From: Matt Caswell Date: Tue, 5 Oct 2021 17:30:09 +0100 Subject: Fix tests for new default security level Fix tests that were expecting a default security level of 1 to work with the new default of 2. Reviewed-by: Dmitry Belyavskiy (Merged from https://github.com/openssl/openssl/pull/16760) --- test/ssl-tests/12-ct.cnf | 24 ++-- test/ssl-tests/12-ct.cnf.in | 12 ++ test/ssl-tests/14-curves.cnf | 240 +++++++++++++++++------------------ test/ssl-tests/14-curves.cnf.in | 9 +- test/ssl-tests/22-compression.cnf | 32 ++--- test/ssl-tests/22-compression.cnf.in | 16 +++ test/sslapitest.c | 24 +++- 7 files changed, 199 insertions(+), 158 deletions(-) diff --git a/test/ssl-tests/12-ct.cnf b/test/ssl-tests/12-ct.cnf index 2e6e9dea6757..369c5d4e8eef 100644 --- a/test/ssl-tests/12-ct.cnf +++ b/test/ssl-tests/12-ct.cnf @@ -19,11 +19,11 @@ client = 0-ct-permissive-without-scts-client [0-ct-permissive-without-scts-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-ct-permissive-without-scts-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -46,11 +46,11 @@ client = 1-ct-permissive-with-scts-client [1-ct-permissive-with-scts-server] Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem [1-ct-permissive-with-scts-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem VerifyMode = Peer @@ -73,11 +73,11 @@ client = 2-ct-strict-without-scts-client [2-ct-strict-without-scts-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-ct-strict-without-scts-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -101,11 +101,11 @@ client = 3-ct-strict-with-scts-client [3-ct-strict-with-scts-server] Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem [3-ct-strict-with-scts-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem VerifyMode = Peer @@ -130,11 +130,11 @@ resume-client = 4-ct-permissive-resumption-client [4-ct-permissive-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem [4-ct-permissive-resumption-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem VerifyMode = Peer @@ -162,11 +162,11 @@ resume-client = 5-ct-strict-resumption-resume-client [5-ct-strict-resumption-server] Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem [5-ct-strict-resumption-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem VerifyMode = Peer diff --git a/test/ssl-tests/12-ct.cnf.in b/test/ssl-tests/12-ct.cnf.in index ddafd3fc4cda..c11bcc9c0958 100644 --- a/test/ssl-tests/12-ct.cnf.in +++ b/test/ssl-tests/12-ct.cnf.in @@ -19,8 +19,10 @@ our @tests = ( { name => "ct-permissive-without-scts", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', extra => { "CTValidation" => "Permissive", }, @@ -32,10 +34,12 @@ our @tests = ( { name => "ct-permissive-with-scts", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Certificate" => test_pem("embeddedSCTs1.pem"), "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), extra => { "CTValidation" => "Permissive", @@ -48,8 +52,10 @@ our @tests = ( { name => "ct-strict-without-scts", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', extra => { "CTValidation" => "Strict", }, @@ -62,10 +68,12 @@ our @tests = ( { name => "ct-strict-with-scts", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Certificate" => test_pem("embeddedSCTs1.pem"), "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), extra => { "CTValidation" => "Strict", @@ -78,10 +86,12 @@ our @tests = ( { name => "ct-permissive-resumption", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Certificate" => test_pem("embeddedSCTs1.pem"), "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), extra => { "CTValidation" => "Permissive", @@ -96,10 +106,12 @@ our @tests = ( { name => "ct-strict-resumption", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Certificate" => test_pem("embeddedSCTs1.pem"), "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), extra => { "CTValidation" => "Strict", diff --git a/test/ssl-tests/14-curves.cnf b/test/ssl-tests/14-curves.cnf index 75635d29bd0f..ad62e28935ae 100644 --- a/test/ssl-tests/14-curves.cnf +++ b/test/ssl-tests/14-curves.cnf @@ -108,13 +108,13 @@ client = 0-curve-prime256v1-client [0-curve-prime256v1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = prime256v1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-curve-prime256v1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = prime256v1 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -137,13 +137,13 @@ client = 1-curve-secp384r1-client [1-curve-secp384r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp384r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-curve-secp384r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp384r1 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -166,13 +166,13 @@ client = 2-curve-secp521r1-client [2-curve-secp521r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp521r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-curve-secp521r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp521r1 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -195,13 +195,13 @@ client = 3-curve-X25519-client [3-curve-X25519-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = X25519 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-curve-X25519-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = X25519 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -224,13 +224,13 @@ client = 4-curve-X448-client [4-curve-X448-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = X448 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-curve-X448-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = X448 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -253,13 +253,13 @@ client = 5-curve-ffdhe2048-client [5-curve-ffdhe2048-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe2048 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-curve-ffdhe2048-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = ffdhe2048 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -282,13 +282,13 @@ client = 6-curve-ffdhe3072-client [6-curve-ffdhe3072-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe3072 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-curve-ffdhe3072-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = ffdhe3072 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -311,13 +311,13 @@ client = 7-curve-ffdhe4096-client [7-curve-ffdhe4096-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe4096 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-curve-ffdhe4096-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = ffdhe4096 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -340,13 +340,13 @@ client = 8-curve-ffdhe6144-client [8-curve-ffdhe6144-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe6144 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [8-curve-ffdhe6144-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = ffdhe6144 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -369,13 +369,13 @@ client = 9-curve-ffdhe8192-client [9-curve-ffdhe8192-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = ffdhe8192 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [9-curve-ffdhe8192-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = ffdhe8192 MaxProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -398,13 +398,13 @@ client = 10-curve-sect233k1-client [10-curve-sect233k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect233k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [10-curve-sect233k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect233k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -427,13 +427,13 @@ client = 11-curve-sect233r1-client [11-curve-sect233r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect233r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [11-curve-sect233r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect233r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -456,13 +456,13 @@ client = 12-curve-sect283k1-client [12-curve-sect283k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect283k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [12-curve-sect283k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect283k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -485,13 +485,13 @@ client = 13-curve-sect283r1-client [13-curve-sect283r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect283r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [13-curve-sect283r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect283r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -514,13 +514,13 @@ client = 14-curve-sect409k1-client [14-curve-sect409k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect409k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [14-curve-sect409k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect409k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -543,13 +543,13 @@ client = 15-curve-sect409r1-client [15-curve-sect409r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect409r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [15-curve-sect409r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect409r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -572,13 +572,13 @@ client = 16-curve-sect571k1-client [16-curve-sect571k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect571k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [16-curve-sect571k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect571k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -601,13 +601,13 @@ client = 17-curve-sect571r1-client [17-curve-sect571r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect571r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [17-curve-sect571r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect571r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -630,13 +630,13 @@ client = 18-curve-secp224r1-client [18-curve-secp224r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp224r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [18-curve-secp224r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp224r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -659,13 +659,13 @@ client = 19-curve-sect163k1-client [19-curve-sect163k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [19-curve-sect163k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect163k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -688,13 +688,13 @@ client = 20-curve-sect163r2-client [20-curve-sect163r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [20-curve-sect163r2-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect163r2 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -717,13 +717,13 @@ client = 21-curve-prime192v1-client [21-curve-prime192v1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = prime192v1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [21-curve-prime192v1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = prime192v1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -746,13 +746,13 @@ client = 22-curve-sect163r1-client [22-curve-sect163r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [22-curve-sect163r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect163r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -775,13 +775,13 @@ client = 23-curve-sect193r1-client [23-curve-sect193r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [23-curve-sect193r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect193r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -804,13 +804,13 @@ client = 24-curve-sect193r2-client [24-curve-sect193r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [24-curve-sect193r2-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect193r2 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -833,13 +833,13 @@ client = 25-curve-sect239k1-client [25-curve-sect239k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect239k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [25-curve-sect239k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect239k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -862,13 +862,13 @@ client = 26-curve-secp160k1-client [26-curve-secp160k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [26-curve-secp160k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp160k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -891,13 +891,13 @@ client = 27-curve-secp160r1-client [27-curve-secp160r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [27-curve-secp160r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp160r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -920,13 +920,13 @@ client = 28-curve-secp160r2-client [28-curve-secp160r2-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [28-curve-secp160r2-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp160r2 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -949,13 +949,13 @@ client = 29-curve-secp192k1-client [29-curve-secp192k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp192k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [29-curve-secp192k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp192k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -978,13 +978,13 @@ client = 30-curve-secp224k1-client [30-curve-secp224k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp224k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [30-curve-secp224k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp224k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1007,13 +1007,13 @@ client = 31-curve-secp256k1-client [31-curve-secp256k1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp256k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [31-curve-secp256k1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp256k1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1036,13 +1036,13 @@ client = 32-curve-brainpoolP256r1-client [32-curve-brainpoolP256r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP256r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [32-curve-brainpoolP256r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP256r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1065,13 +1065,13 @@ client = 33-curve-brainpoolP384r1-client [33-curve-brainpoolP384r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP384r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [33-curve-brainpoolP384r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP384r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1094,13 +1094,13 @@ client = 34-curve-brainpoolP512r1-client [34-curve-brainpoolP512r1-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP512r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [34-curve-brainpoolP512r1-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP512r1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1873,13 +1873,13 @@ client = 60-curve-sect233k1-tls13-client [60-curve-sect233k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect233k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [60-curve-sect233k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect233k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1900,13 +1900,13 @@ client = 61-curve-sect233r1-tls13-client [61-curve-sect233r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect233r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [61-curve-sect233r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect233r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1927,13 +1927,13 @@ client = 62-curve-sect283k1-tls13-client [62-curve-sect283k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect283k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [62-curve-sect283k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect283k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1954,13 +1954,13 @@ client = 63-curve-sect283r1-tls13-client [63-curve-sect283r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect283r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [63-curve-sect283r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect283r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -1981,13 +1981,13 @@ client = 64-curve-sect409k1-tls13-client [64-curve-sect409k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect409k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [64-curve-sect409k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect409k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2008,13 +2008,13 @@ client = 65-curve-sect409r1-tls13-client [65-curve-sect409r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect409r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [65-curve-sect409r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect409r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2035,13 +2035,13 @@ client = 66-curve-sect571k1-tls13-client [66-curve-sect571k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect571k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [66-curve-sect571k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect571k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2062,13 +2062,13 @@ client = 67-curve-sect571r1-tls13-client [67-curve-sect571r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect571r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [67-curve-sect571r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect571r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2089,13 +2089,13 @@ client = 68-curve-secp224r1-tls13-client [68-curve-secp224r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp224r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [68-curve-secp224r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp224r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2116,13 +2116,13 @@ client = 69-curve-sect163k1-tls13-client [69-curve-sect163k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [69-curve-sect163k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect163k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2143,13 +2143,13 @@ client = 70-curve-sect163r2-tls13-client [70-curve-sect163r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [70-curve-sect163r2-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect163r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2170,13 +2170,13 @@ client = 71-curve-prime192v1-tls13-client [71-curve-prime192v1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = prime192v1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [71-curve-prime192v1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = prime192v1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2197,13 +2197,13 @@ client = 72-curve-sect163r1-tls13-client [72-curve-sect163r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect163r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [72-curve-sect163r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect163r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2224,13 +2224,13 @@ client = 73-curve-sect193r1-tls13-client [73-curve-sect193r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [73-curve-sect193r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect193r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2251,13 +2251,13 @@ client = 74-curve-sect193r2-tls13-client [74-curve-sect193r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect193r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [74-curve-sect193r2-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect193r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2278,13 +2278,13 @@ client = 75-curve-sect239k1-tls13-client [75-curve-sect239k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = sect239k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [75-curve-sect239k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = sect239k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2305,13 +2305,13 @@ client = 76-curve-secp160k1-tls13-client [76-curve-secp160k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [76-curve-secp160k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp160k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2332,13 +2332,13 @@ client = 77-curve-secp160r1-tls13-client [77-curve-secp160r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [77-curve-secp160r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp160r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2359,13 +2359,13 @@ client = 78-curve-secp160r2-tls13-client [78-curve-secp160r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp160r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [78-curve-secp160r2-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp160r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2386,13 +2386,13 @@ client = 79-curve-secp192k1-tls13-client [79-curve-secp192k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp192k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [79-curve-secp192k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp192k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2413,13 +2413,13 @@ client = 80-curve-secp224k1-tls13-client [80-curve-secp224k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp224k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [80-curve-secp224k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp224k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2440,13 +2440,13 @@ client = 81-curve-secp256k1-tls13-client [81-curve-secp256k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = secp256k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [81-curve-secp256k1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = secp256k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2467,13 +2467,13 @@ client = 82-curve-brainpoolP256r1-tls13-client [82-curve-brainpoolP256r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP256r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [82-curve-brainpoolP256r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP256r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2494,13 +2494,13 @@ client = 83-curve-brainpoolP384r1-tls13-client [83-curve-brainpoolP384r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP384r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [83-curve-brainpoolP384r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP384r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -2521,13 +2521,13 @@ client = 84-curve-brainpoolP512r1-tls13-client [84-curve-brainpoolP512r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Curves = brainpoolP512r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [84-curve-brainpoolP512r1-tls13-client] -CipherString = ECDHE +CipherString = ECDHE@SECLEVEL=1 Curves = brainpoolP512r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem diff --git a/test/ssl-tests/14-curves.cnf.in b/test/ssl-tests/14-curves.cnf.in index 33201df281f7..1c048bc09978 100644 --- a/test/ssl-tests/14-curves.cnf.in +++ b/test/ssl-tests/14-curves.cnf.in @@ -58,10 +58,11 @@ sub generate_tests() { name => "curve-${curve}", server => { "Curves" => $curve, + "CipherString" => 'DEFAULT@SECLEVEL=1', "MaxProtocol" => "TLSv1.3" }, client => { - "CipherString" => "ECDHE", + "CipherString" => 'ECDHE@SECLEVEL=1', "MaxProtocol" => "TLSv1.3", "Curves" => $curve }, @@ -78,10 +79,11 @@ sub generate_tests() { name => "curve-${curve}", server => { "Curves" => $curve, + "CipherString" => 'DEFAULT@SECLEVEL=1', "MaxProtocol" => "TLSv1.3" }, client => { - "CipherString" => "ECDHE", + "CipherString" => 'ECDHE@SECLEVEL=1', "MaxProtocol" => "TLSv1.2", "Curves" => $curve }, @@ -122,10 +124,11 @@ sub generate_tests() { name => "curve-${curve}-tls13", server => { "Curves" => $curve, + "CipherString" => 'DEFAULT@SECLEVEL=1', "MaxProtocol" => "TLSv1.3" }, client => { - "CipherString" => "ECDHE", + "CipherString" => 'ECDHE@SECLEVEL=1', "MinProtocol" => "TLSv1.3", "Curves" => $curve }, diff --git a/test/ssl-tests/22-compression.cnf b/test/ssl-tests/22-compression.cnf index c85d3129abbb..a70f01b7af96 100644 --- a/test/ssl-tests/22-compression.cnf +++ b/test/ssl-tests/22-compression.cnf @@ -21,12 +21,12 @@ client = 0-tlsv1_3-both-compress-client [0-tlsv1_3-both-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [0-tlsv1_3-both-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -47,11 +47,11 @@ client = 1-tlsv1_3-client-compress-client [1-tlsv1_3-client-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [1-tlsv1_3-client-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -72,12 +72,12 @@ client = 2-tlsv1_3-server-compress-client [2-tlsv1_3-server-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [2-tlsv1_3-server-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -97,11 +97,11 @@ client = 3-tlsv1_3-neither-compress-client [3-tlsv1_3-neither-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [3-tlsv1_3-neither-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -121,12 +121,12 @@ client = 4-tlsv1_2-both-compress-client [4-tlsv1_2-both-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [4-tlsv1_2-both-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 MaxProtocol = TLSv1.2 Options = Compression VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -148,11 +148,11 @@ client = 5-tlsv1_2-client-compress-client [5-tlsv1_2-client-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [5-tlsv1_2-client-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 MaxProtocol = TLSv1.2 Options = Compression VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem @@ -174,12 +174,12 @@ client = 6-tlsv1_2-server-compress-client [6-tlsv1_2-server-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 Options = Compression PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [6-tlsv1_2-server-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer @@ -200,11 +200,11 @@ client = 7-tlsv1_2-neither-compress-client [7-tlsv1_2-neither-compress-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem [7-tlsv1_2-neither-compress-client] -CipherString = DEFAULT +CipherString = DEFAULT@SECLEVEL=1 MaxProtocol = TLSv1.2 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer diff --git a/test/ssl-tests/22-compression.cnf.in b/test/ssl-tests/22-compression.cnf.in index 69a2e7f80101..0b8f010b76c0 100644 --- a/test/ssl-tests/22-compression.cnf.in +++ b/test/ssl-tests/22-compression.cnf.in @@ -21,9 +21,11 @@ our @tests_tls1_3 = ( { name => "tlsv1_3-both-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, test => { @@ -34,8 +36,10 @@ our @tests_tls1_3 = ( { name => "tlsv1_3-client-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, test => { @@ -46,9 +50,11 @@ our @tests_tls1_3 = ( { name => "tlsv1_3-server-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, test => { "CompressionExpected" => "No", @@ -58,8 +64,10 @@ our @tests_tls1_3 = ( { name => "tlsv1_3-neither-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, test => { "CompressionExpected" => "No", @@ -71,9 +79,11 @@ our @tests_tls1_2 = ( { name => "tlsv1_2-both-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression", "MaxProtocol" => "TLSv1.2" }, @@ -85,8 +95,10 @@ our @tests_tls1_2 = ( { name => "tlsv1_2-client-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression", "MaxProtocol" => "TLSv1.2" }, @@ -98,9 +110,11 @@ our @tests_tls1_2 = ( { name => "tlsv1_2-server-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "Options" => "Compression" }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "MaxProtocol" => "TLSv1.2" }, test => { @@ -111,8 +125,10 @@ our @tests_tls1_2 = ( { name => "tlsv1_2-neither-compress", server => { + "CipherString" => 'DEFAULT@SECLEVEL=1', }, client => { + "CipherString" => 'DEFAULT@SECLEVEL=1', "MaxProtocol" => "TLSv1.2" }, test => { diff --git a/test/sslapitest.c b/test/sslapitest.c index 2b1c2fded322..34c33c1f97dc 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -9762,7 +9762,8 @@ static int test_set_tmp_dh(int idx) */ static int test_dh_auto(int idx) { - SSL_CTX *cctx = NULL, *sctx = NULL; + SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method()); + SSL_CTX *sctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; EVP_PKEY *tmpkey = NULL; @@ -9770,14 +9771,21 @@ static int test_dh_auto(int idx) size_t expdhsize = 0; const char *ciphersuite = "DHE-RSA-AES128-SHA"; + if (!TEST_ptr(sctx) || !TEST_ptr(cctx)) + goto end; + switch (idx) { case 0: /* The FIPS provider doesn't support this DH size - so we ignore it */ - if (is_fips) - return 1; + if (is_fips) { + testresult = 1; + goto end; + } thiscert = cert1024; thiskey = privkey1024; expdhsize = 1024; + SSL_CTX_set_security_level(sctx, 1); + SSL_CTX_set_security_level(cctx, 1); break; case 1: /* 2048 bit prime */ @@ -9803,8 +9811,10 @@ static int test_dh_auto(int idx) /* No certificate cases */ case 5: /* The FIPS provider doesn't support this DH size - so we ignore it */ - if (is_fips) - return 1; + if (is_fips) { + testresult = 1; + goto end; + } ciphersuite = "ADH-AES128-SHA256:@SECLEVEL=0"; expdhsize = 1024; break; @@ -9817,8 +9827,8 @@ static int test_dh_auto(int idx) goto end; } - if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), + if (!TEST_true(create_ssl_ctx_pair(libctx, NULL, + NULL, 0, 0, &sctx, &cctx, thiscert, thiskey)))