From 3f76339a3fe7be412b754ffe7b0a5438a1297f28 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 30 Sep 2022 13:35:28 +0100 Subject: [PATCH] Add some more brainpool tests for TLSv1.3 Reviewed-by: Tomas Mraz Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/19315) --- test/helpers/ssl_test_ctx.c | 11 + test/ssl-tests/14-curves.cnf | 1076 ++++++++++++++++++------------- test/ssl-tests/14-curves.cnf.in | 30 + 3 files changed, 666 insertions(+), 451 deletions(-) diff --git a/test/helpers/ssl_test_ctx.c b/test/helpers/ssl_test_ctx.c index 2ce70405d7..69baa0b49f 100644 --- a/test/helpers/ssl_test_ctx.c +++ b/test/helpers/ssl_test_ctx.c @@ -533,6 +533,17 @@ __owur static int parse_expected_key_type(int *ptype, const char *value) if (nid == NID_undef) nid = EC_curve_nist2nid(value); #endif + switch (nid) { + case NID_brainpoolP256r1tls13: + nid = NID_brainpoolP256r1; + break; + case NID_brainpoolP384r1tls13: + nid = NID_brainpoolP384r1; + break; + case NID_brainpoolP512r1tls13: + nid = NID_brainpoolP512r1; + break; + } if (nid == NID_undef) return 0; *ptype = nid; diff --git a/test/ssl-tests/14-curves.cnf b/test/ssl-tests/14-curves.cnf index 7f4534c29d..fae96d9ac7 100644 --- a/test/ssl-tests/14-curves.cnf +++ b/test/ssl-tests/14-curves.cnf @@ -1,62 +1,68 @@ # Generated with generate_ssl_tests.pl -num_tests = 55 +num_tests = 61 test-0 = 0-curve-prime256v1 test-1 = 1-curve-secp384r1 test-2 = 2-curve-secp521r1 test-3 = 3-curve-X25519 test-4 = 4-curve-X448 -test-5 = 5-curve-sect233k1 -test-6 = 6-curve-sect233r1 -test-7 = 7-curve-sect283k1 -test-8 = 8-curve-sect283r1 -test-9 = 9-curve-sect409k1 -test-10 = 10-curve-sect409r1 -test-11 = 11-curve-sect571k1 -test-12 = 12-curve-sect571r1 -test-13 = 13-curve-secp224r1 -test-14 = 14-curve-sect163k1 -test-15 = 15-curve-sect163r2 -test-16 = 16-curve-prime192v1 -test-17 = 17-curve-sect163r1 -test-18 = 18-curve-sect193r1 -test-19 = 19-curve-sect193r2 -test-20 = 20-curve-sect239k1 -test-21 = 21-curve-secp160k1 -test-22 = 22-curve-secp160r1 -test-23 = 23-curve-secp160r2 -test-24 = 24-curve-secp192k1 -test-25 = 25-curve-secp224k1 -test-26 = 26-curve-secp256k1 -test-27 = 27-curve-brainpoolP256r1 -test-28 = 28-curve-brainpoolP384r1 -test-29 = 29-curve-brainpoolP512r1 -test-30 = 30-curve-sect233k1-tls13 -test-31 = 31-curve-sect233r1-tls13 -test-32 = 32-curve-sect283k1-tls13 -test-33 = 33-curve-sect283r1-tls13 -test-34 = 34-curve-sect409k1-tls13 -test-35 = 35-curve-sect409r1-tls13 -test-36 = 36-curve-sect571k1-tls13 -test-37 = 37-curve-sect571r1-tls13 -test-38 = 38-curve-secp224r1-tls13 -test-39 = 39-curve-sect163k1-tls13 -test-40 = 40-curve-sect163r2-tls13 -test-41 = 41-curve-prime192v1-tls13 -test-42 = 42-curve-sect163r1-tls13 -test-43 = 43-curve-sect193r1-tls13 -test-44 = 44-curve-sect193r2-tls13 -test-45 = 45-curve-sect239k1-tls13 -test-46 = 46-curve-secp160k1-tls13 -test-47 = 47-curve-secp160r1-tls13 -test-48 = 48-curve-secp160r2-tls13 -test-49 = 49-curve-secp192k1-tls13 -test-50 = 50-curve-secp224k1-tls13 -test-51 = 51-curve-secp256k1-tls13 -test-52 = 52-curve-brainpoolP256r1-tls13 -test-53 = 53-curve-brainpoolP384r1-tls13 -test-54 = 54-curve-brainpoolP512r1-tls13 +test-5 = 5-curve-brainpoolP256r1tls13 +test-6 = 6-curve-brainpoolP384r1tls13 +test-7 = 7-curve-brainpoolP512r1tls13 +test-8 = 8-curve-sect233k1 +test-9 = 9-curve-sect233r1 +test-10 = 10-curve-sect283k1 +test-11 = 11-curve-sect283r1 +test-12 = 12-curve-sect409k1 +test-13 = 13-curve-sect409r1 +test-14 = 14-curve-sect571k1 +test-15 = 15-curve-sect571r1 +test-16 = 16-curve-secp224r1 +test-17 = 17-curve-sect163k1 +test-18 = 18-curve-sect163r2 +test-19 = 19-curve-prime192v1 +test-20 = 20-curve-sect163r1 +test-21 = 21-curve-sect193r1 +test-22 = 22-curve-sect193r2 +test-23 = 23-curve-sect239k1 +test-24 = 24-curve-secp160k1 +test-25 = 25-curve-secp160r1 +test-26 = 26-curve-secp160r2 +test-27 = 27-curve-secp192k1 +test-28 = 28-curve-secp224k1 +test-29 = 29-curve-secp256k1 +test-30 = 30-curve-brainpoolP256r1 +test-31 = 31-curve-brainpoolP384r1 +test-32 = 32-curve-brainpoolP512r1 +test-33 = 33-curve-sect233k1-tls13 +test-34 = 34-curve-sect233r1-tls13 +test-35 = 35-curve-sect283k1-tls13 +test-36 = 36-curve-sect283r1-tls13 +test-37 = 37-curve-sect409k1-tls13 +test-38 = 38-curve-sect409r1-tls13 +test-39 = 39-curve-sect571k1-tls13 +test-40 = 40-curve-sect571r1-tls13 +test-41 = 41-curve-secp224r1-tls13 +test-42 = 42-curve-sect163k1-tls13 +test-43 = 43-curve-sect163r2-tls13 +test-44 = 44-curve-prime192v1-tls13 +test-45 = 45-curve-sect163r1-tls13 +test-46 = 46-curve-sect193r1-tls13 +test-47 = 47-curve-sect193r2-tls13 +test-48 = 48-curve-sect239k1-tls13 +test-49 = 49-curve-secp160k1-tls13 +test-50 = 50-curve-secp160r1-tls13 +test-51 = 51-curve-secp160r2-tls13 +test-52 = 52-curve-secp192k1-tls13 +test-53 = 53-curve-secp224k1-tls13 +test-54 = 54-curve-secp256k1-tls13 +test-55 = 55-curve-brainpoolP256r1-tls13 +test-56 = 56-curve-brainpoolP384r1-tls13 +test-57 = 57-curve-brainpoolP512r1-tls13 +test-58 = 58-curve-brainpoolP256r1tls13-tls13-in-tls12 +test-59 = 59-curve-brainpoolP384r1tls13-tls13-in-tls12 +test-60 = 60-curve-brainpoolP512r1tls13-tls13-in-tls12 # =========================================================== [0-curve-prime256v1] @@ -204,28 +210,115 @@ ExpectedTmpKeyType = X448 # =========================================================== -[5-curve-sect233k1] -ssl_conf = 5-curve-sect233k1-ssl +[5-curve-brainpoolP256r1tls13] +ssl_conf = 5-curve-brainpoolP256r1tls13-ssl -[5-curve-sect233k1-ssl] -server = 5-curve-sect233k1-server -client = 5-curve-sect233k1-client +[5-curve-brainpoolP256r1tls13-ssl] +server = 5-curve-brainpoolP256r1tls13-server +client = 5-curve-brainpoolP256r1tls13-client -[5-curve-sect233k1-server] +[5-curve-brainpoolP256r1tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP256r1tls13 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[5-curve-brainpoolP256r1tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP256r1tls13 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-5] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP256r1tls13 + + +# =========================================================== + +[6-curve-brainpoolP384r1tls13] +ssl_conf = 6-curve-brainpoolP384r1tls13-ssl + +[6-curve-brainpoolP384r1tls13-ssl] +server = 6-curve-brainpoolP384r1tls13-server +client = 6-curve-brainpoolP384r1tls13-client + +[6-curve-brainpoolP384r1tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP384r1tls13 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[6-curve-brainpoolP384r1tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP384r1tls13 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-6] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP384r1tls13 + + +# =========================================================== + +[7-curve-brainpoolP512r1tls13] +ssl_conf = 7-curve-brainpoolP512r1tls13-ssl + +[7-curve-brainpoolP512r1tls13-ssl] +server = 7-curve-brainpoolP512r1tls13-server +client = 7-curve-brainpoolP512r1tls13-client + +[7-curve-brainpoolP512r1tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP512r1tls13 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[7-curve-brainpoolP512r1tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP512r1tls13 +MaxProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-7] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = brainpoolP512r1tls13 + + +# =========================================================== + +[8-curve-sect233k1] +ssl_conf = 8-curve-sect233k1-ssl + +[8-curve-sect233k1-ssl] +server = 8-curve-sect233k1-server +client = 8-curve-sect233k1-client + +[8-curve-sect233k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect233k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[5-curve-sect233k1-client] +[8-curve-sect233k1-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect233k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-5] +[test-8] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect233k1 @@ -233,28 +326,28 @@ ExpectedTmpKeyType = sect233k1 # =========================================================== -[6-curve-sect233r1] -ssl_conf = 6-curve-sect233r1-ssl +[9-curve-sect233r1] +ssl_conf = 9-curve-sect233r1-ssl -[6-curve-sect233r1-ssl] -server = 6-curve-sect233r1-server -client = 6-curve-sect233r1-client +[9-curve-sect233r1-ssl] +server = 9-curve-sect233r1-server +client = 9-curve-sect233r1-client -[6-curve-sect233r1-server] +[9-curve-sect233r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect233r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[6-curve-sect233r1-client] +[9-curve-sect233r1-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect233r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-6] +[test-9] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect233r1 @@ -262,28 +355,28 @@ ExpectedTmpKeyType = sect233r1 # =========================================================== -[7-curve-sect283k1] -ssl_conf = 7-curve-sect283k1-ssl +[10-curve-sect283k1] +ssl_conf = 10-curve-sect283k1-ssl -[7-curve-sect283k1-ssl] -server = 7-curve-sect283k1-server -client = 7-curve-sect283k1-client +[10-curve-sect283k1-ssl] +server = 10-curve-sect283k1-server +client = 10-curve-sect283k1-client -[7-curve-sect283k1-server] +[10-curve-sect283k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect283k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[7-curve-sect283k1-client] +[10-curve-sect283k1-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect283k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-7] +[test-10] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect283k1 @@ -291,28 +384,28 @@ ExpectedTmpKeyType = sect283k1 # =========================================================== -[8-curve-sect283r1] -ssl_conf = 8-curve-sect283r1-ssl +[11-curve-sect283r1] +ssl_conf = 11-curve-sect283r1-ssl -[8-curve-sect283r1-ssl] -server = 8-curve-sect283r1-server -client = 8-curve-sect283r1-client +[11-curve-sect283r1-ssl] +server = 11-curve-sect283r1-server +client = 11-curve-sect283r1-client -[8-curve-sect283r1-server] +[11-curve-sect283r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect283r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[8-curve-sect283r1-client] +[11-curve-sect283r1-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect283r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-8] +[test-11] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect283r1 @@ -320,28 +413,28 @@ ExpectedTmpKeyType = sect283r1 # =========================================================== -[9-curve-sect409k1] -ssl_conf = 9-curve-sect409k1-ssl +[12-curve-sect409k1] +ssl_conf = 12-curve-sect409k1-ssl -[9-curve-sect409k1-ssl] -server = 9-curve-sect409k1-server -client = 9-curve-sect409k1-client +[12-curve-sect409k1-ssl] +server = 12-curve-sect409k1-server +client = 12-curve-sect409k1-client -[9-curve-sect409k1-server] +[12-curve-sect409k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect409k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[9-curve-sect409k1-client] +[12-curve-sect409k1-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect409k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-9] +[test-12] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect409k1 @@ -349,28 +442,28 @@ ExpectedTmpKeyType = sect409k1 # =========================================================== -[10-curve-sect409r1] -ssl_conf = 10-curve-sect409r1-ssl +[13-curve-sect409r1] +ssl_conf = 13-curve-sect409r1-ssl -[10-curve-sect409r1-ssl] -server = 10-curve-sect409r1-server -client = 10-curve-sect409r1-client +[13-curve-sect409r1-ssl] +server = 13-curve-sect409r1-server +client = 13-curve-sect409r1-client -[10-curve-sect409r1-server] +[13-curve-sect409r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect409r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[10-curve-sect409r1-client] +[13-curve-sect409r1-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect409r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-10] +[test-13] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect409r1 @@ -378,28 +471,28 @@ ExpectedTmpKeyType = sect409r1 # =========================================================== -[11-curve-sect571k1] -ssl_conf = 11-curve-sect571k1-ssl +[14-curve-sect571k1] +ssl_conf = 14-curve-sect571k1-ssl -[11-curve-sect571k1-ssl] -server = 11-curve-sect571k1-server -client = 11-curve-sect571k1-client +[14-curve-sect571k1-ssl] +server = 14-curve-sect571k1-server +client = 14-curve-sect571k1-client -[11-curve-sect571k1-server] +[14-curve-sect571k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect571k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[11-curve-sect571k1-client] +[14-curve-sect571k1-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect571k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-11] +[test-14] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect571k1 @@ -407,28 +500,28 @@ ExpectedTmpKeyType = sect571k1 # =========================================================== -[12-curve-sect571r1] -ssl_conf = 12-curve-sect571r1-ssl +[15-curve-sect571r1] +ssl_conf = 15-curve-sect571r1-ssl -[12-curve-sect571r1-ssl] -server = 12-curve-sect571r1-server -client = 12-curve-sect571r1-client +[15-curve-sect571r1-ssl] +server = 15-curve-sect571r1-server +client = 15-curve-sect571r1-client -[12-curve-sect571r1-server] +[15-curve-sect571r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect571r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[12-curve-sect571r1-client] +[15-curve-sect571r1-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect571r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-12] +[test-15] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect571r1 @@ -436,28 +529,28 @@ ExpectedTmpKeyType = sect571r1 # =========================================================== -[13-curve-secp224r1] -ssl_conf = 13-curve-secp224r1-ssl +[16-curve-secp224r1] +ssl_conf = 16-curve-secp224r1-ssl -[13-curve-secp224r1-ssl] -server = 13-curve-secp224r1-server -client = 13-curve-secp224r1-client +[16-curve-secp224r1-ssl] +server = 16-curve-secp224r1-server +client = 16-curve-secp224r1-client -[13-curve-secp224r1-server] +[16-curve-secp224r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp224r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[13-curve-secp224r1-client] +[16-curve-secp224r1-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp224r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-13] +[test-16] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp224r1 @@ -465,28 +558,28 @@ ExpectedTmpKeyType = secp224r1 # =========================================================== -[14-curve-sect163k1] -ssl_conf = 14-curve-sect163k1-ssl +[17-curve-sect163k1] +ssl_conf = 17-curve-sect163k1-ssl -[14-curve-sect163k1-ssl] -server = 14-curve-sect163k1-server -client = 14-curve-sect163k1-client +[17-curve-sect163k1-ssl] +server = 17-curve-sect163k1-server +client = 17-curve-sect163k1-client -[14-curve-sect163k1-server] +[17-curve-sect163k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect163k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[14-curve-sect163k1-client] +[17-curve-sect163k1-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect163k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-14] +[test-17] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect163k1 @@ -494,28 +587,28 @@ ExpectedTmpKeyType = sect163k1 # =========================================================== -[15-curve-sect163r2] -ssl_conf = 15-curve-sect163r2-ssl +[18-curve-sect163r2] +ssl_conf = 18-curve-sect163r2-ssl -[15-curve-sect163r2-ssl] -server = 15-curve-sect163r2-server -client = 15-curve-sect163r2-client +[18-curve-sect163r2-ssl] +server = 18-curve-sect163r2-server +client = 18-curve-sect163r2-client -[15-curve-sect163r2-server] +[18-curve-sect163r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[15-curve-sect163r2-client] +[18-curve-sect163r2-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect163r2 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-15] +[test-18] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect163r2 @@ -523,28 +616,28 @@ ExpectedTmpKeyType = sect163r2 # =========================================================== -[16-curve-prime192v1] -ssl_conf = 16-curve-prime192v1-ssl +[19-curve-prime192v1] +ssl_conf = 19-curve-prime192v1-ssl -[16-curve-prime192v1-ssl] -server = 16-curve-prime192v1-server -client = 16-curve-prime192v1-client +[19-curve-prime192v1-ssl] +server = 19-curve-prime192v1-server +client = 19-curve-prime192v1-client -[16-curve-prime192v1-server] +[19-curve-prime192v1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = prime192v1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[16-curve-prime192v1-client] +[19-curve-prime192v1-client] CipherString = ECDHE@SECLEVEL=1 Curves = prime192v1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-16] +[test-19] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = prime192v1 @@ -552,28 +645,28 @@ ExpectedTmpKeyType = prime192v1 # =========================================================== -[17-curve-sect163r1] -ssl_conf = 17-curve-sect163r1-ssl +[20-curve-sect163r1] +ssl_conf = 20-curve-sect163r1-ssl -[17-curve-sect163r1-ssl] -server = 17-curve-sect163r1-server -client = 17-curve-sect163r1-client +[20-curve-sect163r1-ssl] +server = 20-curve-sect163r1-server +client = 20-curve-sect163r1-client -[17-curve-sect163r1-server] +[20-curve-sect163r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[17-curve-sect163r1-client] +[20-curve-sect163r1-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect163r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-17] +[test-20] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect163r1 @@ -581,28 +674,28 @@ ExpectedTmpKeyType = sect163r1 # =========================================================== -[18-curve-sect193r1] -ssl_conf = 18-curve-sect193r1-ssl +[21-curve-sect193r1] +ssl_conf = 21-curve-sect193r1-ssl -[18-curve-sect193r1-ssl] -server = 18-curve-sect193r1-server -client = 18-curve-sect193r1-client +[21-curve-sect193r1-ssl] +server = 21-curve-sect193r1-server +client = 21-curve-sect193r1-client -[18-curve-sect193r1-server] +[21-curve-sect193r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[18-curve-sect193r1-client] +[21-curve-sect193r1-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect193r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-18] +[test-21] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect193r1 @@ -610,28 +703,28 @@ ExpectedTmpKeyType = sect193r1 # =========================================================== -[19-curve-sect193r2] -ssl_conf = 19-curve-sect193r2-ssl +[22-curve-sect193r2] +ssl_conf = 22-curve-sect193r2-ssl -[19-curve-sect193r2-ssl] -server = 19-curve-sect193r2-server -client = 19-curve-sect193r2-client +[22-curve-sect193r2-ssl] +server = 22-curve-sect193r2-server +client = 22-curve-sect193r2-client -[19-curve-sect193r2-server] +[22-curve-sect193r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[19-curve-sect193r2-client] +[22-curve-sect193r2-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect193r2 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-19] +[test-22] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect193r2 @@ -639,28 +732,28 @@ ExpectedTmpKeyType = sect193r2 # =========================================================== -[20-curve-sect239k1] -ssl_conf = 20-curve-sect239k1-ssl +[23-curve-sect239k1] +ssl_conf = 23-curve-sect239k1-ssl -[20-curve-sect239k1-ssl] -server = 20-curve-sect239k1-server -client = 20-curve-sect239k1-client +[23-curve-sect239k1-ssl] +server = 23-curve-sect239k1-server +client = 23-curve-sect239k1-client -[20-curve-sect239k1-server] +[23-curve-sect239k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect239k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[20-curve-sect239k1-client] +[23-curve-sect239k1-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect239k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-20] +[test-23] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = sect239k1 @@ -668,28 +761,28 @@ ExpectedTmpKeyType = sect239k1 # =========================================================== -[21-curve-secp160k1] -ssl_conf = 21-curve-secp160k1-ssl +[24-curve-secp160k1] +ssl_conf = 24-curve-secp160k1-ssl -[21-curve-secp160k1-ssl] -server = 21-curve-secp160k1-server -client = 21-curve-secp160k1-client +[24-curve-secp160k1-ssl] +server = 24-curve-secp160k1-server +client = 24-curve-secp160k1-client -[21-curve-secp160k1-server] +[24-curve-secp160k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp160k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[21-curve-secp160k1-client] +[24-curve-secp160k1-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp160k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-21] +[test-24] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp160k1 @@ -697,28 +790,28 @@ ExpectedTmpKeyType = secp160k1 # =========================================================== -[22-curve-secp160r1] -ssl_conf = 22-curve-secp160r1-ssl +[25-curve-secp160r1] +ssl_conf = 25-curve-secp160r1-ssl -[22-curve-secp160r1-ssl] -server = 22-curve-secp160r1-server -client = 22-curve-secp160r1-client +[25-curve-secp160r1-ssl] +server = 25-curve-secp160r1-server +client = 25-curve-secp160r1-client -[22-curve-secp160r1-server] +[25-curve-secp160r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[22-curve-secp160r1-client] +[25-curve-secp160r1-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp160r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-22] +[test-25] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp160r1 @@ -726,28 +819,28 @@ ExpectedTmpKeyType = secp160r1 # =========================================================== -[23-curve-secp160r2] -ssl_conf = 23-curve-secp160r2-ssl +[26-curve-secp160r2] +ssl_conf = 26-curve-secp160r2-ssl -[23-curve-secp160r2-ssl] -server = 23-curve-secp160r2-server -client = 23-curve-secp160r2-client +[26-curve-secp160r2-ssl] +server = 26-curve-secp160r2-server +client = 26-curve-secp160r2-client -[23-curve-secp160r2-server] +[26-curve-secp160r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[23-curve-secp160r2-client] +[26-curve-secp160r2-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp160r2 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-23] +[test-26] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp160r2 @@ -755,28 +848,28 @@ ExpectedTmpKeyType = secp160r2 # =========================================================== -[24-curve-secp192k1] -ssl_conf = 24-curve-secp192k1-ssl +[27-curve-secp192k1] +ssl_conf = 27-curve-secp192k1-ssl -[24-curve-secp192k1-ssl] -server = 24-curve-secp192k1-server -client = 24-curve-secp192k1-client +[27-curve-secp192k1-ssl] +server = 27-curve-secp192k1-server +client = 27-curve-secp192k1-client -[24-curve-secp192k1-server] +[27-curve-secp192k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp192k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[24-curve-secp192k1-client] +[27-curve-secp192k1-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp192k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-24] +[test-27] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp192k1 @@ -784,28 +877,28 @@ ExpectedTmpKeyType = secp192k1 # =========================================================== -[25-curve-secp224k1] -ssl_conf = 25-curve-secp224k1-ssl +[28-curve-secp224k1] +ssl_conf = 28-curve-secp224k1-ssl -[25-curve-secp224k1-ssl] -server = 25-curve-secp224k1-server -client = 25-curve-secp224k1-client +[28-curve-secp224k1-ssl] +server = 28-curve-secp224k1-server +client = 28-curve-secp224k1-client -[25-curve-secp224k1-server] +[28-curve-secp224k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp224k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[25-curve-secp224k1-client] +[28-curve-secp224k1-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp224k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-25] +[test-28] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp224k1 @@ -813,28 +906,28 @@ ExpectedTmpKeyType = secp224k1 # =========================================================== -[26-curve-secp256k1] -ssl_conf = 26-curve-secp256k1-ssl +[29-curve-secp256k1] +ssl_conf = 29-curve-secp256k1-ssl -[26-curve-secp256k1-ssl] -server = 26-curve-secp256k1-server -client = 26-curve-secp256k1-client +[29-curve-secp256k1-ssl] +server = 29-curve-secp256k1-server +client = 29-curve-secp256k1-client -[26-curve-secp256k1-server] +[29-curve-secp256k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp256k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[26-curve-secp256k1-client] +[29-curve-secp256k1-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp256k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-26] +[test-29] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = secp256k1 @@ -842,28 +935,28 @@ ExpectedTmpKeyType = secp256k1 # =========================================================== -[27-curve-brainpoolP256r1] -ssl_conf = 27-curve-brainpoolP256r1-ssl +[30-curve-brainpoolP256r1] +ssl_conf = 30-curve-brainpoolP256r1-ssl -[27-curve-brainpoolP256r1-ssl] -server = 27-curve-brainpoolP256r1-server -client = 27-curve-brainpoolP256r1-client +[30-curve-brainpoolP256r1-ssl] +server = 30-curve-brainpoolP256r1-server +client = 30-curve-brainpoolP256r1-client -[27-curve-brainpoolP256r1-server] +[30-curve-brainpoolP256r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP256r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[27-curve-brainpoolP256r1-client] +[30-curve-brainpoolP256r1-client] CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP256r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-27] +[test-30] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = brainpoolP256r1 @@ -871,28 +964,28 @@ ExpectedTmpKeyType = brainpoolP256r1 # =========================================================== -[28-curve-brainpoolP384r1] -ssl_conf = 28-curve-brainpoolP384r1-ssl +[31-curve-brainpoolP384r1] +ssl_conf = 31-curve-brainpoolP384r1-ssl -[28-curve-brainpoolP384r1-ssl] -server = 28-curve-brainpoolP384r1-server -client = 28-curve-brainpoolP384r1-client +[31-curve-brainpoolP384r1-ssl] +server = 31-curve-brainpoolP384r1-server +client = 31-curve-brainpoolP384r1-client -[28-curve-brainpoolP384r1-server] +[31-curve-brainpoolP384r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP384r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[28-curve-brainpoolP384r1-client] +[31-curve-brainpoolP384r1-client] CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP384r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-28] +[test-31] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = brainpoolP384r1 @@ -900,28 +993,28 @@ ExpectedTmpKeyType = brainpoolP384r1 # =========================================================== -[29-curve-brainpoolP512r1] -ssl_conf = 29-curve-brainpoolP512r1-ssl +[32-curve-brainpoolP512r1] +ssl_conf = 32-curve-brainpoolP512r1-ssl -[29-curve-brainpoolP512r1-ssl] -server = 29-curve-brainpoolP512r1-server -client = 29-curve-brainpoolP512r1-client +[32-curve-brainpoolP512r1-ssl] +server = 32-curve-brainpoolP512r1-server +client = 32-curve-brainpoolP512r1-client -[29-curve-brainpoolP512r1-server] +[32-curve-brainpoolP512r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP512r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[29-curve-brainpoolP512r1-client] +[32-curve-brainpoolP512r1-client] CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP512r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-29] +[test-32] ExpectedProtocol = TLSv1.2 ExpectedResult = Success ExpectedTmpKeyType = brainpoolP512r1 @@ -929,676 +1022,757 @@ ExpectedTmpKeyType = brainpoolP512r1 # =========================================================== -[30-curve-sect233k1-tls13] -ssl_conf = 30-curve-sect233k1-tls13-ssl +[33-curve-sect233k1-tls13] +ssl_conf = 33-curve-sect233k1-tls13-ssl -[30-curve-sect233k1-tls13-ssl] -server = 30-curve-sect233k1-tls13-server -client = 30-curve-sect233k1-tls13-client +[33-curve-sect233k1-tls13-ssl] +server = 33-curve-sect233k1-tls13-server +client = 33-curve-sect233k1-tls13-client -[30-curve-sect233k1-tls13-server] +[33-curve-sect233k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect233k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[30-curve-sect233k1-tls13-client] +[33-curve-sect233k1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect233k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-30] +[test-33] ExpectedResult = ClientFail # =========================================================== -[31-curve-sect233r1-tls13] -ssl_conf = 31-curve-sect233r1-tls13-ssl +[34-curve-sect233r1-tls13] +ssl_conf = 34-curve-sect233r1-tls13-ssl -[31-curve-sect233r1-tls13-ssl] -server = 31-curve-sect233r1-tls13-server -client = 31-curve-sect233r1-tls13-client +[34-curve-sect233r1-tls13-ssl] +server = 34-curve-sect233r1-tls13-server +client = 34-curve-sect233r1-tls13-client -[31-curve-sect233r1-tls13-server] +[34-curve-sect233r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect233r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[31-curve-sect233r1-tls13-client] +[34-curve-sect233r1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect233r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-31] +[test-34] ExpectedResult = ClientFail # =========================================================== -[32-curve-sect283k1-tls13] -ssl_conf = 32-curve-sect283k1-tls13-ssl +[35-curve-sect283k1-tls13] +ssl_conf = 35-curve-sect283k1-tls13-ssl -[32-curve-sect283k1-tls13-ssl] -server = 32-curve-sect283k1-tls13-server -client = 32-curve-sect283k1-tls13-client +[35-curve-sect283k1-tls13-ssl] +server = 35-curve-sect283k1-tls13-server +client = 35-curve-sect283k1-tls13-client -[32-curve-sect283k1-tls13-server] +[35-curve-sect283k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect283k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[32-curve-sect283k1-tls13-client] +[35-curve-sect283k1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect283k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-32] +[test-35] ExpectedResult = ClientFail # =========================================================== -[33-curve-sect283r1-tls13] -ssl_conf = 33-curve-sect283r1-tls13-ssl +[36-curve-sect283r1-tls13] +ssl_conf = 36-curve-sect283r1-tls13-ssl -[33-curve-sect283r1-tls13-ssl] -server = 33-curve-sect283r1-tls13-server -client = 33-curve-sect283r1-tls13-client +[36-curve-sect283r1-tls13-ssl] +server = 36-curve-sect283r1-tls13-server +client = 36-curve-sect283r1-tls13-client -[33-curve-sect283r1-tls13-server] +[36-curve-sect283r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect283r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[33-curve-sect283r1-tls13-client] +[36-curve-sect283r1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect283r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-33] +[test-36] ExpectedResult = ClientFail # =========================================================== -[34-curve-sect409k1-tls13] -ssl_conf = 34-curve-sect409k1-tls13-ssl +[37-curve-sect409k1-tls13] +ssl_conf = 37-curve-sect409k1-tls13-ssl -[34-curve-sect409k1-tls13-ssl] -server = 34-curve-sect409k1-tls13-server -client = 34-curve-sect409k1-tls13-client +[37-curve-sect409k1-tls13-ssl] +server = 37-curve-sect409k1-tls13-server +client = 37-curve-sect409k1-tls13-client -[34-curve-sect409k1-tls13-server] +[37-curve-sect409k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect409k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[34-curve-sect409k1-tls13-client] +[37-curve-sect409k1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect409k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-34] +[test-37] ExpectedResult = ClientFail # =========================================================== -[35-curve-sect409r1-tls13] -ssl_conf = 35-curve-sect409r1-tls13-ssl +[38-curve-sect409r1-tls13] +ssl_conf = 38-curve-sect409r1-tls13-ssl -[35-curve-sect409r1-tls13-ssl] -server = 35-curve-sect409r1-tls13-server -client = 35-curve-sect409r1-tls13-client +[38-curve-sect409r1-tls13-ssl] +server = 38-curve-sect409r1-tls13-server +client = 38-curve-sect409r1-tls13-client -[35-curve-sect409r1-tls13-server] +[38-curve-sect409r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect409r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[35-curve-sect409r1-tls13-client] +[38-curve-sect409r1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect409r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-35] +[test-38] ExpectedResult = ClientFail # =========================================================== -[36-curve-sect571k1-tls13] -ssl_conf = 36-curve-sect571k1-tls13-ssl +[39-curve-sect571k1-tls13] +ssl_conf = 39-curve-sect571k1-tls13-ssl -[36-curve-sect571k1-tls13-ssl] -server = 36-curve-sect571k1-tls13-server -client = 36-curve-sect571k1-tls13-client +[39-curve-sect571k1-tls13-ssl] +server = 39-curve-sect571k1-tls13-server +client = 39-curve-sect571k1-tls13-client -[36-curve-sect571k1-tls13-server] +[39-curve-sect571k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect571k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[36-curve-sect571k1-tls13-client] +[39-curve-sect571k1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect571k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-36] +[test-39] ExpectedResult = ClientFail # =========================================================== -[37-curve-sect571r1-tls13] -ssl_conf = 37-curve-sect571r1-tls13-ssl +[40-curve-sect571r1-tls13] +ssl_conf = 40-curve-sect571r1-tls13-ssl -[37-curve-sect571r1-tls13-ssl] -server = 37-curve-sect571r1-tls13-server -client = 37-curve-sect571r1-tls13-client +[40-curve-sect571r1-tls13-ssl] +server = 40-curve-sect571r1-tls13-server +client = 40-curve-sect571r1-tls13-client -[37-curve-sect571r1-tls13-server] +[40-curve-sect571r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect571r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[37-curve-sect571r1-tls13-client] +[40-curve-sect571r1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect571r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-37] +[test-40] ExpectedResult = ClientFail # =========================================================== -[38-curve-secp224r1-tls13] -ssl_conf = 38-curve-secp224r1-tls13-ssl +[41-curve-secp224r1-tls13] +ssl_conf = 41-curve-secp224r1-tls13-ssl -[38-curve-secp224r1-tls13-ssl] -server = 38-curve-secp224r1-tls13-server -client = 38-curve-secp224r1-tls13-client +[41-curve-secp224r1-tls13-ssl] +server = 41-curve-secp224r1-tls13-server +client = 41-curve-secp224r1-tls13-client -[38-curve-secp224r1-tls13-server] +[41-curve-secp224r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp224r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[38-curve-secp224r1-tls13-client] +[41-curve-secp224r1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp224r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-38] +[test-41] ExpectedResult = ClientFail # =========================================================== -[39-curve-sect163k1-tls13] -ssl_conf = 39-curve-sect163k1-tls13-ssl +[42-curve-sect163k1-tls13] +ssl_conf = 42-curve-sect163k1-tls13-ssl -[39-curve-sect163k1-tls13-ssl] -server = 39-curve-sect163k1-tls13-server -client = 39-curve-sect163k1-tls13-client +[42-curve-sect163k1-tls13-ssl] +server = 42-curve-sect163k1-tls13-server +client = 42-curve-sect163k1-tls13-client -[39-curve-sect163k1-tls13-server] +[42-curve-sect163k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect163k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[39-curve-sect163k1-tls13-client] +[42-curve-sect163k1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect163k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-39] +[test-42] ExpectedResult = ClientFail # =========================================================== -[40-curve-sect163r2-tls13] -ssl_conf = 40-curve-sect163r2-tls13-ssl +[43-curve-sect163r2-tls13] +ssl_conf = 43-curve-sect163r2-tls13-ssl -[40-curve-sect163r2-tls13-ssl] -server = 40-curve-sect163r2-tls13-server -client = 40-curve-sect163r2-tls13-client +[43-curve-sect163r2-tls13-ssl] +server = 43-curve-sect163r2-tls13-server +client = 43-curve-sect163r2-tls13-client -[40-curve-sect163r2-tls13-server] +[43-curve-sect163r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[40-curve-sect163r2-tls13-client] +[43-curve-sect163r2-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect163r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-40] +[test-43] ExpectedResult = ClientFail # =========================================================== -[41-curve-prime192v1-tls13] -ssl_conf = 41-curve-prime192v1-tls13-ssl +[44-curve-prime192v1-tls13] +ssl_conf = 44-curve-prime192v1-tls13-ssl -[41-curve-prime192v1-tls13-ssl] -server = 41-curve-prime192v1-tls13-server -client = 41-curve-prime192v1-tls13-client +[44-curve-prime192v1-tls13-ssl] +server = 44-curve-prime192v1-tls13-server +client = 44-curve-prime192v1-tls13-client -[41-curve-prime192v1-tls13-server] +[44-curve-prime192v1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = prime192v1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[41-curve-prime192v1-tls13-client] +[44-curve-prime192v1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = prime192v1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-41] +[test-44] ExpectedResult = ClientFail # =========================================================== -[42-curve-sect163r1-tls13] -ssl_conf = 42-curve-sect163r1-tls13-ssl +[45-curve-sect163r1-tls13] +ssl_conf = 45-curve-sect163r1-tls13-ssl -[42-curve-sect163r1-tls13-ssl] -server = 42-curve-sect163r1-tls13-server -client = 42-curve-sect163r1-tls13-client +[45-curve-sect163r1-tls13-ssl] +server = 45-curve-sect163r1-tls13-server +client = 45-curve-sect163r1-tls13-client -[42-curve-sect163r1-tls13-server] +[45-curve-sect163r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[42-curve-sect163r1-tls13-client] +[45-curve-sect163r1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect163r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-42] +[test-45] ExpectedResult = ClientFail # =========================================================== -[43-curve-sect193r1-tls13] -ssl_conf = 43-curve-sect193r1-tls13-ssl +[46-curve-sect193r1-tls13] +ssl_conf = 46-curve-sect193r1-tls13-ssl -[43-curve-sect193r1-tls13-ssl] -server = 43-curve-sect193r1-tls13-server -client = 43-curve-sect193r1-tls13-client +[46-curve-sect193r1-tls13-ssl] +server = 46-curve-sect193r1-tls13-server +client = 46-curve-sect193r1-tls13-client -[43-curve-sect193r1-tls13-server] +[46-curve-sect193r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[43-curve-sect193r1-tls13-client] +[46-curve-sect193r1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect193r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-43] +[test-46] ExpectedResult = ClientFail # =========================================================== -[44-curve-sect193r2-tls13] -ssl_conf = 44-curve-sect193r2-tls13-ssl +[47-curve-sect193r2-tls13] +ssl_conf = 47-curve-sect193r2-tls13-ssl -[44-curve-sect193r2-tls13-ssl] -server = 44-curve-sect193r2-tls13-server -client = 44-curve-sect193r2-tls13-client +[47-curve-sect193r2-tls13-ssl] +server = 47-curve-sect193r2-tls13-server +client = 47-curve-sect193r2-tls13-client -[44-curve-sect193r2-tls13-server] +[47-curve-sect193r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[44-curve-sect193r2-tls13-client] +[47-curve-sect193r2-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect193r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-44] +[test-47] ExpectedResult = ClientFail # =========================================================== -[45-curve-sect239k1-tls13] -ssl_conf = 45-curve-sect239k1-tls13-ssl +[48-curve-sect239k1-tls13] +ssl_conf = 48-curve-sect239k1-tls13-ssl -[45-curve-sect239k1-tls13-ssl] -server = 45-curve-sect239k1-tls13-server -client = 45-curve-sect239k1-tls13-client +[48-curve-sect239k1-tls13-ssl] +server = 48-curve-sect239k1-tls13-server +client = 48-curve-sect239k1-tls13-client -[45-curve-sect239k1-tls13-server] +[48-curve-sect239k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = sect239k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[45-curve-sect239k1-tls13-client] +[48-curve-sect239k1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = sect239k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-45] +[test-48] ExpectedResult = ClientFail # =========================================================== -[46-curve-secp160k1-tls13] -ssl_conf = 46-curve-secp160k1-tls13-ssl +[49-curve-secp160k1-tls13] +ssl_conf = 49-curve-secp160k1-tls13-ssl -[46-curve-secp160k1-tls13-ssl] -server = 46-curve-secp160k1-tls13-server -client = 46-curve-secp160k1-tls13-client +[49-curve-secp160k1-tls13-ssl] +server = 49-curve-secp160k1-tls13-server +client = 49-curve-secp160k1-tls13-client -[46-curve-secp160k1-tls13-server] +[49-curve-secp160k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp160k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[46-curve-secp160k1-tls13-client] +[49-curve-secp160k1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp160k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-46] +[test-49] ExpectedResult = ClientFail # =========================================================== -[47-curve-secp160r1-tls13] -ssl_conf = 47-curve-secp160r1-tls13-ssl +[50-curve-secp160r1-tls13] +ssl_conf = 50-curve-secp160r1-tls13-ssl -[47-curve-secp160r1-tls13-ssl] -server = 47-curve-secp160r1-tls13-server -client = 47-curve-secp160r1-tls13-client +[50-curve-secp160r1-tls13-ssl] +server = 50-curve-secp160r1-tls13-server +client = 50-curve-secp160r1-tls13-client -[47-curve-secp160r1-tls13-server] +[50-curve-secp160r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[47-curve-secp160r1-tls13-client] +[50-curve-secp160r1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp160r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-47] +[test-50] ExpectedResult = ClientFail # =========================================================== -[48-curve-secp160r2-tls13] -ssl_conf = 48-curve-secp160r2-tls13-ssl +[51-curve-secp160r2-tls13] +ssl_conf = 51-curve-secp160r2-tls13-ssl -[48-curve-secp160r2-tls13-ssl] -server = 48-curve-secp160r2-tls13-server -client = 48-curve-secp160r2-tls13-client +[51-curve-secp160r2-tls13-ssl] +server = 51-curve-secp160r2-tls13-server +client = 51-curve-secp160r2-tls13-client -[48-curve-secp160r2-tls13-server] +[51-curve-secp160r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[48-curve-secp160r2-tls13-client] +[51-curve-secp160r2-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp160r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-48] +[test-51] ExpectedResult = ClientFail # =========================================================== -[49-curve-secp192k1-tls13] -ssl_conf = 49-curve-secp192k1-tls13-ssl +[52-curve-secp192k1-tls13] +ssl_conf = 52-curve-secp192k1-tls13-ssl -[49-curve-secp192k1-tls13-ssl] -server = 49-curve-secp192k1-tls13-server -client = 49-curve-secp192k1-tls13-client +[52-curve-secp192k1-tls13-ssl] +server = 52-curve-secp192k1-tls13-server +client = 52-curve-secp192k1-tls13-client -[49-curve-secp192k1-tls13-server] +[52-curve-secp192k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp192k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[49-curve-secp192k1-tls13-client] +[52-curve-secp192k1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp192k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-49] +[test-52] ExpectedResult = ClientFail # =========================================================== -[50-curve-secp224k1-tls13] -ssl_conf = 50-curve-secp224k1-tls13-ssl +[53-curve-secp224k1-tls13] +ssl_conf = 53-curve-secp224k1-tls13-ssl -[50-curve-secp224k1-tls13-ssl] -server = 50-curve-secp224k1-tls13-server -client = 50-curve-secp224k1-tls13-client +[53-curve-secp224k1-tls13-ssl] +server = 53-curve-secp224k1-tls13-server +client = 53-curve-secp224k1-tls13-client -[50-curve-secp224k1-tls13-server] +[53-curve-secp224k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp224k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[50-curve-secp224k1-tls13-client] +[53-curve-secp224k1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp224k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-50] +[test-53] ExpectedResult = ClientFail # =========================================================== -[51-curve-secp256k1-tls13] -ssl_conf = 51-curve-secp256k1-tls13-ssl +[54-curve-secp256k1-tls13] +ssl_conf = 54-curve-secp256k1-tls13-ssl -[51-curve-secp256k1-tls13-ssl] -server = 51-curve-secp256k1-tls13-server -client = 51-curve-secp256k1-tls13-client +[54-curve-secp256k1-tls13-ssl] +server = 54-curve-secp256k1-tls13-server +client = 54-curve-secp256k1-tls13-client -[51-curve-secp256k1-tls13-server] +[54-curve-secp256k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = secp256k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[51-curve-secp256k1-tls13-client] +[54-curve-secp256k1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = secp256k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-51] +[test-54] ExpectedResult = ClientFail # =========================================================== -[52-curve-brainpoolP256r1-tls13] -ssl_conf = 52-curve-brainpoolP256r1-tls13-ssl +[55-curve-brainpoolP256r1-tls13] +ssl_conf = 55-curve-brainpoolP256r1-tls13-ssl -[52-curve-brainpoolP256r1-tls13-ssl] -server = 52-curve-brainpoolP256r1-tls13-server -client = 52-curve-brainpoolP256r1-tls13-client +[55-curve-brainpoolP256r1-tls13-ssl] +server = 55-curve-brainpoolP256r1-tls13-server +client = 55-curve-brainpoolP256r1-tls13-client -[52-curve-brainpoolP256r1-tls13-server] +[55-curve-brainpoolP256r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP256r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[52-curve-brainpoolP256r1-tls13-client] +[55-curve-brainpoolP256r1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP256r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-52] +[test-55] ExpectedResult = ClientFail # =========================================================== -[53-curve-brainpoolP384r1-tls13] -ssl_conf = 53-curve-brainpoolP384r1-tls13-ssl +[56-curve-brainpoolP384r1-tls13] +ssl_conf = 56-curve-brainpoolP384r1-tls13-ssl -[53-curve-brainpoolP384r1-tls13-ssl] -server = 53-curve-brainpoolP384r1-tls13-server -client = 53-curve-brainpoolP384r1-tls13-client +[56-curve-brainpoolP384r1-tls13-ssl] +server = 56-curve-brainpoolP384r1-tls13-server +client = 56-curve-brainpoolP384r1-tls13-client -[53-curve-brainpoolP384r1-tls13-server] +[56-curve-brainpoolP384r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP384r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[53-curve-brainpoolP384r1-tls13-client] +[56-curve-brainpoolP384r1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP384r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-53] +[test-56] ExpectedResult = ClientFail # =========================================================== -[54-curve-brainpoolP512r1-tls13] -ssl_conf = 54-curve-brainpoolP512r1-tls13-ssl +[57-curve-brainpoolP512r1-tls13] +ssl_conf = 57-curve-brainpoolP512r1-tls13-ssl -[54-curve-brainpoolP512r1-tls13-ssl] -server = 54-curve-brainpoolP512r1-tls13-server -client = 54-curve-brainpoolP512r1-tls13-client +[57-curve-brainpoolP512r1-tls13-ssl] +server = 57-curve-brainpoolP512r1-tls13-server +client = 57-curve-brainpoolP512r1-tls13-client -[54-curve-brainpoolP512r1-tls13-server] +[57-curve-brainpoolP512r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP512r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[54-curve-brainpoolP512r1-tls13-client] +[57-curve-brainpoolP512r1-tls13-client] CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP512r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-54] +[test-57] ExpectedResult = ClientFail +# =========================================================== + +[58-curve-brainpoolP256r1tls13-tls13-in-tls12] +ssl_conf = 58-curve-brainpoolP256r1tls13-tls13-in-tls12-ssl + +[58-curve-brainpoolP256r1tls13-tls13-in-tls12-ssl] +server = 58-curve-brainpoolP256r1tls13-tls13-in-tls12-server +client = 58-curve-brainpoolP256r1tls13-tls13-in-tls12-client + +[58-curve-brainpoolP256r1tls13-tls13-in-tls12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP256r1tls13 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[58-curve-brainpoolP256r1tls13-tls13-in-tls12-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP256r1tls13 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-58] +ExpectedResult = ServerFail + + +# =========================================================== + +[59-curve-brainpoolP384r1tls13-tls13-in-tls12] +ssl_conf = 59-curve-brainpoolP384r1tls13-tls13-in-tls12-ssl + +[59-curve-brainpoolP384r1tls13-tls13-in-tls12-ssl] +server = 59-curve-brainpoolP384r1tls13-tls13-in-tls12-server +client = 59-curve-brainpoolP384r1tls13-tls13-in-tls12-client + +[59-curve-brainpoolP384r1tls13-tls13-in-tls12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP384r1tls13 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[59-curve-brainpoolP384r1tls13-tls13-in-tls12-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP384r1tls13 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-59] +ExpectedResult = ServerFail + + +# =========================================================== + +[60-curve-brainpoolP512r1tls13-tls13-in-tls12] +ssl_conf = 60-curve-brainpoolP512r1tls13-tls13-in-tls12-ssl + +[60-curve-brainpoolP512r1tls13-tls13-in-tls12-ssl] +server = 60-curve-brainpoolP512r1tls13-tls13-in-tls12-server +client = 60-curve-brainpoolP512r1tls13-tls13-in-tls12-client + +[60-curve-brainpoolP512r1tls13-tls13-in-tls12-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP512r1tls13 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[60-curve-brainpoolP512r1tls13-tls13-in-tls12-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP512r1tls13 +MaxProtocol = TLSv1.2 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-60] +ExpectedResult = ServerFail + + diff --git a/test/ssl-tests/14-curves.cnf.in b/test/ssl-tests/14-curves.cnf.in index 6426b175b5..0f5319445c 100644 --- a/test/ssl-tests/14-curves.cnf.in +++ b/test/ssl-tests/14-curves.cnf.in @@ -14,6 +14,12 @@ our $fips_mode; my @curves = ("prime256v1", "secp384r1", "secp521r1", "X25519", "X448"); +#Curves *only* suitable for use in TLSv1.3 +my @curves_tls_1_3 = ("brainpoolP256r1tls13", "brainpoolP384r1tls13", + "brainpoolP512r1tls13"); + +#It so happens that all the curves in @curves_tls_1_3 are non-fips curves +push @curves, @curves_tls_1_3 if !$fips_mode; my @curves_tls_1_2 = ("sect233k1", "sect233r1", "sect283k1", "sect283r1", "sect409k1", "sect409r1", @@ -91,6 +97,30 @@ sub generate_tests() { }, }; } + if (!$fips_mode) { + foreach (0..$#curves_tls_1_3) { + my $curve = $curves_tls_1_3[$_]; + push @tests, { + name => "curve-${curve}-tls13-in-tls12", + server => { + "Curves" => $curve, + "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.3" + }, + client => { + "CipherString" => 'ECDHE@SECLEVEL=1', + "MaxProtocol" => "TLSv1.2", + "Curves" => $curve + }, + test => { + #These curves are only suitable for TLSv1.3 so we expect the + #server to fail because it has no shared groups for TLSv1.2 + #ECDHE key exchange + "ExpectedResult" => "ServerFail" + }, + }; + } + } } generate_tests(); -- GitLab