9518,18 +9256,19 @@ client = 332-version-negotiation-client [332-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [332-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-332] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -9544,14 +9283,14 @@ client = 333-version-negotiation-client [333-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [333-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -9571,14 +9310,14 @@ client = 334-version-negotiation-client [334-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [334-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -9598,18 +9337,20 @@ client = 335-version-negotiation-client [335-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [335-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-335] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -9624,19 +9365,19 @@ client = 336-version-negotiation-client [336-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [336-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-336] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -9651,13 +9392,14 @@ client = 337-version-negotiation-client [337-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [337-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -9677,18 +9419,20 @@ client = 338-version-negotiation-client [338-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [338-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-338] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -9703,18 +9447,18 @@ client = 339-version-negotiation-client [339-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [339-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-339] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -9730,18 +9474,19 @@ client = 340-version-negotiation-client [340-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [340-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-340] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -9757,18 +9502,18 @@ client = 341-version-negotiation-client [341-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [341-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-341] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -9784,19 +9529,17 @@ client = 342-version-negotiation-client [342-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 +MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [342-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-342] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9811,18 +9554,17 @@ client = 343-version-negotiation-client [343-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 +MaxProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [343-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-343] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9837,14 +9579,12 @@ client = 344-version-negotiation-client [344-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [344-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -9864,19 +9604,17 @@ client = 345-version-negotiation-client [345-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [345-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-345] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -9892,19 +9630,16 @@ client = 346-version-negotiation-client [346-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [346-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-346] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -9920,20 +9655,18 @@ client = 347-version-negotiation-client [347-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 +MaxProtocol = TLSv1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [347-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-347] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9948,20 +9681,18 @@ client = 348-version-negotiation-client [348-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [348-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-348] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -9976,19 +9707,18 @@ client = 349-version-negotiation-client [349-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [349-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-349] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -10003,19 +9733,18 @@ client = 350-version-negotiation-client [350-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 +MaxProtocol = TLSv1.3 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [350-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-350] -ExpectedProtocol = TLSv1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -10031,19 +9760,17 @@ client = 351-version-negotiation-client [351-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 MinProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [351-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-351] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -10059,20 +9786,18 @@ client = 352-version-negotiation-client [352-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.1 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [352-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-352] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -10087,20 +9812,18 @@ client = 353-version-negotiation-client [353-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.2 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [353-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-353] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -10115,18 +9838,18 @@ client = 354-version-negotiation-client [354-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [354-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-354] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -10142,19 +9865,17 @@ client = 355-version-negotiation-client [355-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 MinProtocol = TLSv1.1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [355-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-355] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -10171,19 +9892,17 @@ client = 356-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [356-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-356] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success +ExpectedResult = ServerFail # =========================================================== @@ -10199,18 +9918,17 @@ client = 357-version-negotiation-client Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [357-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-357] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -10226,18 +9944,17 @@ client = 358-version-negotiation-client [358-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 +MinProtocol = TLSv1.2 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [358-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-358] -ExpectedProtocol = TLSv1.1 +ExpectedProtocol = TLSv1.3 ExpectedResult = Success @@ -10253,19 +9970,19 @@ client = 359-version-negotiation-client [359-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [359-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 +MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer [test-359] -ExpectedResult = ServerFail +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== @@ -10280,8543 +9997,67 @@ client = 360-version-negotiation-client [360-version-negotiation-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[360-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-360] -ExpectedResult = ServerFail - - -# =========================================================== - -[361-version-negotiation] -ssl_conf = 361-version-negotiation-ssl - -[361-version-negotiation-ssl] -server = 361-version-negotiation-server -client = 361-version-negotiation-client - -[361-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[361-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-361] -ExpectedResult = ServerFail - - -# =========================================================== - -[362-version-negotiation] -ssl_conf = 362-version-negotiation-ssl - -[362-version-negotiation-ssl] -server = 362-version-negotiation-server -client = 362-version-negotiation-client - -[362-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 MinProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[362-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-362] -ExpectedResult = ServerFail - - -# =========================================================== - -[363-version-negotiation] -ssl_conf = 363-version-negotiation-ssl - -[363-version-negotiation-ssl] -server = 363-version-negotiation-server -client = 363-version-negotiation-client - -[363-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +[360-version-negotiation-client] CipherString = DEFAULT:@SECLEVEL=0 MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[363-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-363] -ExpectedResult = ServerFail +[test-360] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success # =========================================================== -[364-version-negotiation] -ssl_conf = 364-version-negotiation-ssl +[361-ciphersuite-sanity-check-client] +ssl_conf = 361-ciphersuite-sanity-check-client-ssl -[364-version-negotiation-ssl] -server = 364-version-negotiation-server -client = 364-version-negotiation-client +[361-ciphersuite-sanity-check-client-ssl] +server = 361-ciphersuite-sanity-check-client-server +client = 361-ciphersuite-sanity-check-client-client -[364-version-negotiation-server] +[361-ciphersuite-sanity-check-client-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[364-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 +CipherString = DEFAULT MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-364] -ExpectedResult = ServerFail - - -# =========================================================== - -[365-version-negotiation] -ssl_conf = 365-version-negotiation-ssl - -[365-version-negotiation-ssl] -server = 365-version-negotiation-server -client = 365-version-negotiation-client - -[365-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[365-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 +[361-ciphersuite-sanity-check-client-client] +CipherString = AES128-SHA +Ciphersuites = VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-365] -ExpectedProtocol = TLSv1 -ExpectedResult = Success +[test-361] +ExpectedResult = ClientFail # =========================================================== -[366-version-negotiation] -ssl_conf = 366-version-negotiation-ssl +[362-ciphersuite-sanity-check-server] +ssl_conf = 362-ciphersuite-sanity-check-server-ssl -[366-version-negotiation-ssl] -server = 366-version-negotiation-server -client = 366-version-negotiation-client +[362-ciphersuite-sanity-check-server-ssl] +server = 362-ciphersuite-sanity-check-server-server +client = 362-ciphersuite-sanity-check-server-client -[366-version-negotiation-server] +[362-ciphersuite-sanity-check-server-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 +CipherString = AES128-SHA +Ciphersuites = PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[366-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 +[362-ciphersuite-sanity-check-server-client] +CipherString = AES128-SHA MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-366] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[367-version-negotiation] -ssl_conf = 367-version-negotiation-ssl - -[367-version-negotiation-ssl] -server = 367-version-negotiation-server -client = 367-version-negotiation-client - -[367-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[367-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-367] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[368-version-negotiation] -ssl_conf = 368-version-negotiation-ssl - -[368-version-negotiation-ssl] -server = 368-version-negotiation-server -client = 368-version-negotiation-client - -[368-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[368-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-368] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[369-version-negotiation] -ssl_conf = 369-version-negotiation-ssl - -[369-version-negotiation-ssl] -server = 369-version-negotiation-server -client = 369-version-negotiation-client - -[369-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[369-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-369] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[370-version-negotiation] -ssl_conf = 370-version-negotiation-ssl - -[370-version-negotiation-ssl] -server = 370-version-negotiation-server -client = 370-version-negotiation-client - -[370-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[370-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-370] -ExpectedResult = ServerFail - - -# =========================================================== - -[371-version-negotiation] -ssl_conf = 371-version-negotiation-ssl - -[371-version-negotiation-ssl] -server = 371-version-negotiation-server -client = 371-version-negotiation-client - -[371-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[371-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-371] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[372-version-negotiation] -ssl_conf = 372-version-negotiation-ssl - -[372-version-negotiation-ssl] -server = 372-version-negotiation-server -client = 372-version-negotiation-client - -[372-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[372-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-372] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[373-version-negotiation] -ssl_conf = 373-version-negotiation-ssl - -[373-version-negotiation-ssl] -server = 373-version-negotiation-server -client = 373-version-negotiation-client - -[373-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[373-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-373] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[374-version-negotiation] -ssl_conf = 374-version-negotiation-ssl - -[374-version-negotiation-ssl] -server = 374-version-negotiation-server -client = 374-version-negotiation-client - -[374-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[374-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-374] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[375-version-negotiation] -ssl_conf = 375-version-negotiation-ssl - -[375-version-negotiation-ssl] -server = 375-version-negotiation-server -client = 375-version-negotiation-client - -[375-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[375-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-375] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[376-version-negotiation] -ssl_conf = 376-version-negotiation-ssl - -[376-version-negotiation-ssl] -server = 376-version-negotiation-server -client = 376-version-negotiation-client - -[376-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[376-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-376] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[377-version-negotiation] -ssl_conf = 377-version-negotiation-ssl - -[377-version-negotiation-ssl] -server = 377-version-negotiation-server -client = 377-version-negotiation-client - -[377-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[377-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-377] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[378-version-negotiation] -ssl_conf = 378-version-negotiation-ssl - -[378-version-negotiation-ssl] -server = 378-version-negotiation-server -client = 378-version-negotiation-client - -[378-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[378-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-378] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[379-version-negotiation] -ssl_conf = 379-version-negotiation-ssl - -[379-version-negotiation-ssl] -server = 379-version-negotiation-server -client = 379-version-negotiation-client - -[379-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[379-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-379] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[380-version-negotiation] -ssl_conf = 380-version-negotiation-ssl - -[380-version-negotiation-ssl] -server = 380-version-negotiation-server -client = 380-version-negotiation-client - -[380-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[380-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-380] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[381-version-negotiation] -ssl_conf = 381-version-negotiation-ssl - -[381-version-negotiation-ssl] -server = 381-version-negotiation-server -client = 381-version-negotiation-client - -[381-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[381-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-381] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[382-version-negotiation] -ssl_conf = 382-version-negotiation-ssl - -[382-version-negotiation-ssl] -server = 382-version-negotiation-server -client = 382-version-negotiation-client - -[382-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[382-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-382] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[383-version-negotiation] -ssl_conf = 383-version-negotiation-ssl - -[383-version-negotiation-ssl] -server = 383-version-negotiation-server -client = 383-version-negotiation-client - -[383-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[383-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-383] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[384-version-negotiation] -ssl_conf = 384-version-negotiation-ssl - -[384-version-negotiation-ssl] -server = 384-version-negotiation-server -client = 384-version-negotiation-client - -[384-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[384-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-384] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[385-version-negotiation] -ssl_conf = 385-version-negotiation-ssl - -[385-version-negotiation-ssl] -server = 385-version-negotiation-server -client = 385-version-negotiation-client - -[385-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[385-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-385] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[386-version-negotiation] -ssl_conf = 386-version-negotiation-ssl - -[386-version-negotiation-ssl] -server = 386-version-negotiation-server -client = 386-version-negotiation-client - -[386-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[386-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-386] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[387-version-negotiation] -ssl_conf = 387-version-negotiation-ssl - -[387-version-negotiation-ssl] -server = 387-version-negotiation-server -client = 387-version-negotiation-client - -[387-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[387-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-387] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[388-version-negotiation] -ssl_conf = 388-version-negotiation-ssl - -[388-version-negotiation-ssl] -server = 388-version-negotiation-server -client = 388-version-negotiation-client - -[388-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[388-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-388] -ExpectedResult = ServerFail - - -# =========================================================== - -[389-version-negotiation] -ssl_conf = 389-version-negotiation-ssl - -[389-version-negotiation-ssl] -server = 389-version-negotiation-server -client = 389-version-negotiation-client - -[389-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[389-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-389] -ExpectedResult = ServerFail - - -# =========================================================== - -[390-version-negotiation] -ssl_conf = 390-version-negotiation-ssl - -[390-version-negotiation-ssl] -server = 390-version-negotiation-server -client = 390-version-negotiation-client - -[390-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[390-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-390] -ExpectedResult = ServerFail - - -# =========================================================== - -[391-version-negotiation] -ssl_conf = 391-version-negotiation-ssl - -[391-version-negotiation-ssl] -server = 391-version-negotiation-server -client = 391-version-negotiation-client - -[391-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[391-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-391] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[392-version-negotiation] -ssl_conf = 392-version-negotiation-ssl - -[392-version-negotiation-ssl] -server = 392-version-negotiation-server -client = 392-version-negotiation-client - -[392-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[392-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-392] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[393-version-negotiation] -ssl_conf = 393-version-negotiation-ssl - -[393-version-negotiation-ssl] -server = 393-version-negotiation-server -client = 393-version-negotiation-client - -[393-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[393-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-393] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[394-version-negotiation] -ssl_conf = 394-version-negotiation-ssl - -[394-version-negotiation-ssl] -server = 394-version-negotiation-server -client = 394-version-negotiation-client - -[394-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[394-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-394] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[395-version-negotiation] -ssl_conf = 395-version-negotiation-ssl - -[395-version-negotiation-ssl] -server = 395-version-negotiation-server -client = 395-version-negotiation-client - -[395-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[395-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-395] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[396-version-negotiation] -ssl_conf = 396-version-negotiation-ssl - -[396-version-negotiation-ssl] -server = 396-version-negotiation-server -client = 396-version-negotiation-client - -[396-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[396-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-396] -ExpectedResult = ServerFail - - -# =========================================================== - -[397-version-negotiation] -ssl_conf = 397-version-negotiation-ssl - -[397-version-negotiation-ssl] -server = 397-version-negotiation-server -client = 397-version-negotiation-client - -[397-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[397-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-397] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[398-version-negotiation] -ssl_conf = 398-version-negotiation-ssl - -[398-version-negotiation-ssl] -server = 398-version-negotiation-server -client = 398-version-negotiation-client - -[398-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[398-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-398] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[399-version-negotiation] -ssl_conf = 399-version-negotiation-ssl - -[399-version-negotiation-ssl] -server = 399-version-negotiation-server -client = 399-version-negotiation-client - -[399-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[399-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-399] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[400-version-negotiation] -ssl_conf = 400-version-negotiation-ssl - -[400-version-negotiation-ssl] -server = 400-version-negotiation-server -client = 400-version-negotiation-client - -[400-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[400-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-400] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[401-version-negotiation] -ssl_conf = 401-version-negotiation-ssl - -[401-version-negotiation-ssl] -server = 401-version-negotiation-server -client = 401-version-negotiation-client - -[401-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[401-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-401] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[402-version-negotiation] -ssl_conf = 402-version-negotiation-ssl - -[402-version-negotiation-ssl] -server = 402-version-negotiation-server -client = 402-version-negotiation-client - -[402-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[402-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-402] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[403-version-negotiation] -ssl_conf = 403-version-negotiation-ssl - -[403-version-negotiation-ssl] -server = 403-version-negotiation-server -client = 403-version-negotiation-client - -[403-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[403-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-403] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[404-version-negotiation] -ssl_conf = 404-version-negotiation-ssl - -[404-version-negotiation-ssl] -server = 404-version-negotiation-server -client = 404-version-negotiation-client - -[404-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[404-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-404] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[405-version-negotiation] -ssl_conf = 405-version-negotiation-ssl - -[405-version-negotiation-ssl] -server = 405-version-negotiation-server -client = 405-version-negotiation-client - -[405-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[405-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-405] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[406-version-negotiation] -ssl_conf = 406-version-negotiation-ssl - -[406-version-negotiation-ssl] -server = 406-version-negotiation-server -client = 406-version-negotiation-client - -[406-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[406-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-406] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[407-version-negotiation] -ssl_conf = 407-version-negotiation-ssl - -[407-version-negotiation-ssl] -server = 407-version-negotiation-server -client = 407-version-negotiation-client - -[407-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[407-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-407] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[408-version-negotiation] -ssl_conf = 408-version-negotiation-ssl - -[408-version-negotiation-ssl] -server = 408-version-negotiation-server -client = 408-version-negotiation-client - -[408-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[408-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-408] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[409-version-negotiation] -ssl_conf = 409-version-negotiation-ssl - -[409-version-negotiation-ssl] -server = 409-version-negotiation-server -client = 409-version-negotiation-client - -[409-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[409-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-409] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[410-version-negotiation] -ssl_conf = 410-version-negotiation-ssl - -[410-version-negotiation-ssl] -server = 410-version-negotiation-server -client = 410-version-negotiation-client - -[410-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[410-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-410] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[411-version-negotiation] -ssl_conf = 411-version-negotiation-ssl - -[411-version-negotiation-ssl] -server = 411-version-negotiation-server -client = 411-version-negotiation-client - -[411-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[411-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-411] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[412-version-negotiation] -ssl_conf = 412-version-negotiation-ssl - -[412-version-negotiation-ssl] -server = 412-version-negotiation-server -client = 412-version-negotiation-client - -[412-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[412-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-412] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[413-version-negotiation] -ssl_conf = 413-version-negotiation-ssl - -[413-version-negotiation-ssl] -server = 413-version-negotiation-server -client = 413-version-negotiation-client - -[413-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[413-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-413] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[414-version-negotiation] -ssl_conf = 414-version-negotiation-ssl - -[414-version-negotiation-ssl] -server = 414-version-negotiation-server -client = 414-version-negotiation-client - -[414-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[414-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-414] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[415-version-negotiation] -ssl_conf = 415-version-negotiation-ssl - -[415-version-negotiation-ssl] -server = 415-version-negotiation-server -client = 415-version-negotiation-client - -[415-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[415-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-415] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[416-version-negotiation] -ssl_conf = 416-version-negotiation-ssl - -[416-version-negotiation-ssl] -server = 416-version-negotiation-server -client = 416-version-negotiation-client - -[416-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[416-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-416] -ExpectedResult = ServerFail - - -# =========================================================== - -[417-version-negotiation] -ssl_conf = 417-version-negotiation-ssl - -[417-version-negotiation-ssl] -server = 417-version-negotiation-server -client = 417-version-negotiation-client - -[417-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[417-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-417] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[418-version-negotiation] -ssl_conf = 418-version-negotiation-ssl - -[418-version-negotiation-ssl] -server = 418-version-negotiation-server -client = 418-version-negotiation-client - -[418-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[418-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-418] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[419-version-negotiation] -ssl_conf = 419-version-negotiation-ssl - -[419-version-negotiation-ssl] -server = 419-version-negotiation-server -client = 419-version-negotiation-client - -[419-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[419-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-419] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[420-version-negotiation] -ssl_conf = 420-version-negotiation-ssl - -[420-version-negotiation-ssl] -server = 420-version-negotiation-server -client = 420-version-negotiation-client - -[420-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[420-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-420] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[421-version-negotiation] -ssl_conf = 421-version-negotiation-ssl - -[421-version-negotiation-ssl] -server = 421-version-negotiation-server -client = 421-version-negotiation-client - -[421-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[421-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-421] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[422-version-negotiation] -ssl_conf = 422-version-negotiation-ssl - -[422-version-negotiation-ssl] -server = 422-version-negotiation-server -client = 422-version-negotiation-client - -[422-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[422-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-422] -ExpectedResult = ServerFail - - -# =========================================================== - -[423-version-negotiation] -ssl_conf = 423-version-negotiation-ssl - -[423-version-negotiation-ssl] -server = 423-version-negotiation-server -client = 423-version-negotiation-client - -[423-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[423-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-423] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[424-version-negotiation] -ssl_conf = 424-version-negotiation-ssl - -[424-version-negotiation-ssl] -server = 424-version-negotiation-server -client = 424-version-negotiation-client - -[424-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[424-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-424] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[425-version-negotiation] -ssl_conf = 425-version-negotiation-ssl - -[425-version-negotiation-ssl] -server = 425-version-negotiation-server -client = 425-version-negotiation-client - -[425-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[425-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-425] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[426-version-negotiation] -ssl_conf = 426-version-negotiation-ssl - -[426-version-negotiation-ssl] -server = 426-version-negotiation-server -client = 426-version-negotiation-client - -[426-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[426-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-426] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[427-version-negotiation] -ssl_conf = 427-version-negotiation-ssl - -[427-version-negotiation-ssl] -server = 427-version-negotiation-server -client = 427-version-negotiation-client - -[427-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[427-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-427] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[428-version-negotiation] -ssl_conf = 428-version-negotiation-ssl - -[428-version-negotiation-ssl] -server = 428-version-negotiation-server -client = 428-version-negotiation-client - -[428-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[428-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-428] -ExpectedProtocol = TLSv1 -ExpectedResult = Success - - -# =========================================================== - -[429-version-negotiation] -ssl_conf = 429-version-negotiation-ssl - -[429-version-negotiation-ssl] -server = 429-version-negotiation-server -client = 429-version-negotiation-client - -[429-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[429-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-429] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[430-version-negotiation] -ssl_conf = 430-version-negotiation-ssl - -[430-version-negotiation-ssl] -server = 430-version-negotiation-server -client = 430-version-negotiation-client - -[430-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[430-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-430] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[431-version-negotiation] -ssl_conf = 431-version-negotiation-ssl - -[431-version-negotiation-ssl] -server = 431-version-negotiation-server -client = 431-version-negotiation-client - -[431-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[431-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-431] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[432-version-negotiation] -ssl_conf = 432-version-negotiation-ssl - -[432-version-negotiation-ssl] -server = 432-version-negotiation-server -client = 432-version-negotiation-client - -[432-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[432-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-432] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[433-version-negotiation] -ssl_conf = 433-version-negotiation-ssl - -[433-version-negotiation-ssl] -server = 433-version-negotiation-server -client = 433-version-negotiation-client - -[433-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[433-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-433] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[434-version-negotiation] -ssl_conf = 434-version-negotiation-ssl - -[434-version-negotiation-ssl] -server = 434-version-negotiation-server -client = 434-version-negotiation-client - -[434-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[434-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-434] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[435-version-negotiation] -ssl_conf = 435-version-negotiation-ssl - -[435-version-negotiation-ssl] -server = 435-version-negotiation-server -client = 435-version-negotiation-client - -[435-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[435-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-435] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[436-version-negotiation] -ssl_conf = 436-version-negotiation-ssl - -[436-version-negotiation-ssl] -server = 436-version-negotiation-server -client = 436-version-negotiation-client - -[436-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[436-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-436] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[437-version-negotiation] -ssl_conf = 437-version-negotiation-ssl - -[437-version-negotiation-ssl] -server = 437-version-negotiation-server -client = 437-version-negotiation-client - -[437-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[437-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-437] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[438-version-negotiation] -ssl_conf = 438-version-negotiation-ssl - -[438-version-negotiation-ssl] -server = 438-version-negotiation-server -client = 438-version-negotiation-client - -[438-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[438-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-438] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[439-version-negotiation] -ssl_conf = 439-version-negotiation-ssl - -[439-version-negotiation-ssl] -server = 439-version-negotiation-server -client = 439-version-negotiation-client - -[439-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[439-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-439] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[440-version-negotiation] -ssl_conf = 440-version-negotiation-ssl - -[440-version-negotiation-ssl] -server = 440-version-negotiation-server -client = 440-version-negotiation-client - -[440-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[440-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-440] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[441-version-negotiation] -ssl_conf = 441-version-negotiation-ssl - -[441-version-negotiation-ssl] -server = 441-version-negotiation-server -client = 441-version-negotiation-client - -[441-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[441-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-441] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[442-version-negotiation] -ssl_conf = 442-version-negotiation-ssl - -[442-version-negotiation-ssl] -server = 442-version-negotiation-server -client = 442-version-negotiation-client - -[442-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[442-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-442] -ExpectedResult = ServerFail - - -# =========================================================== - -[443-version-negotiation] -ssl_conf = 443-version-negotiation-ssl - -[443-version-negotiation-ssl] -server = 443-version-negotiation-server -client = 443-version-negotiation-client - -[443-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[443-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-443] -ExpectedResult = ClientFail - - -# =========================================================== - -[444-version-negotiation] -ssl_conf = 444-version-negotiation-ssl - -[444-version-negotiation-ssl] -server = 444-version-negotiation-server -client = 444-version-negotiation-client - -[444-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[444-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-444] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[445-version-negotiation] -ssl_conf = 445-version-negotiation-ssl - -[445-version-negotiation-ssl] -server = 445-version-negotiation-server -client = 445-version-negotiation-client - -[445-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[445-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-445] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[446-version-negotiation] -ssl_conf = 446-version-negotiation-ssl - -[446-version-negotiation-ssl] -server = 446-version-negotiation-server -client = 446-version-negotiation-client - -[446-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[446-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-446] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[447-version-negotiation] -ssl_conf = 447-version-negotiation-ssl - -[447-version-negotiation-ssl] -server = 447-version-negotiation-server -client = 447-version-negotiation-client - -[447-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[447-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-447] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[448-version-negotiation] -ssl_conf = 448-version-negotiation-ssl - -[448-version-negotiation-ssl] -server = 448-version-negotiation-server -client = 448-version-negotiation-client - -[448-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[448-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-448] -ExpectedResult = ServerFail - - -# =========================================================== - -[449-version-negotiation] -ssl_conf = 449-version-negotiation-ssl - -[449-version-negotiation-ssl] -server = 449-version-negotiation-server -client = 449-version-negotiation-client - -[449-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[449-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-449] -ExpectedResult = ClientFail - - -# =========================================================== - -[450-version-negotiation] -ssl_conf = 450-version-negotiation-ssl - -[450-version-negotiation-ssl] -server = 450-version-negotiation-server -client = 450-version-negotiation-client - -[450-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[450-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-450] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[451-version-negotiation] -ssl_conf = 451-version-negotiation-ssl - -[451-version-negotiation-ssl] -server = 451-version-negotiation-server -client = 451-version-negotiation-client - -[451-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[451-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-451] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[452-version-negotiation] -ssl_conf = 452-version-negotiation-ssl - -[452-version-negotiation-ssl] -server = 452-version-negotiation-server -client = 452-version-negotiation-client - -[452-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[452-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-452] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[453-version-negotiation] -ssl_conf = 453-version-negotiation-ssl - -[453-version-negotiation-ssl] -server = 453-version-negotiation-server -client = 453-version-negotiation-client - -[453-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[453-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-453] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[454-version-negotiation] -ssl_conf = 454-version-negotiation-ssl - -[454-version-negotiation-ssl] -server = 454-version-negotiation-server -client = 454-version-negotiation-client - -[454-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[454-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-454] -ExpectedResult = ClientFail - - -# =========================================================== - -[455-version-negotiation] -ssl_conf = 455-version-negotiation-ssl - -[455-version-negotiation-ssl] -server = 455-version-negotiation-server -client = 455-version-negotiation-client - -[455-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[455-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-455] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[456-version-negotiation] -ssl_conf = 456-version-negotiation-ssl - -[456-version-negotiation-ssl] -server = 456-version-negotiation-server -client = 456-version-negotiation-client - -[456-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[456-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-456] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[457-version-negotiation] -ssl_conf = 457-version-negotiation-ssl - -[457-version-negotiation-ssl] -server = 457-version-negotiation-server -client = 457-version-negotiation-client - -[457-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[457-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-457] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[458-version-negotiation] -ssl_conf = 458-version-negotiation-ssl - -[458-version-negotiation-ssl] -server = 458-version-negotiation-server -client = 458-version-negotiation-client - -[458-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[458-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-458] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[459-version-negotiation] -ssl_conf = 459-version-negotiation-ssl - -[459-version-negotiation-ssl] -server = 459-version-negotiation-server -client = 459-version-negotiation-client - -[459-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[459-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-459] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[460-version-negotiation] -ssl_conf = 460-version-negotiation-ssl - -[460-version-negotiation-ssl] -server = 460-version-negotiation-server -client = 460-version-negotiation-client - -[460-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[460-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-460] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[461-version-negotiation] -ssl_conf = 461-version-negotiation-ssl - -[461-version-negotiation-ssl] -server = 461-version-negotiation-server -client = 461-version-negotiation-client - -[461-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[461-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-461] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[462-version-negotiation] -ssl_conf = 462-version-negotiation-ssl - -[462-version-negotiation-ssl] -server = 462-version-negotiation-server -client = 462-version-negotiation-client - -[462-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[462-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-462] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[463-version-negotiation] -ssl_conf = 463-version-negotiation-ssl - -[463-version-negotiation-ssl] -server = 463-version-negotiation-server -client = 463-version-negotiation-client - -[463-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[463-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-463] -ExpectedResult = ServerFail - - -# =========================================================== - -[464-version-negotiation] -ssl_conf = 464-version-negotiation-ssl - -[464-version-negotiation-ssl] -server = 464-version-negotiation-server -client = 464-version-negotiation-client - -[464-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[464-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-464] -ExpectedResult = ServerFail - - -# =========================================================== - -[465-version-negotiation] -ssl_conf = 465-version-negotiation-ssl - -[465-version-negotiation-ssl] -server = 465-version-negotiation-server -client = 465-version-negotiation-client - -[465-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[465-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-465] -ExpectedResult = ServerFail - - -# =========================================================== - -[466-version-negotiation] -ssl_conf = 466-version-negotiation-ssl - -[466-version-negotiation-ssl] -server = 466-version-negotiation-server -client = 466-version-negotiation-client - -[466-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[466-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-466] -ExpectedResult = ServerFail - - -# =========================================================== - -[467-version-negotiation] -ssl_conf = 467-version-negotiation-ssl - -[467-version-negotiation-ssl] -server = 467-version-negotiation-server -client = 467-version-negotiation-client - -[467-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[467-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-467] -ExpectedResult = ServerFail - - -# =========================================================== - -[468-version-negotiation] -ssl_conf = 468-version-negotiation-ssl - -[468-version-negotiation-ssl] -server = 468-version-negotiation-server -client = 468-version-negotiation-client - -[468-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[468-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-468] -ExpectedResult = ServerFail - - -# =========================================================== - -[469-version-negotiation] -ssl_conf = 469-version-negotiation-ssl - -[469-version-negotiation-ssl] -server = 469-version-negotiation-server -client = 469-version-negotiation-client - -[469-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[469-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-469] -ExpectedResult = ClientFail - - -# =========================================================== - -[470-version-negotiation] -ssl_conf = 470-version-negotiation-ssl - -[470-version-negotiation-ssl] -server = 470-version-negotiation-server -client = 470-version-negotiation-client - -[470-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[470-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-470] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[471-version-negotiation] -ssl_conf = 471-version-negotiation-ssl - -[471-version-negotiation-ssl] -server = 471-version-negotiation-server -client = 471-version-negotiation-client - -[471-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[471-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-471] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[472-version-negotiation] -ssl_conf = 472-version-negotiation-ssl - -[472-version-negotiation-ssl] -server = 472-version-negotiation-server -client = 472-version-negotiation-client - -[472-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[472-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-472] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[473-version-negotiation] -ssl_conf = 473-version-negotiation-ssl - -[473-version-negotiation-ssl] -server = 473-version-negotiation-server -client = 473-version-negotiation-client - -[473-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[473-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-473] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[474-version-negotiation] -ssl_conf = 474-version-negotiation-ssl - -[474-version-negotiation-ssl] -server = 474-version-negotiation-server -client = 474-version-negotiation-client - -[474-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[474-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-474] -ExpectedResult = ServerFail - - -# =========================================================== - -[475-version-negotiation] -ssl_conf = 475-version-negotiation-ssl - -[475-version-negotiation-ssl] -server = 475-version-negotiation-server -client = 475-version-negotiation-client - -[475-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[475-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-475] -ExpectedResult = ClientFail - - -# =========================================================== - -[476-version-negotiation] -ssl_conf = 476-version-negotiation-ssl - -[476-version-negotiation-ssl] -server = 476-version-negotiation-server -client = 476-version-negotiation-client - -[476-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[476-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-476] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[477-version-negotiation] -ssl_conf = 477-version-negotiation-ssl - -[477-version-negotiation-ssl] -server = 477-version-negotiation-server -client = 477-version-negotiation-client - -[477-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[477-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-477] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[478-version-negotiation] -ssl_conf = 478-version-negotiation-ssl - -[478-version-negotiation-ssl] -server = 478-version-negotiation-server -client = 478-version-negotiation-client - -[478-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[478-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-478] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[479-version-negotiation] -ssl_conf = 479-version-negotiation-ssl - -[479-version-negotiation-ssl] -server = 479-version-negotiation-server -client = 479-version-negotiation-client - -[479-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[479-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-479] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[480-version-negotiation] -ssl_conf = 480-version-negotiation-ssl - -[480-version-negotiation-ssl] -server = 480-version-negotiation-server -client = 480-version-negotiation-client - -[480-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[480-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-480] -ExpectedResult = ClientFail - - -# =========================================================== - -[481-version-negotiation] -ssl_conf = 481-version-negotiation-ssl - -[481-version-negotiation-ssl] -server = 481-version-negotiation-server -client = 481-version-negotiation-client - -[481-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[481-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-481] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[482-version-negotiation] -ssl_conf = 482-version-negotiation-ssl - -[482-version-negotiation-ssl] -server = 482-version-negotiation-server -client = 482-version-negotiation-client - -[482-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[482-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-482] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[483-version-negotiation] -ssl_conf = 483-version-negotiation-ssl - -[483-version-negotiation-ssl] -server = 483-version-negotiation-server -client = 483-version-negotiation-client - -[483-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[483-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-483] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[484-version-negotiation] -ssl_conf = 484-version-negotiation-ssl - -[484-version-negotiation-ssl] -server = 484-version-negotiation-server -client = 484-version-negotiation-client - -[484-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[484-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-484] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[485-version-negotiation] -ssl_conf = 485-version-negotiation-ssl - -[485-version-negotiation-ssl] -server = 485-version-negotiation-server -client = 485-version-negotiation-client - -[485-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[485-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-485] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[486-version-negotiation] -ssl_conf = 486-version-negotiation-ssl - -[486-version-negotiation-ssl] -server = 486-version-negotiation-server -client = 486-version-negotiation-client - -[486-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[486-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-486] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[487-version-negotiation] -ssl_conf = 487-version-negotiation-ssl - -[487-version-negotiation-ssl] -server = 487-version-negotiation-server -client = 487-version-negotiation-client - -[487-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[487-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-487] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[488-version-negotiation] -ssl_conf = 488-version-negotiation-ssl - -[488-version-negotiation-ssl] -server = 488-version-negotiation-server -client = 488-version-negotiation-client - -[488-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[488-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-488] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[489-version-negotiation] -ssl_conf = 489-version-negotiation-ssl - -[489-version-negotiation-ssl] -server = 489-version-negotiation-server -client = 489-version-negotiation-client - -[489-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[489-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-489] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[490-version-negotiation] -ssl_conf = 490-version-negotiation-ssl - -[490-version-negotiation-ssl] -server = 490-version-negotiation-server -client = 490-version-negotiation-client - -[490-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[490-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-490] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[491-version-negotiation] -ssl_conf = 491-version-negotiation-ssl - -[491-version-negotiation-ssl] -server = 491-version-negotiation-server -client = 491-version-negotiation-client - -[491-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[491-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-491] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[492-version-negotiation] -ssl_conf = 492-version-negotiation-ssl - -[492-version-negotiation-ssl] -server = 492-version-negotiation-server -client = 492-version-negotiation-client - -[492-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[492-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-492] -ExpectedResult = ServerFail - - -# =========================================================== - -[493-version-negotiation] -ssl_conf = 493-version-negotiation-ssl - -[493-version-negotiation-ssl] -server = 493-version-negotiation-server -client = 493-version-negotiation-client - -[493-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[493-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-493] -ExpectedResult = ServerFail - - -# =========================================================== - -[494-version-negotiation] -ssl_conf = 494-version-negotiation-ssl - -[494-version-negotiation-ssl] -server = 494-version-negotiation-server -client = 494-version-negotiation-client - -[494-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[494-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-494] -ExpectedResult = ServerFail - - -# =========================================================== - -[495-version-negotiation] -ssl_conf = 495-version-negotiation-ssl - -[495-version-negotiation-ssl] -server = 495-version-negotiation-server -client = 495-version-negotiation-client - -[495-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[495-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-495] -ExpectedResult = ServerFail - - -# =========================================================== - -[496-version-negotiation] -ssl_conf = 496-version-negotiation-ssl - -[496-version-negotiation-ssl] -server = 496-version-negotiation-server -client = 496-version-negotiation-client - -[496-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[496-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-496] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[497-version-negotiation] -ssl_conf = 497-version-negotiation-ssl - -[497-version-negotiation-ssl] -server = 497-version-negotiation-server -client = 497-version-negotiation-client - -[497-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[497-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-497] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[498-version-negotiation] -ssl_conf = 498-version-negotiation-ssl - -[498-version-negotiation-ssl] -server = 498-version-negotiation-server -client = 498-version-negotiation-client - -[498-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[498-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-498] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[499-version-negotiation] -ssl_conf = 499-version-negotiation-ssl - -[499-version-negotiation-ssl] -server = 499-version-negotiation-server -client = 499-version-negotiation-client - -[499-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[499-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-499] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[500-version-negotiation] -ssl_conf = 500-version-negotiation-ssl - -[500-version-negotiation-ssl] -server = 500-version-negotiation-server -client = 500-version-negotiation-client - -[500-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[500-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-500] -ExpectedResult = ServerFail - - -# =========================================================== - -[501-version-negotiation] -ssl_conf = 501-version-negotiation-ssl - -[501-version-negotiation-ssl] -server = 501-version-negotiation-server -client = 501-version-negotiation-client - -[501-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[501-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-501] -ExpectedResult = ServerFail - - -# =========================================================== - -[502-version-negotiation] -ssl_conf = 502-version-negotiation-ssl - -[502-version-negotiation-ssl] -server = 502-version-negotiation-server -client = 502-version-negotiation-client - -[502-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[502-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-502] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[503-version-negotiation] -ssl_conf = 503-version-negotiation-ssl - -[503-version-negotiation-ssl] -server = 503-version-negotiation-server -client = 503-version-negotiation-client - -[503-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[503-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-503] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[504-version-negotiation] -ssl_conf = 504-version-negotiation-ssl - -[504-version-negotiation-ssl] -server = 504-version-negotiation-server -client = 504-version-negotiation-client - -[504-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[504-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-504] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[505-version-negotiation] -ssl_conf = 505-version-negotiation-ssl - -[505-version-negotiation-ssl] -server = 505-version-negotiation-server -client = 505-version-negotiation-client - -[505-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[505-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-505] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[506-version-negotiation] -ssl_conf = 506-version-negotiation-ssl - -[506-version-negotiation-ssl] -server = 506-version-negotiation-server -client = 506-version-negotiation-client - -[506-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[506-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-506] -ExpectedResult = ServerFail - - -# =========================================================== - -[507-version-negotiation] -ssl_conf = 507-version-negotiation-ssl - -[507-version-negotiation-ssl] -server = 507-version-negotiation-server -client = 507-version-negotiation-client - -[507-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[507-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-507] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[508-version-negotiation] -ssl_conf = 508-version-negotiation-ssl - -[508-version-negotiation-ssl] -server = 508-version-negotiation-server -client = 508-version-negotiation-client - -[508-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[508-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-508] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[509-version-negotiation] -ssl_conf = 509-version-negotiation-ssl - -[509-version-negotiation-ssl] -server = 509-version-negotiation-server -client = 509-version-negotiation-client - -[509-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[509-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-509] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[510-version-negotiation] -ssl_conf = 510-version-negotiation-ssl - -[510-version-negotiation-ssl] -server = 510-version-negotiation-server -client = 510-version-negotiation-client - -[510-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[510-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-510] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[511-version-negotiation] -ssl_conf = 511-version-negotiation-ssl - -[511-version-negotiation-ssl] -server = 511-version-negotiation-server -client = 511-version-negotiation-client - -[511-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[511-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-511] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[512-version-negotiation] -ssl_conf = 512-version-negotiation-ssl - -[512-version-negotiation-ssl] -server = 512-version-negotiation-server -client = 512-version-negotiation-client - -[512-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[512-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-512] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[513-version-negotiation] -ssl_conf = 513-version-negotiation-ssl - -[513-version-negotiation-ssl] -server = 513-version-negotiation-server -client = 513-version-negotiation-client - -[513-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[513-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-513] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[514-version-negotiation] -ssl_conf = 514-version-negotiation-ssl - -[514-version-negotiation-ssl] -server = 514-version-negotiation-server -client = 514-version-negotiation-client - -[514-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[514-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-514] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[515-version-negotiation] -ssl_conf = 515-version-negotiation-ssl - -[515-version-negotiation-ssl] -server = 515-version-negotiation-server -client = 515-version-negotiation-client - -[515-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[515-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-515] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[516-version-negotiation] -ssl_conf = 516-version-negotiation-ssl - -[516-version-negotiation-ssl] -server = 516-version-negotiation-server -client = 516-version-negotiation-client - -[516-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[516-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-516] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[517-version-negotiation] -ssl_conf = 517-version-negotiation-ssl - -[517-version-negotiation-ssl] -server = 517-version-negotiation-server -client = 517-version-negotiation-client - -[517-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[517-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-517] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[518-version-negotiation] -ssl_conf = 518-version-negotiation-ssl - -[518-version-negotiation-ssl] -server = 518-version-negotiation-server -client = 518-version-negotiation-client - -[518-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[518-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-518] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[519-version-negotiation] -ssl_conf = 519-version-negotiation-ssl - -[519-version-negotiation-ssl] -server = 519-version-negotiation-server -client = 519-version-negotiation-client - -[519-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[519-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-519] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[520-version-negotiation] -ssl_conf = 520-version-negotiation-ssl - -[520-version-negotiation-ssl] -server = 520-version-negotiation-server -client = 520-version-negotiation-client - -[520-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[520-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-520] -ExpectedResult = ServerFail - - -# =========================================================== - -[521-version-negotiation] -ssl_conf = 521-version-negotiation-ssl - -[521-version-negotiation-ssl] -server = 521-version-negotiation-server -client = 521-version-negotiation-client - -[521-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[521-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-521] -ExpectedResult = ServerFail - - -# =========================================================== - -[522-version-negotiation] -ssl_conf = 522-version-negotiation-ssl - -[522-version-negotiation-ssl] -server = 522-version-negotiation-server -client = 522-version-negotiation-client - -[522-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[522-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-522] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[523-version-negotiation] -ssl_conf = 523-version-negotiation-ssl - -[523-version-negotiation-ssl] -server = 523-version-negotiation-server -client = 523-version-negotiation-client - -[523-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[523-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-523] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[524-version-negotiation] -ssl_conf = 524-version-negotiation-ssl - -[524-version-negotiation-ssl] -server = 524-version-negotiation-server -client = 524-version-negotiation-client - -[524-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[524-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-524] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[525-version-negotiation] -ssl_conf = 525-version-negotiation-ssl - -[525-version-negotiation-ssl] -server = 525-version-negotiation-server -client = 525-version-negotiation-client - -[525-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[525-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-525] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[526-version-negotiation] -ssl_conf = 526-version-negotiation-ssl - -[526-version-negotiation-ssl] -server = 526-version-negotiation-server -client = 526-version-negotiation-client - -[526-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[526-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-526] -ExpectedResult = ServerFail - - -# =========================================================== - -[527-version-negotiation] -ssl_conf = 527-version-negotiation-ssl - -[527-version-negotiation-ssl] -server = 527-version-negotiation-server -client = 527-version-negotiation-client - -[527-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[527-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-527] -ExpectedResult = ServerFail - - -# =========================================================== - -[528-version-negotiation] -ssl_conf = 528-version-negotiation-ssl - -[528-version-negotiation-ssl] -server = 528-version-negotiation-server -client = 528-version-negotiation-client - -[528-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[528-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-528] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[529-version-negotiation] -ssl_conf = 529-version-negotiation-ssl - -[529-version-negotiation-ssl] -server = 529-version-negotiation-server -client = 529-version-negotiation-client - -[529-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[529-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-529] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[530-version-negotiation] -ssl_conf = 530-version-negotiation-ssl - -[530-version-negotiation-ssl] -server = 530-version-negotiation-server -client = 530-version-negotiation-client - -[530-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[530-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-530] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[531-version-negotiation] -ssl_conf = 531-version-negotiation-ssl - -[531-version-negotiation-ssl] -server = 531-version-negotiation-server -client = 531-version-negotiation-client - -[531-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[531-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-531] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[532-version-negotiation] -ssl_conf = 532-version-negotiation-ssl - -[532-version-negotiation-ssl] -server = 532-version-negotiation-server -client = 532-version-negotiation-client - -[532-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[532-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-532] -ExpectedResult = ServerFail - - -# =========================================================== - -[533-version-negotiation] -ssl_conf = 533-version-negotiation-ssl - -[533-version-negotiation-ssl] -server = 533-version-negotiation-server -client = 533-version-negotiation-client - -[533-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[533-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-533] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[534-version-negotiation] -ssl_conf = 534-version-negotiation-ssl - -[534-version-negotiation-ssl] -server = 534-version-negotiation-server -client = 534-version-negotiation-client - -[534-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[534-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-534] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[535-version-negotiation] -ssl_conf = 535-version-negotiation-ssl - -[535-version-negotiation-ssl] -server = 535-version-negotiation-server -client = 535-version-negotiation-client - -[535-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[535-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-535] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[536-version-negotiation] -ssl_conf = 536-version-negotiation-ssl - -[536-version-negotiation-ssl] -server = 536-version-negotiation-server -client = 536-version-negotiation-client - -[536-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[536-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-536] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[537-version-negotiation] -ssl_conf = 537-version-negotiation-ssl - -[537-version-negotiation-ssl] -server = 537-version-negotiation-server -client = 537-version-negotiation-client - -[537-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[537-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-537] -ExpectedProtocol = TLSv1.1 -ExpectedResult = Success - - -# =========================================================== - -[538-version-negotiation] -ssl_conf = 538-version-negotiation-ssl - -[538-version-negotiation-ssl] -server = 538-version-negotiation-server -client = 538-version-negotiation-client - -[538-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[538-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-538] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[539-version-negotiation] -ssl_conf = 539-version-negotiation-ssl - -[539-version-negotiation-ssl] -server = 539-version-negotiation-server -client = 539-version-negotiation-client - -[539-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[539-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-539] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[540-version-negotiation] -ssl_conf = 540-version-negotiation-ssl - -[540-version-negotiation-ssl] -server = 540-version-negotiation-server -client = 540-version-negotiation-client - -[540-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[540-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-540] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[541-version-negotiation] -ssl_conf = 541-version-negotiation-ssl - -[541-version-negotiation-ssl] -server = 541-version-negotiation-server -client = 541-version-negotiation-client - -[541-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[541-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-541] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[542-version-negotiation] -ssl_conf = 542-version-negotiation-ssl - -[542-version-negotiation-ssl] -server = 542-version-negotiation-server -client = 542-version-negotiation-client - -[542-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[542-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-542] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[543-version-negotiation] -ssl_conf = 543-version-negotiation-ssl - -[543-version-negotiation-ssl] -server = 543-version-negotiation-server -client = 543-version-negotiation-client - -[543-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[543-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-543] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[544-version-negotiation] -ssl_conf = 544-version-negotiation-ssl - -[544-version-negotiation-ssl] -server = 544-version-negotiation-server -client = 544-version-negotiation-client - -[544-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[544-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-544] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[545-version-negotiation] -ssl_conf = 545-version-negotiation-ssl - -[545-version-negotiation-ssl] -server = 545-version-negotiation-server -client = 545-version-negotiation-client - -[545-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[545-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-545] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[546-version-negotiation] -ssl_conf = 546-version-negotiation-ssl - -[546-version-negotiation-ssl] -server = 546-version-negotiation-server -client = 546-version-negotiation-client - -[546-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[546-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-546] -ExpectedResult = ServerFail - - -# =========================================================== - -[547-version-negotiation] -ssl_conf = 547-version-negotiation-ssl - -[547-version-negotiation-ssl] -server = 547-version-negotiation-server -client = 547-version-negotiation-client - -[547-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[547-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-547] -ExpectedResult = ClientFail - - -# =========================================================== - -[548-version-negotiation] -ssl_conf = 548-version-negotiation-ssl - -[548-version-negotiation-ssl] -server = 548-version-negotiation-server -client = 548-version-negotiation-client - -[548-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[548-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-548] -ExpectedResult = ClientFail - - -# =========================================================== - -[549-version-negotiation] -ssl_conf = 549-version-negotiation-ssl - -[549-version-negotiation-ssl] -server = 549-version-negotiation-server -client = 549-version-negotiation-client - -[549-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[549-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-549] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[550-version-negotiation] -ssl_conf = 550-version-negotiation-ssl - -[550-version-negotiation-ssl] -server = 550-version-negotiation-server -client = 550-version-negotiation-client - -[550-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[550-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-550] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[551-version-negotiation] -ssl_conf = 551-version-negotiation-ssl - -[551-version-negotiation-ssl] -server = 551-version-negotiation-server -client = 551-version-negotiation-client - -[551-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[551-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-551] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[552-version-negotiation] -ssl_conf = 552-version-negotiation-ssl - -[552-version-negotiation-ssl] -server = 552-version-negotiation-server -client = 552-version-negotiation-client - -[552-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[552-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-552] -ExpectedResult = ServerFail - - -# =========================================================== - -[553-version-negotiation] -ssl_conf = 553-version-negotiation-ssl - -[553-version-negotiation-ssl] -server = 553-version-negotiation-server -client = 553-version-negotiation-client - -[553-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[553-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-553] -ExpectedResult = ClientFail - - -# =========================================================== - -[554-version-negotiation] -ssl_conf = 554-version-negotiation-ssl - -[554-version-negotiation-ssl] -server = 554-version-negotiation-server -client = 554-version-negotiation-client - -[554-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[554-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-554] -ExpectedResult = ClientFail - - -# =========================================================== - -[555-version-negotiation] -ssl_conf = 555-version-negotiation-ssl - -[555-version-negotiation-ssl] -server = 555-version-negotiation-server -client = 555-version-negotiation-client - -[555-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[555-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-555] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[556-version-negotiation] -ssl_conf = 556-version-negotiation-ssl - -[556-version-negotiation-ssl] -server = 556-version-negotiation-server -client = 556-version-negotiation-client - -[556-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[556-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-556] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[557-version-negotiation] -ssl_conf = 557-version-negotiation-ssl - -[557-version-negotiation-ssl] -server = 557-version-negotiation-server -client = 557-version-negotiation-client - -[557-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[557-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-557] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[558-version-negotiation] -ssl_conf = 558-version-negotiation-ssl - -[558-version-negotiation-ssl] -server = 558-version-negotiation-server -client = 558-version-negotiation-client - -[558-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[558-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-558] -ExpectedResult = ClientFail - - -# =========================================================== - -[559-version-negotiation] -ssl_conf = 559-version-negotiation-ssl - -[559-version-negotiation-ssl] -server = 559-version-negotiation-server -client = 559-version-negotiation-client - -[559-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[559-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-559] -ExpectedResult = ClientFail - - -# =========================================================== - -[560-version-negotiation] -ssl_conf = 560-version-negotiation-ssl - -[560-version-negotiation-ssl] -server = 560-version-negotiation-server -client = 560-version-negotiation-client - -[560-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[560-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-560] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[561-version-negotiation] -ssl_conf = 561-version-negotiation-ssl - -[561-version-negotiation-ssl] -server = 561-version-negotiation-server -client = 561-version-negotiation-client - -[561-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[561-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-561] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[562-version-negotiation] -ssl_conf = 562-version-negotiation-ssl - -[562-version-negotiation-ssl] -server = 562-version-negotiation-server -client = 562-version-negotiation-client - -[562-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[562-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-562] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[563-version-negotiation] -ssl_conf = 563-version-negotiation-ssl - -[563-version-negotiation-ssl] -server = 563-version-negotiation-server -client = 563-version-negotiation-client - -[563-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[563-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-563] -ExpectedResult = ClientFail - - -# =========================================================== - -[564-version-negotiation] -ssl_conf = 564-version-negotiation-ssl - -[564-version-negotiation-ssl] -server = 564-version-negotiation-server -client = 564-version-negotiation-client - -[564-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[564-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-564] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[565-version-negotiation] -ssl_conf = 565-version-negotiation-ssl - -[565-version-negotiation-ssl] -server = 565-version-negotiation-server -client = 565-version-negotiation-client - -[565-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[565-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-565] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[566-version-negotiation] -ssl_conf = 566-version-negotiation-ssl - -[566-version-negotiation-ssl] -server = 566-version-negotiation-server -client = 566-version-negotiation-client - -[566-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[566-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-566] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[567-version-negotiation] -ssl_conf = 567-version-negotiation-ssl - -[567-version-negotiation-ssl] -server = 567-version-negotiation-server -client = 567-version-negotiation-client - -[567-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[567-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-567] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[568-version-negotiation] -ssl_conf = 568-version-negotiation-ssl - -[568-version-negotiation-ssl] -server = 568-version-negotiation-server -client = 568-version-negotiation-client - -[568-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[568-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-568] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[569-version-negotiation] -ssl_conf = 569-version-negotiation-ssl - -[569-version-negotiation-ssl] -server = 569-version-negotiation-server -client = 569-version-negotiation-client - -[569-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[569-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-569] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[570-version-negotiation] -ssl_conf = 570-version-negotiation-ssl - -[570-version-negotiation-ssl] -server = 570-version-negotiation-server -client = 570-version-negotiation-client - -[570-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[570-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-570] -ExpectedResult = ServerFail - - -# =========================================================== - -[571-version-negotiation] -ssl_conf = 571-version-negotiation-ssl - -[571-version-negotiation-ssl] -server = 571-version-negotiation-server -client = 571-version-negotiation-client - -[571-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[571-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-571] -ExpectedResult = ServerFail - - -# =========================================================== - -[572-version-negotiation] -ssl_conf = 572-version-negotiation-ssl - -[572-version-negotiation-ssl] -server = 572-version-negotiation-server -client = 572-version-negotiation-client - -[572-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[572-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-572] -ExpectedResult = ServerFail - - -# =========================================================== - -[573-version-negotiation] -ssl_conf = 573-version-negotiation-ssl - -[573-version-negotiation-ssl] -server = 573-version-negotiation-server -client = 573-version-negotiation-client - -[573-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[573-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-573] -ExpectedResult = ServerFail - - -# =========================================================== - -[574-version-negotiation] -ssl_conf = 574-version-negotiation-ssl - -[574-version-negotiation-ssl] -server = 574-version-negotiation-server -client = 574-version-negotiation-client - -[574-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[574-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-574] -ExpectedResult = ServerFail - - -# =========================================================== - -[575-version-negotiation] -ssl_conf = 575-version-negotiation-ssl - -[575-version-negotiation-ssl] -server = 575-version-negotiation-server -client = 575-version-negotiation-client - -[575-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[575-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-575] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[576-version-negotiation] -ssl_conf = 576-version-negotiation-ssl - -[576-version-negotiation-ssl] -server = 576-version-negotiation-server -client = 576-version-negotiation-client - -[576-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[576-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-576] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[577-version-negotiation] -ssl_conf = 577-version-negotiation-ssl - -[577-version-negotiation-ssl] -server = 577-version-negotiation-server -client = 577-version-negotiation-client - -[577-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[577-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-577] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[578-version-negotiation] -ssl_conf = 578-version-negotiation-ssl - -[578-version-negotiation-ssl] -server = 578-version-negotiation-server -client = 578-version-negotiation-client - -[578-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[578-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-578] -ExpectedResult = ServerFail - - -# =========================================================== - -[579-version-negotiation] -ssl_conf = 579-version-negotiation-ssl - -[579-version-negotiation-ssl] -server = 579-version-negotiation-server -client = 579-version-negotiation-client - -[579-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[579-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-579] -ExpectedResult = ServerFail - - -# =========================================================== - -[580-version-negotiation] -ssl_conf = 580-version-negotiation-ssl - -[580-version-negotiation-ssl] -server = 580-version-negotiation-server -client = 580-version-negotiation-client - -[580-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[580-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-580] -ExpectedResult = ServerFail - - -# =========================================================== - -[581-version-negotiation] -ssl_conf = 581-version-negotiation-ssl - -[581-version-negotiation-ssl] -server = 581-version-negotiation-server -client = 581-version-negotiation-client - -[581-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[581-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-581] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[582-version-negotiation] -ssl_conf = 582-version-negotiation-ssl - -[582-version-negotiation-ssl] -server = 582-version-negotiation-server -client = 582-version-negotiation-client - -[582-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[582-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-582] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[583-version-negotiation] -ssl_conf = 583-version-negotiation-ssl - -[583-version-negotiation-ssl] -server = 583-version-negotiation-server -client = 583-version-negotiation-client - -[583-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[583-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-583] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[584-version-negotiation] -ssl_conf = 584-version-negotiation-ssl - -[584-version-negotiation-ssl] -server = 584-version-negotiation-server -client = 584-version-negotiation-client - -[584-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[584-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-584] -ExpectedResult = ServerFail - - -# =========================================================== - -[585-version-negotiation] -ssl_conf = 585-version-negotiation-ssl - -[585-version-negotiation-ssl] -server = 585-version-negotiation-server -client = 585-version-negotiation-client - -[585-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[585-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-585] -ExpectedResult = ServerFail - - -# =========================================================== - -[586-version-negotiation] -ssl_conf = 586-version-negotiation-ssl - -[586-version-negotiation-ssl] -server = 586-version-negotiation-server -client = 586-version-negotiation-client - -[586-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[586-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-586] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[587-version-negotiation] -ssl_conf = 587-version-negotiation-ssl - -[587-version-negotiation-ssl] -server = 587-version-negotiation-server -client = 587-version-negotiation-client - -[587-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[587-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-587] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[588-version-negotiation] -ssl_conf = 588-version-negotiation-ssl - -[588-version-negotiation-ssl] -server = 588-version-negotiation-server -client = 588-version-negotiation-client - -[588-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[588-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-588] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[589-version-negotiation] -ssl_conf = 589-version-negotiation-ssl - -[589-version-negotiation-ssl] -server = 589-version-negotiation-server -client = 589-version-negotiation-client - -[589-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[589-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-589] -ExpectedResult = ServerFail - - -# =========================================================== - -[590-version-negotiation] -ssl_conf = 590-version-negotiation-ssl - -[590-version-negotiation-ssl] -server = 590-version-negotiation-server -client = 590-version-negotiation-client - -[590-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[590-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-590] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[591-version-negotiation] -ssl_conf = 591-version-negotiation-ssl - -[591-version-negotiation-ssl] -server = 591-version-negotiation-server -client = 591-version-negotiation-client - -[591-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[591-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-591] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[592-version-negotiation] -ssl_conf = 592-version-negotiation-ssl - -[592-version-negotiation-ssl] -server = 592-version-negotiation-server -client = 592-version-negotiation-client - -[592-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[592-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-592] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[593-version-negotiation] -ssl_conf = 593-version-negotiation-ssl - -[593-version-negotiation-ssl] -server = 593-version-negotiation-server -client = 593-version-negotiation-client - -[593-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[593-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-593] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[594-version-negotiation] -ssl_conf = 594-version-negotiation-ssl - -[594-version-negotiation-ssl] -server = 594-version-negotiation-server -client = 594-version-negotiation-client - -[594-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[594-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-594] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[595-version-negotiation] -ssl_conf = 595-version-negotiation-ssl - -[595-version-negotiation-ssl] -server = 595-version-negotiation-server -client = 595-version-negotiation-client - -[595-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[595-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-595] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[596-version-negotiation] -ssl_conf = 596-version-negotiation-ssl - -[596-version-negotiation-ssl] -server = 596-version-negotiation-server -client = 596-version-negotiation-client - -[596-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[596-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-596] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[597-version-negotiation] -ssl_conf = 597-version-negotiation-ssl - -[597-version-negotiation-ssl] -server = 597-version-negotiation-server -client = 597-version-negotiation-client - -[597-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[597-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-597] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[598-version-negotiation] -ssl_conf = 598-version-negotiation-ssl - -[598-version-negotiation-ssl] -server = 598-version-negotiation-server -client = 598-version-negotiation-client - -[598-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[598-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-598] -ExpectedResult = ServerFail - - -# =========================================================== - -[599-version-negotiation] -ssl_conf = 599-version-negotiation-ssl - -[599-version-negotiation-ssl] -server = 599-version-negotiation-server -client = 599-version-negotiation-client - -[599-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[599-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-599] -ExpectedResult = ServerFail - - -# =========================================================== - -[600-version-negotiation] -ssl_conf = 600-version-negotiation-ssl - -[600-version-negotiation-ssl] -server = 600-version-negotiation-server -client = 600-version-negotiation-client - -[600-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[600-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-600] -ExpectedResult = ServerFail - - -# =========================================================== - -[601-version-negotiation] -ssl_conf = 601-version-negotiation-ssl - -[601-version-negotiation-ssl] -server = 601-version-negotiation-server -client = 601-version-negotiation-client - -[601-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[601-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-601] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[602-version-negotiation] -ssl_conf = 602-version-negotiation-ssl - -[602-version-negotiation-ssl] -server = 602-version-negotiation-server -client = 602-version-negotiation-client - -[602-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[602-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-602] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[603-version-negotiation] -ssl_conf = 603-version-negotiation-ssl - -[603-version-negotiation-ssl] -server = 603-version-negotiation-server -client = 603-version-negotiation-client - -[603-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[603-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-603] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[604-version-negotiation] -ssl_conf = 604-version-negotiation-ssl - -[604-version-negotiation-ssl] -server = 604-version-negotiation-server -client = 604-version-negotiation-client - -[604-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[604-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-604] -ExpectedResult = ServerFail - - -# =========================================================== - -[605-version-negotiation] -ssl_conf = 605-version-negotiation-ssl - -[605-version-negotiation-ssl] -server = 605-version-negotiation-server -client = 605-version-negotiation-client - -[605-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[605-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-605] -ExpectedResult = ServerFail - - -# =========================================================== - -[606-version-negotiation] -ssl_conf = 606-version-negotiation-ssl - -[606-version-negotiation-ssl] -server = 606-version-negotiation-server -client = 606-version-negotiation-client - -[606-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[606-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-606] -ExpectedResult = ServerFail - - -# =========================================================== - -[607-version-negotiation] -ssl_conf = 607-version-negotiation-ssl - -[607-version-negotiation-ssl] -server = 607-version-negotiation-server -client = 607-version-negotiation-client - -[607-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[607-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-607] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[608-version-negotiation] -ssl_conf = 608-version-negotiation-ssl - -[608-version-negotiation-ssl] -server = 608-version-negotiation-server -client = 608-version-negotiation-client - -[608-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[608-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-608] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[609-version-negotiation] -ssl_conf = 609-version-negotiation-ssl - -[609-version-negotiation-ssl] -server = 609-version-negotiation-server -client = 609-version-negotiation-client - -[609-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[609-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-609] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[610-version-negotiation] -ssl_conf = 610-version-negotiation-ssl - -[610-version-negotiation-ssl] -server = 610-version-negotiation-server -client = 610-version-negotiation-client - -[610-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[610-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-610] -ExpectedResult = ServerFail - - -# =========================================================== - -[611-version-negotiation] -ssl_conf = 611-version-negotiation-ssl - -[611-version-negotiation-ssl] -server = 611-version-negotiation-server -client = 611-version-negotiation-client - -[611-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[611-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-611] -ExpectedResult = ServerFail - - -# =========================================================== - -[612-version-negotiation] -ssl_conf = 612-version-negotiation-ssl - -[612-version-negotiation-ssl] -server = 612-version-negotiation-server -client = 612-version-negotiation-client - -[612-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[612-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-612] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[613-version-negotiation] -ssl_conf = 613-version-negotiation-ssl - -[613-version-negotiation-ssl] -server = 613-version-negotiation-server -client = 613-version-negotiation-client - -[613-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[613-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-613] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[614-version-negotiation] -ssl_conf = 614-version-negotiation-ssl - -[614-version-negotiation-ssl] -server = 614-version-negotiation-server -client = 614-version-negotiation-client - -[614-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[614-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-614] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[615-version-negotiation] -ssl_conf = 615-version-negotiation-ssl - -[615-version-negotiation-ssl] -server = 615-version-negotiation-server -client = 615-version-negotiation-client - -[615-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[615-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-615] -ExpectedResult = ServerFail - - -# =========================================================== - -[616-version-negotiation] -ssl_conf = 616-version-negotiation-ssl - -[616-version-negotiation-ssl] -server = 616-version-negotiation-server -client = 616-version-negotiation-client - -[616-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[616-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-616] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[617-version-negotiation] -ssl_conf = 617-version-negotiation-ssl - -[617-version-negotiation-ssl] -server = 617-version-negotiation-server -client = 617-version-negotiation-client - -[617-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[617-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-617] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[618-version-negotiation] -ssl_conf = 618-version-negotiation-ssl - -[618-version-negotiation-ssl] -server = 618-version-negotiation-server -client = 618-version-negotiation-client - -[618-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[618-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-618] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[619-version-negotiation] -ssl_conf = 619-version-negotiation-ssl - -[619-version-negotiation-ssl] -server = 619-version-negotiation-server -client = 619-version-negotiation-client - -[619-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[619-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-619] -ExpectedProtocol = TLSv1.2 -ExpectedResult = Success - - -# =========================================================== - -[620-version-negotiation] -ssl_conf = 620-version-negotiation-ssl - -[620-version-negotiation-ssl] -server = 620-version-negotiation-server -client = 620-version-negotiation-client - -[620-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[620-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-620] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[621-version-negotiation] -ssl_conf = 621-version-negotiation-ssl - -[621-version-negotiation-ssl] -server = 621-version-negotiation-server -client = 621-version-negotiation-client - -[621-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[621-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-621] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[622-version-negotiation] -ssl_conf = 622-version-negotiation-ssl - -[622-version-negotiation-ssl] -server = 622-version-negotiation-server -client = 622-version-negotiation-client - -[622-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[622-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-622] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[623-version-negotiation] -ssl_conf = 623-version-negotiation-ssl - -[623-version-negotiation-ssl] -server = 623-version-negotiation-server -client = 623-version-negotiation-client - -[623-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[623-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-623] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[624-version-negotiation] -ssl_conf = 624-version-negotiation-ssl - -[624-version-negotiation-ssl] -server = 624-version-negotiation-server -client = 624-version-negotiation-client - -[624-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[624-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-624] -ExpectedResult = ServerFail - - -# =========================================================== - -[625-version-negotiation] -ssl_conf = 625-version-negotiation-ssl - -[625-version-negotiation-ssl] -server = 625-version-negotiation-server -client = 625-version-negotiation-client - -[625-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[625-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-625] -ExpectedResult = ServerFail - - -# =========================================================== - -[626-version-negotiation] -ssl_conf = 626-version-negotiation-ssl - -[626-version-negotiation-ssl] -server = 626-version-negotiation-server -client = 626-version-negotiation-client - -[626-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[626-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-626] -ExpectedResult = ServerFail - - -# =========================================================== - -[627-version-negotiation] -ssl_conf = 627-version-negotiation-ssl - -[627-version-negotiation-ssl] -server = 627-version-negotiation-server -client = 627-version-negotiation-client - -[627-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[627-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-627] -ExpectedResult = ServerFail - - -# =========================================================== - -[628-version-negotiation] -ssl_conf = 628-version-negotiation-ssl - -[628-version-negotiation-ssl] -server = 628-version-negotiation-server -client = 628-version-negotiation-client - -[628-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[628-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-628] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[629-version-negotiation] -ssl_conf = 629-version-negotiation-ssl - -[629-version-negotiation-ssl] -server = 629-version-negotiation-server -client = 629-version-negotiation-client - -[629-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[629-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-629] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[630-version-negotiation] -ssl_conf = 630-version-negotiation-ssl - -[630-version-negotiation-ssl] -server = 630-version-negotiation-server -client = 630-version-negotiation-client - -[630-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[630-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-630] -ExpectedResult = ServerFail - - -# =========================================================== - -[631-version-negotiation] -ssl_conf = 631-version-negotiation-ssl - -[631-version-negotiation-ssl] -server = 631-version-negotiation-server -client = 631-version-negotiation-client - -[631-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[631-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-631] -ExpectedResult = ServerFail - - -# =========================================================== - -[632-version-negotiation] -ssl_conf = 632-version-negotiation-ssl - -[632-version-negotiation-ssl] -server = 632-version-negotiation-server -client = 632-version-negotiation-client - -[632-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[632-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-632] -ExpectedResult = ServerFail - - -# =========================================================== - -[633-version-negotiation] -ssl_conf = 633-version-negotiation-ssl - -[633-version-negotiation-ssl] -server = 633-version-negotiation-server -client = 633-version-negotiation-client - -[633-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[633-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-633] -ExpectedResult = ServerFail - - -# =========================================================== - -[634-version-negotiation] -ssl_conf = 634-version-negotiation-ssl - -[634-version-negotiation-ssl] -server = 634-version-negotiation-server -client = 634-version-negotiation-client - -[634-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[634-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-634] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[635-version-negotiation] -ssl_conf = 635-version-negotiation-ssl - -[635-version-negotiation-ssl] -server = 635-version-negotiation-server -client = 635-version-negotiation-client - -[635-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[635-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-635] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[636-version-negotiation] -ssl_conf = 636-version-negotiation-ssl - -[636-version-negotiation-ssl] -server = 636-version-negotiation-server -client = 636-version-negotiation-client - -[636-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[636-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-636] -ExpectedResult = ServerFail - - -# =========================================================== - -[637-version-negotiation] -ssl_conf = 637-version-negotiation-ssl - -[637-version-negotiation-ssl] -server = 637-version-negotiation-server -client = 637-version-negotiation-client - -[637-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[637-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-637] -ExpectedResult = ServerFail - - -# =========================================================== - -[638-version-negotiation] -ssl_conf = 638-version-negotiation-ssl - -[638-version-negotiation-ssl] -server = 638-version-negotiation-server -client = 638-version-negotiation-client - -[638-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[638-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-638] -ExpectedResult = ServerFail - - -# =========================================================== - -[639-version-negotiation] -ssl_conf = 639-version-negotiation-ssl - -[639-version-negotiation-ssl] -server = 639-version-negotiation-server -client = 639-version-negotiation-client - -[639-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[639-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-639] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[640-version-negotiation] -ssl_conf = 640-version-negotiation-ssl - -[640-version-negotiation-ssl] -server = 640-version-negotiation-server -client = 640-version-negotiation-client - -[640-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[640-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-640] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[641-version-negotiation] -ssl_conf = 641-version-negotiation-ssl - -[641-version-negotiation-ssl] -server = 641-version-negotiation-server -client = 641-version-negotiation-client - -[641-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[641-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-641] -ExpectedResult = ServerFail - - -# =========================================================== - -[642-version-negotiation] -ssl_conf = 642-version-negotiation-ssl - -[642-version-negotiation-ssl] -server = 642-version-negotiation-server -client = 642-version-negotiation-client - -[642-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[642-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-642] -ExpectedResult = ServerFail - - -# =========================================================== - -[643-version-negotiation] -ssl_conf = 643-version-negotiation-ssl - -[643-version-negotiation-ssl] -server = 643-version-negotiation-server -client = 643-version-negotiation-client - -[643-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[643-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-643] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[644-version-negotiation] -ssl_conf = 644-version-negotiation-ssl - -[644-version-negotiation-ssl] -server = 644-version-negotiation-server -client = 644-version-negotiation-client - -[644-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[644-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-644] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[645-version-negotiation] -ssl_conf = 645-version-negotiation-ssl - -[645-version-negotiation-ssl] -server = 645-version-negotiation-server -client = 645-version-negotiation-client - -[645-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[645-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-645] -ExpectedResult = ServerFail - - -# =========================================================== - -[646-version-negotiation] -ssl_conf = 646-version-negotiation-ssl - -[646-version-negotiation-ssl] -server = 646-version-negotiation-server -client = 646-version-negotiation-client - -[646-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[646-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-646] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[647-version-negotiation] -ssl_conf = 647-version-negotiation-ssl - -[647-version-negotiation-ssl] -server = 647-version-negotiation-server -client = 647-version-negotiation-client - -[647-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[647-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-647] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[648-version-negotiation] -ssl_conf = 648-version-negotiation-ssl - -[648-version-negotiation-ssl] -server = 648-version-negotiation-server -client = 648-version-negotiation-client - -[648-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[648-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-648] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[649-version-negotiation] -ssl_conf = 649-version-negotiation-ssl - -[649-version-negotiation-ssl] -server = 649-version-negotiation-server -client = 649-version-negotiation-client - -[649-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[649-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-649] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[650-version-negotiation] -ssl_conf = 650-version-negotiation-ssl - -[650-version-negotiation-ssl] -server = 650-version-negotiation-server -client = 650-version-negotiation-client - -[650-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[650-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-650] -ExpectedResult = ServerFail - - -# =========================================================== - -[651-version-negotiation] -ssl_conf = 651-version-negotiation-ssl - -[651-version-negotiation-ssl] -server = 651-version-negotiation-server -client = 651-version-negotiation-client - -[651-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[651-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-651] -ExpectedResult = ServerFail - - -# =========================================================== - -[652-version-negotiation] -ssl_conf = 652-version-negotiation-ssl - -[652-version-negotiation-ssl] -server = 652-version-negotiation-server -client = 652-version-negotiation-client - -[652-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[652-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-652] -ExpectedResult = ServerFail - - -# =========================================================== - -[653-version-negotiation] -ssl_conf = 653-version-negotiation-ssl - -[653-version-negotiation-ssl] -server = 653-version-negotiation-server -client = 653-version-negotiation-client - -[653-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[653-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-653] -ExpectedResult = ServerFail - - -# =========================================================== - -[654-version-negotiation] -ssl_conf = 654-version-negotiation-ssl - -[654-version-negotiation-ssl] -server = 654-version-negotiation-server -client = 654-version-negotiation-client - -[654-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[654-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-654] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[655-version-negotiation] -ssl_conf = 655-version-negotiation-ssl - -[655-version-negotiation-ssl] -server = 655-version-negotiation-server -client = 655-version-negotiation-client - -[655-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[655-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-655] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[656-version-negotiation] -ssl_conf = 656-version-negotiation-ssl - -[656-version-negotiation-ssl] -server = 656-version-negotiation-server -client = 656-version-negotiation-client - -[656-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = SSLv3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[656-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-656] -ExpectedResult = ServerFail - - -# =========================================================== - -[657-version-negotiation] -ssl_conf = 657-version-negotiation-ssl - -[657-version-negotiation-ssl] -server = 657-version-negotiation-server -client = 657-version-negotiation-client - -[657-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[657-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-657] -ExpectedResult = ServerFail - - -# =========================================================== - -[658-version-negotiation] -ssl_conf = 658-version-negotiation-ssl - -[658-version-negotiation-ssl] -server = 658-version-negotiation-server -client = 658-version-negotiation-client - -[658-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[658-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-658] -ExpectedResult = ServerFail - - -# =========================================================== - -[659-version-negotiation] -ssl_conf = 659-version-negotiation-ssl - -[659-version-negotiation-ssl] -server = 659-version-negotiation-server -client = 659-version-negotiation-client - -[659-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[659-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-659] -ExpectedResult = ServerFail - - -# =========================================================== - -[660-version-negotiation] -ssl_conf = 660-version-negotiation-ssl - -[660-version-negotiation-ssl] -server = 660-version-negotiation-server -client = 660-version-negotiation-client - -[660-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[660-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-660] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[661-version-negotiation] -ssl_conf = 661-version-negotiation-ssl - -[661-version-negotiation-ssl] -server = 661-version-negotiation-server -client = 661-version-negotiation-client - -[661-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = SSLv3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[661-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-661] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[662-version-negotiation] -ssl_conf = 662-version-negotiation-ssl - -[662-version-negotiation-ssl] -server = 662-version-negotiation-server -client = 662-version-negotiation-client - -[662-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[662-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-662] -ExpectedResult = ServerFail - - -# =========================================================== - -[663-version-negotiation] -ssl_conf = 663-version-negotiation-ssl - -[663-version-negotiation-ssl] -server = 663-version-negotiation-server -client = 663-version-negotiation-client - -[663-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[663-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-663] -ExpectedResult = ServerFail - - -# =========================================================== - -[664-version-negotiation] -ssl_conf = 664-version-negotiation-ssl - -[664-version-negotiation-ssl] -server = 664-version-negotiation-server -client = 664-version-negotiation-client - -[664-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[664-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-664] -ExpectedResult = ServerFail - - -# =========================================================== - -[665-version-negotiation] -ssl_conf = 665-version-negotiation-ssl - -[665-version-negotiation-ssl] -server = 665-version-negotiation-server -client = 665-version-negotiation-client - -[665-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[665-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-665] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[666-version-negotiation] -ssl_conf = 666-version-negotiation-ssl - -[666-version-negotiation-ssl] -server = 666-version-negotiation-server -client = 666-version-negotiation-client - -[666-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[666-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-666] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[667-version-negotiation] -ssl_conf = 667-version-negotiation-ssl - -[667-version-negotiation-ssl] -server = 667-version-negotiation-server -client = 667-version-negotiation-client - -[667-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.1 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[667-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-667] -ExpectedResult = ServerFail - - -# =========================================================== - -[668-version-negotiation] -ssl_conf = 668-version-negotiation-ssl - -[668-version-negotiation-ssl] -server = 668-version-negotiation-server -client = 668-version-negotiation-client - -[668-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[668-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-668] -ExpectedResult = ServerFail - - -# =========================================================== - -[669-version-negotiation] -ssl_conf = 669-version-negotiation-ssl - -[669-version-negotiation-ssl] -server = 669-version-negotiation-server -client = 669-version-negotiation-client - -[669-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[669-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-669] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[670-version-negotiation] -ssl_conf = 670-version-negotiation-ssl - -[670-version-negotiation-ssl] -server = 670-version-negotiation-server -client = 670-version-negotiation-client - -[670-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.1 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[670-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-670] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[671-version-negotiation] -ssl_conf = 671-version-negotiation-ssl - -[671-version-negotiation-ssl] -server = 671-version-negotiation-server -client = 671-version-negotiation-client - -[671-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.2 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[671-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-671] -ExpectedResult = ServerFail - - -# =========================================================== - -[672-version-negotiation] -ssl_conf = 672-version-negotiation-ssl - -[672-version-negotiation-ssl] -server = 672-version-negotiation-server -client = 672-version-negotiation-client - -[672-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[672-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-672] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[673-version-negotiation] -ssl_conf = 673-version-negotiation-ssl - -[673-version-negotiation-ssl] -server = 673-version-negotiation-server -client = 673-version-negotiation-client - -[673-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[673-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-673] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[674-version-negotiation] -ssl_conf = 674-version-negotiation-ssl - -[674-version-negotiation-ssl] -server = 674-version-negotiation-server -client = 674-version-negotiation-client - -[674-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MaxProtocol = TLSv1.3 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[674-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-674] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[675-version-negotiation] -ssl_conf = 675-version-negotiation-ssl - -[675-version-negotiation-ssl] -server = 675-version-negotiation-server -client = 675-version-negotiation-client - -[675-version-negotiation-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[675-version-negotiation-client] -CipherString = DEFAULT:@SECLEVEL=0 -MinProtocol = TLSv1.3 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-675] -ExpectedProtocol = TLSv1.3 -ExpectedResult = Success - - -# =========================================================== - -[676-ciphersuite-sanity-check-client] -ssl_conf = 676-ciphersuite-sanity-check-client-ssl - -[676-ciphersuite-sanity-check-client-ssl] -server = 676-ciphersuite-sanity-check-client-server -client = 676-ciphersuite-sanity-check-client-client - -[676-ciphersuite-sanity-check-client-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT -MaxProtocol = TLSv1.2 -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[676-ciphersuite-sanity-check-client-client] -CipherString = AES128-SHA -Ciphersuites = -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-676] -ExpectedResult = ClientFail - - -# =========================================================== - -[677-ciphersuite-sanity-check-server] -ssl_conf = 677-ciphersuite-sanity-check-server-ssl - -[677-ciphersuite-sanity-check-server-ssl] -server = 677-ciphersuite-sanity-check-server-server -client = 677-ciphersuite-sanity-check-server-client - -[677-ciphersuite-sanity-check-server-server] -Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = AES128-SHA -Ciphersuites = -PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem - -[677-ciphersuite-sanity-check-server-client] -CipherString = AES128-SHA -MaxProtocol = TLSv1.2 -VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem -VerifyMode = Peer - -[test-677] +[test-362] ExpectedResult = ServerFail diff --git a/test/ssl-tests/04-client_auth.cnf.in b/test/ssl-tests/04-client_auth.cnf.in index ba170bbfb81..9337b91b8a4 100644 --- a/test/ssl-tests/04-client_auth.cnf.in +++ b/test/ssl-tests/04-client_auth.cnf.in @@ -21,8 +21,8 @@ if ($fips_mode) { @protocols = (undef, "TLSv1.2", "DTLSv1.2"); push @is_disabled, anydisabled("tls1_2", "dtls1_2"); } else { - @protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1", "DTLSv1.2"); - push @is_disabled, anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "dtls1", "dtls1_2"); + @protocols = (undef, "TLSv1", "TLSv1.1", "TLSv1.2", "DTLSv1", "DTLSv1.2"); + push @is_disabled, anydisabled("tls1", "tls1_1", "tls1_2", "dtls1", "dtls1_2"); } our @tests = (); @@ -47,11 +47,7 @@ sub generate_tests() { my $method; my $sctpenabled = 0; if (!$is_disabled[$_]) { - if ($protocol_name eq "SSLv3") { - $caalert = "BadCertificate"; - } else { - $caalert = "UnknownCA"; - } + $caalert = "UnknownCA"; if ($protocol_name =~ m/^DTLS/) { $method = "DTLS"; $sctpenabled = 1 if !disabled("sctp"); diff --git a/test/ssl-tests/protocol_version.pm b/test/ssl-tests/protocol_version.pm index 4e4ce365d6e..4a5522fc4c3 100644 --- a/test/ssl-tests/protocol_version.pm +++ b/test/ssl-tests/protocol_version.pm @@ -20,15 +20,15 @@ use OpenSSL::Test; use OpenSSL::Test::Utils qw/anydisabled alldisabled disabled/; setup("no_test_here"); -my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"); +my @tls_protocols = ("TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"); my @tls_protocols_fips = ("TLSv1.2", "TLSv1.3"); # undef stands for "no limit". -my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"); +my @min_tls_protocols = (undef, "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"); my @min_tls_protocols_fips = (undef, "TLSv1.2", "TLSv1.3"); -my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", undef); +my @max_tls_protocols = ("TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", undef); my @max_tls_protocols_fips = ("TLSv1.2", "TLSv1.3", undef); -my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3"); +my @is_tls_disabled = anydisabled("tls1", "tls1_1", "tls1_2", "tls1_3"); my @is_tls_disabled_fips = anydisabled("tls1_2", "tls1_3"); my $min_tls_enabled; my $max_tls_enabled; @@ -107,7 +107,7 @@ sub no_tests { return disabled("dtls1_2"); } return $dtls ? alldisabled("dtls1", "dtls1_2") : - alldisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3"); + alldisabled("tls1", "tls1_1", "tls1_2", "tls1_3"); } sub generate_version_tests { diff --git a/test/ssl_ctx_test.c b/test/ssl_ctx_test.c index dd075acd9bd..796472f0cbd 100644 --- a/test/ssl_ctx_test.c +++ b/test/ssl_ctx_test.c @@ -33,13 +33,12 @@ typedef struct { static const version_test version_testdata[] = { /* proto min max ok expected min expected max */ { PROTO_TLS, 0, 0, 1, 1, 0, 0 }, - { PROTO_TLS, SSL3_VERSION, TLS1_3_VERSION, 1, 1, SSL3_VERSION, TLS1_3_VERSION }, { PROTO_TLS, TLS1_VERSION, TLS1_3_VERSION, 1, 1, TLS1_VERSION, TLS1_3_VERSION }, { PROTO_TLS, TLS1_VERSION, TLS1_2_VERSION, 1, 1, TLS1_VERSION, TLS1_2_VERSION }, { PROTO_TLS, TLS1_2_VERSION, TLS1_2_VERSION, 1, 1, TLS1_2_VERSION, TLS1_2_VERSION }, { PROTO_TLS, TLS1_2_VERSION, TLS1_1_VERSION, 1, 1, TLS1_2_VERSION, TLS1_1_VERSION }, - { PROTO_TLS, SSL3_VERSION - 1, TLS1_3_VERSION, 0, 1, 0, TLS1_3_VERSION }, - { PROTO_TLS, SSL3_VERSION, TLS1_3_VERSION + 1, 1, 0, SSL3_VERSION, 0 }, + { PROTO_TLS, SSL3_VERSION, TLS1_3_VERSION, 0, 1, 0, TLS1_3_VERSION }, + { PROTO_TLS, TLS1_VERSION, TLS1_3_VERSION + 1, 1, 0, TLS1_VERSION, 0 }, #ifndef OPENSSL_NO_DTLS { PROTO_TLS, DTLS1_VERSION, DTLS1_2_VERSION, 1, 1, 0, 0 }, #endif diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c index 909a33e6ed3..ea3c204026f 100644 --- a/test/ssl_old_test.c +++ b/test/ssl_old_test.c @@ -655,9 +655,6 @@ static void sv_usage(void) #ifndef OPENSSL_NO_PSK fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n"); #endif -#ifndef OPENSSL_NO_SSL3 - fprintf(stderr, " -ssl3 - use SSLv3\n"); -#endif #ifndef OPENSSL_NO_TLS1 fprintf(stderr, " -tls1 - use TLSv1\n"); #endif @@ -814,7 +811,6 @@ static int protocol_from_string(const char *value) int version; }; static const struct protocol_versions versions[] = { - { "ssl3", SSL3_VERSION }, { "tls1", TLS1_VERSION }, { "tls1.1", TLS1_1_VERSION }, { "tls1.2", TLS1_2_VERSION }, @@ -898,7 +894,7 @@ int main(int argc, char *argv[]) BIO_IPV6 } bio_type = BIO_MEM; int force = 0; - int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_1 = 0, tls1_2 = 0, ssl3 = 0; + int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_1 = 0, tls1_2 = 0; int ret = EXIT_FAILURE; int client_auth = 0; int server_auth = 0, i; @@ -1028,8 +1024,6 @@ int main(int argc, char *argv[]) tls1_1 = 1; } else if (strcmp(*argv, "-tls1") == 0) { tls1 = 1; - } else if (strcmp(*argv, "-ssl3") == 0) { - ssl3 = 1; } else if (strcmp(*argv, "-dtls1") == 0) { dtls1 = 1; } else if (strcmp(*argv, "-dtls12") == 0) { @@ -1246,19 +1240,14 @@ int main(int argc, char *argv[]) goto end; } - if (ssl3 + tls1 + tls1_1 + tls1_2 + dtls + dtls1 + dtls12 > 1) { - fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1 or -dtls12 should " + if (tls1 + tls1_1 + tls1_2 + dtls + dtls1 + dtls12 > 1) { + fprintf(stderr, "At most one of -tls1, -tls1_1, -tls1_2, -dtls, -dtls1 or -dtls12 should " "be requested.\n"); goto end; } -#ifdef OPENSSL_NO_SSL3 - if (ssl3) - no_protocol = 1; - else -#endif #ifdef OPENSSL_NO_TLS1 - if (tls1) + if (tls1) no_protocol = 1; else #endif @@ -1296,11 +1285,11 @@ int main(int argc, char *argv[]) goto end; } - if (!ssl3 && !tls1 && !tls1_1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1 + if (!tls1 && !tls1_1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) { fprintf(stderr, "This case cannot work. Use -f to perform " "the test anyway (and\n-d to see what happens), " - "or add one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" + "or add one of -tls1, -tls1_1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n" "to avoid protocol mismatch.\n"); goto end; } @@ -1344,10 +1333,7 @@ int main(int argc, char *argv[]) #ifndef OPENSSL_NO_TLS meth = TLS_method(); - if (ssl3) { - min_version = SSL3_VERSION; - max_version = SSL3_VERSION; - } else if (tls1) { + if (tls1) { min_version = TLS1_VERSION; max_version = TLS1_VERSION; } else if (tls1_1) { diff --git a/test/sslapitest.c b/test/sslapitest.c index d7d1ebc602f..a758ae263ad 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1606,12 +1606,7 @@ static int test_large_app_data(int tst) #endif case 4: -#ifndef OPENSSL_NO_SSL3 - prot = SSL3_VERSION; - break; -#else return TEST_skip("SSL 3 not supported"); -#endif case 5: #ifndef OPENSSL_NO_DTLS1_2 @@ -12050,9 +12045,6 @@ static int check_version_string(SSL *s, int version) const char *verstr = NULL; switch (version) { - case SSL3_VERSION: - verstr = "SSLv3"; - break; case TLS1_VERSION: verstr = "TLSv1"; break; @@ -12090,11 +12082,6 @@ static int test_version(int idx) const SSL_METHOD *clientmeth = TLS_client_method(); switch (idx) { -#if !defined(OPENSSL_NO_SSL3) - case 0: - version = SSL3_VERSION; - break; -#endif #if !defined(OPENSSL_NO_TLS1) case 1: version = TLS1_VERSION; @@ -12131,8 +12118,7 @@ static int test_version(int idx) } if (is_fips - && (version == SSL3_VERSION - || version == TLS1_VERSION + && (version == TLS1_VERSION || version == DTLS1_VERSION)) { TEST_skip("Protocol version not supported with FIPS"); return 1;