1# -*- mode: perl; -*- 2# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the OpenSSL license (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10## SSL test configurations 11 12package ssltests; 13use OpenSSL::Test::Utils; 14 15our @tests = ( 16 { 17 name => "SECLEVEL 3 with default key", 18 server => { "CipherString" => "DEFAULT:\@SECLEVEL=3" }, 19 client => { }, 20 test => { "ExpectedResult" => "ServerFail" }, 21 }, 22); 23 24our @tests_ec = ( 25 { 26 name => "SECLEVEL 4 with ED448 key", 27 server => { "CipherString" => "DEFAULT:\@SECLEVEL=4", 28 "Certificate" => test_pem("server-ed448-cert.pem"), 29 "PrivateKey" => test_pem("server-ed448-key.pem") }, 30 client => { "CipherString" => "DEFAULT:\@SECLEVEL=4", 31 "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, 32 test => { "ExpectedResult" => "Success" }, 33 }, 34 { 35 # The Ed488 signature algorithm will not be enabled. 36 # Because of the config order, the certificate is first loaded, and 37 # then the security level is chaged. If you try this with s_server 38 # the order will be reversed and it will instead fail to load the key. 39 name => "SECLEVEL 5 server with ED448 key", 40 server => { "CipherString" => "DEFAULT:\@SECLEVEL=5", 41 "Certificate" => test_pem("server-ed448-cert.pem"), 42 "PrivateKey" => test_pem("server-ed448-key.pem") }, 43 client => { "CipherString" => "DEFAULT:\@SECLEVEL=4", 44 "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, 45 test => { "ExpectedResult" => "ServerFail" }, 46 }, 47 { 48 # The client will not sent the Ed488 signature algorithm, so the server 49 # doesn't have a useable signature algorithm for the certificate. 50 name => "SECLEVEL 5 client with ED448 key", 51 server => { "CipherString" => "DEFAULT:\@SECLEVEL=4", 52 "Certificate" => test_pem("server-ed448-cert.pem"), 53 "PrivateKey" => test_pem("server-ed448-key.pem") }, 54 client => { "CipherString" => "DEFAULT:\@SECLEVEL=5", 55 "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, 56 test => { "ExpectedResult" => "ServerFail" }, 57 }, 58 { 59 name => "SECLEVEL 3 with P-384 key, X25519 ECDHE", 60 server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", 61 "Certificate" => test_pem("p384-server-cert.pem"), 62 "PrivateKey" => test_pem("p384-server-key.pem"), 63 "Groups" => "X25519" }, 64 client => { "CipherString" => "ECDHE:\@SECLEVEL=3", 65 "VerifyCAFile" => test_pem("p384-root.pem") }, 66 test => { "ExpectedResult" => "Success" }, 67 }, 68); 69 70our @tests_tls1_2 = ( 71 { 72 name => "SECLEVEL 3 with ED448 key, TLSv1.2", 73 server => { "CipherString" => "DEFAULT:\@SECLEVEL=3", 74 "Certificate" => test_pem("server-ed448-cert.pem"), 75 "PrivateKey" => test_pem("server-ed448-key.pem"), 76 "MaxProtocol" => "TLSv1.2" }, 77 client => { "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, 78 test => { "ExpectedResult" => "Success" }, 79 }, 80); 81 82push @tests, @tests_ec unless disabled("ec"); 83push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec"); 84