Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
28-seclevel.conf 2.8 KB
Newer Older
T
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.  
Tomas Mraz 已提交
1 2 3 4 5 6 
# Generated with generate_ssl_tests.pl

num_tests = 4

test-0 = 0-SECLEVEL 3 with default key
test-1 = 1-SECLEVEL 3 with ED448 key
M
Fix no-ec and no-tls1_2  
Matt Caswell 已提交
7 8 
test-2 = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE
test-3 = 3-SECLEVEL 3 with ED448 key, TLSv1.2
T
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.  
Tomas Mraz 已提交
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 
# ===========================================================

[0-SECLEVEL 3 with default key]
ssl_conf = 0-SECLEVEL 3 with default key-ssl

[0-SECLEVEL 3 with default key-ssl]
server = 0-SECLEVEL 3 with default key-server
client = 0-SECLEVEL 3 with default key-client

[0-SECLEVEL 3 with default key-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT:@SECLEVEL=3
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[0-SECLEVEL 3 with default key-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer

[test-0]
ExpectedResult = ServerFail


# ===========================================================

[1-SECLEVEL 3 with ED448 key]
ssl_conf = 1-SECLEVEL 3 with ED448 key-ssl

[1-SECLEVEL 3 with ED448 key-ssl]
server = 1-SECLEVEL 3 with ED448 key-server
client = 1-SECLEVEL 3 with ED448 key-client

[1-SECLEVEL 3 with ED448 key-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
CipherString = DEFAULT:@SECLEVEL=3
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem

[1-SECLEVEL 3 with ED448 key-client]
CipherString = DEFAULT
K
Generate new Ed488 certificates  
Kurt Roeckx 已提交
48 
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
T
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.  
Tomas Mraz 已提交
49 50 51 52 53 54 55 56 
VerifyMode = Peer

[test-1]
ExpectedResult = Success


# ===========================================================
M
Fix no-ec and no-tls1_2  
Matt Caswell 已提交
57 58 
[2-SECLEVEL 3 with P-384 key, X25519 ECDHE]
ssl_conf = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl
T
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.  
Tomas Mraz 已提交
59
M
Fix no-ec and no-tls1_2  
Matt Caswell 已提交
60 61 62 
[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl]
server = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-server
client = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-client
T
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.  
Tomas Mraz 已提交
63
M
Fix no-ec and no-tls1_2  
Matt Caswell 已提交
64 65 
[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-server]
Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
T
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.  
Tomas Mraz 已提交
66 
CipherString = DEFAULT:@SECLEVEL=3
M
Fix no-ec and no-tls1_2  
Matt Caswell 已提交
67 68 
Groups = X25519
PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
T
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.  
Tomas Mraz 已提交
69
M
Fix no-ec and no-tls1_2  
Matt Caswell 已提交
70 71 72 
[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-client]
CipherString = ECDHE:@SECLEVEL=3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
T
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.  
Tomas Mraz 已提交
73 74 75 76 77 78 79 80 
VerifyMode = Peer

[test-2]
ExpectedResult = Success


# ===========================================================
M
Fix no-ec and no-tls1_2  
Matt Caswell 已提交
81 82 
[3-SECLEVEL 3 with ED448 key, TLSv1.2]
ssl_conf = 3-SECLEVEL 3 with ED448 key, TLSv1.2-ssl
T
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.  
Tomas Mraz 已提交
83
M
Fix no-ec and no-tls1_2  
Matt Caswell 已提交
84 85 86 
[3-SECLEVEL 3 with ED448 key, TLSv1.2-ssl]
server = 3-SECLEVEL 3 with ED448 key, TLSv1.2-server
client = 3-SECLEVEL 3 with ED448 key, TLSv1.2-client
T
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.  
Tomas Mraz 已提交
87
M
Fix no-ec and no-tls1_2  
Matt Caswell 已提交
88 89 
[3-SECLEVEL 3 with ED448 key, TLSv1.2-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
T
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.  
Tomas Mraz 已提交
90 
CipherString = DEFAULT:@SECLEVEL=3
M
Fix no-ec and no-tls1_2  
Matt Caswell 已提交
91 92 
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
T
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.  
Tomas Mraz 已提交
93
M
Fix no-ec and no-tls1_2  
Matt Caswell 已提交
94 95 
[3-SECLEVEL 3 with ED448 key, TLSv1.2-client]
CipherString = DEFAULT
K
Generate new Ed488 certificates  
Kurt Roeckx 已提交
96 
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
T
Unbreak SECLEVEL 3 regression causing it to not accept any ciphers.  
Tomas Mraz 已提交
97 98 99 100 101 102 
VerifyMode = Peer

[test-3]
ExpectedResult = Success