From 4dcad96f97a928f77c05a2a2b031cf3cbd659b78 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 4 Apr 2017 14:31:47 -0700 Subject: [PATCH] =?UTF-8?q?Added=20test=20for=20server=20to=20use=20the=20?= =?UTF-8?q?default=20cipher=20suite=20list=20using=20new=20=E2=80=9C-U?= =?UTF-8?q?=E2=80=9D=20option.=20This=20allows=20the=20InitSuites=20logic?= =?UTF-8?q?=20to=20be=20used=20for=20determining=20cipher=20suites=20inste?= =?UTF-8?q?ad=20of=20always=20overriding=20using=20the=20=E2=80=9C-l?= =?UTF-8?q?=E2=80=9D=20option.=20Now=20both=20versions=20are=20used,=20so?= =?UTF-8?q?=20tests=20are=20done=20with=20wolfSSL=5FCTX=5Fset=5Fcipher=5Fl?= =?UTF-8?q?ist=20and=20InitSuites.=20Removed=20a=20few=20cipher=20suite=20?= =?UTF-8?q?tests=20from=20test.conf=20that=20are=20not=20valid=20with=20ol?= =?UTF-8?q?d=20TLS.=20These=20were=20not=20picked=20up=20as=20failures=20b?= =?UTF-8?q?efore=20because=20wolfSSL=5FCTX=5Fset=5Fcipher=5Flist=20matched?= =?UTF-8?q?=20on=20name=20only,=20allowing=20older=20versions=20to=20use?= =?UTF-8?q?=20the=20suite.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- examples/server/server.c | 11 ++- tests/suites.c | 182 +++++++++++++++++++------------------ tests/test-dtls.conf | 119 +++++++------------------ tests/test.conf | 187 +++++++++------------------------------ 4 files changed, 181 insertions(+), 318 deletions(-) diff --git a/examples/server/server.c b/examples/server/server.c index 47bcf3172..aa0e147a0 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -267,6 +267,7 @@ static void Usage(void) #endif printf("-g Return basic HTML web page\n"); printf("-C The number of connections to accept, default: 1\n"); + printf("-U Force use of the default cipher suite list\n"); } THREAD_RETURN CYASSL_THREAD server_test(void* args) @@ -319,6 +320,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) char* alpnList = NULL; unsigned char alpn_opt = 0; char* cipherList = NULL; + int useDefCipherList = 0; const char* verifyCert = cliCertFile; const char* ourCert = svrCertFile; const char* ourKey = svrKeyFile; @@ -391,7 +393,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) useAnyAddr = 1; #else while ((ch = mygetopt(argc, argv, - "?jdbstnNuGfrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:E:q:gC:")) != -1) { + "?jdbstnNuGfrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:E:q:gC:U")) != -1) { switch (ch) { case '?' : Usage(); @@ -475,6 +477,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) cipherList = myoptarg; break; + case 'U' : + useDefCipherList = 1; + break; + case 'A' : verifyCert = myoptarg; break; @@ -716,9 +722,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); #endif - if (cipherList) + if (cipherList && !useDefCipherList) { if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS) err_sys("server can't set cipher list 1"); + } #ifdef CYASSL_LEANPSK if (!usePsk) { diff --git a/tests/suites.c b/tests/suites.c index 2028bca51..0197f4349 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -35,7 +35,7 @@ #define MAX_ARGS 40 #define MAX_COMMAND_SZ 240 -#define MAX_SUITE_SZ 80 +#define MAX_SUITE_SZ 80 #define NOT_BUILT_IN -123 #if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3) #define VERSION_TOO_OLD -124 @@ -54,6 +54,7 @@ static char flagSep[] = " "; static char portFlag[] = "-p"; static char svrPort[] = "0"; #endif +static char forceDefCipherListFlag[] = "-U"; #ifndef WOLFSSL_ALLOW_SSLV3 @@ -155,7 +156,7 @@ static int IsValidCipherSuite(const char* line, char* suite) static int execute_test_case(int svr_argc, char** svr_argv, int cli_argc, char** cli_argv, int addNoVerify, int addNonBlocking, - int addDisableEMS) + int addDisableEMS, int forceSrvDefCipherList) { #ifdef WOLFSSL_TIRTOS func_args cliArgs = {0}; @@ -174,20 +175,22 @@ static int execute_test_case(int svr_argc, char** svr_argv, char commandLine[MAX_COMMAND_SZ]; char cipherSuite[MAX_SUITE_SZ+1]; int i; - size_t added = 0; + size_t added; static int tests = 1; + /* Is Valid Cipher and Version Checks */ + /* build command list for the Is checks below */ commandLine[0] = '\0'; - for (i = 0; i < svr_argc; i++) { + added = 0; + for (i = 0; i < svrArgs.argc; i++) { added += XSTRLEN(svr_argv[i]) + 2; if (added >= MAX_COMMAND_SZ) { - printf("server command line too long\n"); + printf("server command line too long\n"); break; } strcat(commandLine, svr_argv[i]); strcat(commandLine, flagSep); } - if (IsValidCipherSuite(commandLine, cipherSuite) == 0) { #ifdef DEBUG_SUITE_TESTS printf("cipher suite %s not supported in build\n", cipherSuite); @@ -203,7 +206,6 @@ static int execute_test_case(int svr_argc, char** svr_argv, return VERSION_TOO_OLD; } #endif - #ifdef NO_OLD_TLS if (IsOldTlsVersion(commandLine) == 1) { #ifdef DEBUG_SUITE_TESTS @@ -213,78 +215,52 @@ static int execute_test_case(int svr_argc, char** svr_argv, } #endif + /* Build Client Command */ if (addNoVerify) { - printf("repeating test with client cert request off\n"); - added += 4; /* -d plus space plus terminator */ - if (added >= MAX_COMMAND_SZ || svr_argc >= MAX_ARGS) + printf("repeating test with client cert request off\n"); + if (svrArgs.argc >= MAX_ARGS) printf("server command line too long\n"); - else { - svr_argv[svr_argc++] = noVerifyFlag; - svrArgs.argc = svr_argc; - strcat(commandLine, noVerifyFlag); - strcat(commandLine, flagSep); - } + else + svr_argv[svrArgs.argc++] = noVerifyFlag; } if (addNonBlocking) { - printf("repeating test with non blocking on\n"); - added += 4; /* -N plus terminator */ - if (added >= MAX_COMMAND_SZ || svr_argc >= MAX_ARGS) + printf("repeating test with non blocking on\n"); + if (svrArgs.argc >= MAX_ARGS) printf("server command line too long\n"); - else { - svr_argv[svr_argc++] = nonblockFlag; - svrArgs.argc = svr_argc; - strcat(commandLine, nonblockFlag); - strcat(commandLine, flagSep); - } + else + svr_argv[svrArgs.argc++] = nonblockFlag; } #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) - /* add port 0 */ - if (svr_argc + 2 > MAX_ARGS) + /* add port */ + if (svrArgs.argc + 2 > MAX_ARGS) printf("cannot add the magic port number flag to server\n"); - else - { - svr_argv[svr_argc++] = portFlag; - svr_argv[svr_argc++] = svrPort; - svrArgs.argc = svr_argc; + else { + svr_argv[svrArgs.argc++] = portFlag; + svr_argv[svrArgs.argc++] = svrPort; } #endif - printf("trying server command line[%d]: %s\n", tests, commandLine); + if (forceSrvDefCipherList) { + if (svrArgs.argc >= MAX_ARGS) + printf("cannot add the force def cipher list flag to server\n"); + else + svr_argv[svrArgs.argc++] = forceDefCipherListFlag; + } + /* update server flags list */ commandLine[0] = '\0'; added = 0; - for (i = 0; i < cli_argc; i++) { - added += XSTRLEN(cli_argv[i]) + 2; + for (i = 0; i < svrArgs.argc; i++) { + added += XSTRLEN(svr_argv[i]) + 2; if (added >= MAX_COMMAND_SZ) { - printf("client command line too long\n"); + printf("server command line too long\n"); break; } - strcat(commandLine, cli_argv[i]); + strcat(commandLine, svr_argv[i]); strcat(commandLine, flagSep); } - if (addNonBlocking) { - added += 4; /* -N plus space plus terminator */ - if (added >= MAX_COMMAND_SZ) - printf("client command line too long\n"); - else { - cli_argv[cli_argc++] = nonblockFlag; - strcat(commandLine, nonblockFlag); - strcat(commandLine, flagSep); - cliArgs.argc = cli_argc; - } - } - if (addDisableEMS) { - printf("repeating test without extended master secret\n"); - added += 4; /* -n plus terminator */ - if (added >= MAX_COMMAND_SZ) - printf("client command line too long\n"); - else { - cli_argv[cli_argc++] = disableEMSFlag; - strcat(commandLine, disableEMSFlag); - strcat(commandLine, flagSep); - cliArgs.argc = cli_argc; - } - } - printf("trying client command line[%d]: %s\n", tests++, commandLine); + printf("trying server command line[%d]: %s\n", tests, commandLine); + + tests++; /* test count */ InitTcpReady(&ready); @@ -296,31 +272,59 @@ static int execute_test_case(int svr_argc, char** svr_argv, svrArgs.signal = &ready; start_thread(server_test, &svrArgs, &serverThread); wait_tcp_ready(&svrArgs); - #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) - if (ready.port != 0) - { - if (cli_argc + 2 > MAX_ARGS) - printf("cannot add the magic port number flag to client\n"); - else { - char portNumber[8]; - snprintf(portNumber, sizeof(portNumber), "%d", ready.port); - cli_argv[cli_argc++] = portFlag; - cli_argv[cli_argc++] = portNumber; - cliArgs.argc = cli_argc; - } + + + /* Build Client Command */ + if (addNonBlocking) { + if (cliArgs.argc >= MAX_ARGS) + printf("cannot add the non block flag to client\n"); + else + cli_argv[cliArgs.argc++] = nonblockFlag; + } + if (addDisableEMS) { + printf("repeating test without extended master secret\n"); + if (cliArgs.argc >= MAX_ARGS) + printf("cannot add the disable EMS flag to client\n"); + else + cli_argv[cliArgs.argc++] = disableEMSFlag; + } +#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) + if (ready.port != 0) { + if (cliArgs.argc + 2 > MAX_ARGS) + printf("cannot add the magic port number flag to client\n"); + else { + char portNumber[8]; + snprintf(portNumber, sizeof(portNumber), "%d", ready.port); + cli_argv[cliArgs.argc++] = portFlag; + cli_argv[cliArgs.argc++] = portNumber; } - #endif + } +#endif + + commandLine[0] = '\0'; + added = 0; + for (i = 0; i < cliArgs.argc; i++) { + added += XSTRLEN(cli_argv[i]) + 2; + if (added >= MAX_COMMAND_SZ) { + printf("client command line too long\n"); + break; + } + strcat(commandLine, cli_argv[i]); + strcat(commandLine, flagSep); + } + printf("trying client command line[%d]: %s\n", tests, commandLine); + /* start client */ client_test(&cliArgs); - /* verify results */ + /* verify results */ if (cliArgs.return_code != 0) { printf("client_test failed\n"); exit(EXIT_FAILURE); } join_thread(serverThread); - if (svrArgs.return_code != 0) { + if (svrArgs.return_code != 0) { printf("server_test failed\n"); exit(EXIT_FAILURE); } @@ -329,7 +333,7 @@ static int execute_test_case(int svr_argc, char** svr_argv, fdCloseSession(Task_self()); #endif FreeTcpReady(&ready); - + return 0; } @@ -393,7 +397,7 @@ static void test_harness(void* vargs) args->return_code = 1; return; } - + fclose(file); script[sz] = 0; @@ -442,7 +446,7 @@ static void test_harness(void* vargs) else svrArgs[svrArgsSz++] = strsep(&cursor, "\n"); if (*cursor == 0) /* eof */ - do_it = 1; + do_it = 1; } if (svrArgsSz == MAX_ARGS || cliArgsSz == MAX_ARGS) { @@ -452,24 +456,28 @@ static void test_harness(void* vargs) if (do_it) { ret = execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 0, 0); + cliArgsSz, cliArgs, 0, 0, 0, 0); /* don't repeat if not supported in build */ if (ret == 0) { + /* test with default cipher list on server side */ execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 1, 0); + cliArgsSz, cliArgs, 0, 0, 0, 1); + execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 1, 0, 0); + cliArgsSz, cliArgs, 0, 1, 0, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 1, 1, 0); + cliArgsSz, cliArgs, 1, 0, 0, 0); + execute_test_case(svrArgsSz, svrArgs, + cliArgsSz, cliArgs, 1, 1, 0, 0); #ifdef HAVE_EXTENDED_MASTER execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 0, 1); + cliArgsSz, cliArgs, 0, 0, 1, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 1, 1); + cliArgsSz, cliArgs, 0, 1, 1, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 1, 0, 1); + cliArgsSz, cliArgs, 1, 0, 1, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 1, 1, 1); + cliArgsSz, cliArgs, 1, 1, 1, 0); #endif } svrArgsSz = 1; diff --git a/tests/test-dtls.conf b/tests/test-dtls.conf index fb4260e62..baf4d40b3 100644 --- a/tests/test-dtls.conf +++ b/tests/test-dtls.conf @@ -1,36 +1,3 @@ -# server DTLSv1 DHE-RSA-CHACHA20-POLY1305 --u --v 2 --l DHE-RSA-CHACHA20-POLY1305 - -# client DTLSv1 DHE-RSA-CHACHA20-POLY1305 --u --v 2 --l DHE-RSA-CHACHA20-POLY1305 - -# server DTLSv1 ECDHE-RSA-CHACHA20-POLY1305 --u --v 2 --l ECDHE-RSA-CHACHA20-POLY1305 - -# client DTLSv1 ECDHE-RSA-CHACHA20-POLY1305 --u --v 2 --l ECDHE-RSA-CHACHA20-POLY1305 - -# server DTLSv1 ECDHE-EDCSA-CHACHA20-POLY1305 --u --v 2 --l ECDHE-ECDSA-CHACHA20-POLY1305 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client DTLSv1 ECDHE-ECDSA-CHACHA20-POLY1305 --u --v 2 --l ECDHE-ECDSA-CHACHA20-POLY1305 --A ./certs/server-ecc.pem - # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 -u -v 3 @@ -223,16 +190,6 @@ -v 3 -l AES256-SHA -# server DTLSv1 AES128-SHA256 --u --v 2 --l AES128-SHA256 - -# client DTLSv1 AES128-SHA256 --u --v 2 --l AES128-SHA256 - # server DTLSv1.2 AES128-SHA256 -u -v 3 @@ -243,16 +200,6 @@ -v 3 -l AES128-SHA256 -# server DTLSv1 AES256-SHA256 --u --v 2 --l AES256-SHA256 - -# client DTLSv1 AES256-SHA256 --u --v 2 --l AES256-SHA256 - # server DTLSv1.2 AES256-SHA256 -u -v 3 @@ -283,12 +230,12 @@ -v 2 -l ECDHE-RSA-DES-CBC3-SHA -# server DTLSv1.1 ECDHE-RSA-AES128 +# server DTLSv1.1 ECDHE-RSA-AES128 -u -v 2 -l ECDHE-RSA-AES128-SHA -# client DTLSv1.1 ECDHE-RSA-AES128 +# client DTLSv1.1 ECDHE-RSA-AES128 -u -v 2 -l ECDHE-RSA-AES128-SHA @@ -323,12 +270,12 @@ -v 3 -l ECDHE-RSA-DES-CBC3-SHA -# server DTLSv1.2 ECDHE-RSA-AES128 +# server DTLSv1.2 ECDHE-RSA-AES128 -u -v 3 -l ECDHE-RSA-AES128-SHA -# client DTLSv1.2 ECDHE-RSA-AES128 +# client DTLSv1.2 ECDHE-RSA-AES128 -u -v 3 -l ECDHE-RSA-AES128-SHA @@ -338,7 +285,7 @@ -v 3 -l ECDHE-RSA-AES128-SHA256 -# client DTLSv1.2 ECDHE-RSA-AES128-SHA256 +# client DTLSv1.2 ECDHE-RSA-AES128-SHA256 -u -v 3 -l ECDHE-RSA-AES128-SHA256 @@ -418,14 +365,14 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -# server DTLSv1.1 ECDHE-ECDSA-AES128 +# server DTLSv1.1 ECDHE-ECDSA-AES128 -u -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client DTLSv1.1 ECDHE-ECDSA-AES128 +# client DTLSv1.1 ECDHE-ECDSA-AES128 -u -v 2 -l ECDHE-ECDSA-AES128-SHA @@ -470,14 +417,14 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -# server DTLSv1.2 ECDHE-ECDSA-AES128 +# server DTLSv1.2 ECDHE-ECDSA-AES128 -u -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client DTLSv1.2 ECDHE-ECDSA-AES128 +# client DTLSv1.2 ECDHE-ECDSA-AES128 -u -v 3 -l ECDHE-ECDSA-AES128-SHA @@ -533,14 +480,14 @@ -v 2 -l ECDH-RSA-DES-CBC3-SHA -# server DTLSv1.1 ECDH-RSA-AES128 +# server DTLSv1.1 ECDH-RSA-AES128 -u -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -# client DTLSv1.1 ECDH-RSA-AES128 +# client DTLSv1.1 ECDH-RSA-AES128 -u -v 2 -l ECDH-RSA-AES128-SHA @@ -581,26 +528,26 @@ -v 3 -l ECDH-RSA-DES-CBC3-SHA -# server DTLSv1.2 ECDH-RSA-AES128 +# server DTLSv1.2 ECDH-RSA-AES128 -u -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -# client DTLSv1.2 ECDH-RSA-AES128 +# client DTLSv1.2 ECDH-RSA-AES128 -u -v 3 -l ECDH-RSA-AES128-SHA -# server DTLSv1.2 ECDH-RSA-AES128-SHA256 +# server DTLSv1.2 ECDH-RSA-AES128-SHA256 -u -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -# client DTLSv1.2 ECDH-RSA-AES128-SHA256 +# client DTLSv1.2 ECDH-RSA-AES128-SHA256 -u -v 3 -l ECDH-RSA-AES128-SHA256 @@ -643,14 +590,14 @@ -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -# server DTLSv1.1 ECDH-ECDSA-AES128 +# server DTLSv1.1 ECDH-ECDSA-AES128 -u -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client DTLSv1.1 ECDH-ECDSA-AES128 +# client DTLSv1.1 ECDH-ECDSA-AES128 -u -v 2 -l ECDH-ECDSA-AES128-SHA @@ -695,14 +642,14 @@ -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -# server DTLSv1.2 ECDH-ECDSA-AES128 +# server DTLSv1.2 ECDH-ECDSA-AES128 -u -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client DTLSv1.2 ECDH-ECDSA-AES128 +# client DTLSv1.2 ECDH-ECDSA-AES128 -u -v 3 -l ECDH-ECDSA-AES128-SHA @@ -715,7 +662,7 @@ -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 +# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -u -v 3 -l ECDH-ECDSA-AES128-SHA256 @@ -734,12 +681,12 @@ -l ECDH-ECDSA-AES256-SHA -A ./certs/server-ecc.pem -# server DTLSv1.2 ECDHE-RSA-AES256-SHA384 +# server DTLSv1.2 ECDHE-RSA-AES256-SHA384 -u -v 3 -l ECDHE-RSA-AES256-SHA384 -# client DTLSv1.2 ECDHE-RSA-AES256-SHA384 +# client DTLSv1.2 ECDHE-RSA-AES256-SHA384 -u -v 3 -l ECDHE-RSA-AES256-SHA384 @@ -757,14 +704,14 @@ -l ECDHE-ECDSA-AES256-SHA384 -A ./certs/server-ecc.pem -# server DTLSv1.2 ECDH-RSA-AES256-SHA384 +# server DTLSv1.2 ECDH-RSA-AES256-SHA384 -u -v 3 -l ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -# client DTLSv1.2 ECDH-RSA-AES256-SHA384 +# client DTLSv1.2 ECDH-RSA-AES256-SHA384 -u -v 3 -l ECDH-RSA-AES256-SHA384 @@ -776,7 +723,7 @@ -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 +# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -u -v 3 -l ECDH-ECDSA-AES256-SHA384 @@ -926,14 +873,14 @@ -v 3 -l PSK-AES256-CBC-SHA384 -# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -u -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -u -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 @@ -952,14 +899,14 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/server-ecc.pem -# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 +# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -u -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 +# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -u -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 @@ -978,12 +925,12 @@ -l ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/server-ecc.pem -# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 +# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -u -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 +# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -u -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 @@ -998,14 +945,14 @@ -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 +# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -u -v 3 -l ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 +# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -u -v 3 -l ECDH-RSA-AES128-GCM-SHA256 diff --git a/tests/test.conf b/tests/test.conf index 37f672ab0..057ea8857 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -1,30 +1,3 @@ -# server TLSv1.1 DHE-RSA-CHACHA20-POLY1305 --v 2 --l DHE-RSA-CHACHA20-POLY1305 - -# client TLSv1.1 DHE-RSA-CHACHA20-POLY1305 --v 2 --l DHE-RSA-CHACHA20-POLY1305 - -# server TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305 --v 2 --l ECDHE-RSA-CHACHA20-POLY1305 - -# client TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305 --v 2 --l ECDHE-RSA-CHACHA20-POLY1305 - -# server TLSv1.1 ECDHE-EDCSA-CHACHA20-POLY1305 --v 2 --l ECDHE-ECDSA-CHACHA20-POLY1305 --c ./certs/server-ecc.pem --k ./certs/ecc-key.pem - -# client TLSv1.1 ECDHE-ECDSA-CHACHA20-POLY1305 --v 2 --l ECDHE-ECDSA-CHACHA20-POLY1305 --A ./certs/server-ecc.pem - # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l DHE-RSA-CHACHA20-POLY1305 @@ -189,22 +162,6 @@ -v 1 -l AES256-SHA -# server TLSv1 AES128-SHA256 --v 1 --l AES128-SHA256 - -# client TLSv1 AES128-SHA256 --v 1 --l AES128-SHA256 - -# server TLSv1 AES256-SHA256 --v 1 --l AES256-SHA256 - -# client TLSv1 AES256-SHA256 --v 1 --l AES256-SHA256 - # server TLSv1.1 RC4-SHA -v 2 -l RC4-SHA @@ -245,30 +202,6 @@ -v 2 -l AES128-SHA -# server TLSv1.1 AES256-SHA --v 2 --l AES256-SHA - -# client TLSv1.1 AES256-SHA --v 2 --l AES256-SHA - -# server TLSv1.1 AES128-SHA256 --v 2 --l AES128-SHA256 - -# client TLSv1.1 AES128-SHA256 --v 2 --l AES128-SHA256 - -# server TLSv1.1 AES256-SHA256 --v 2 --l AES256-SHA256 - -# client TLSv1.1 AES256-SHA256 --v 2 --l AES256-SHA256 - # server TLSv1.2 RC4-SHA -v 3 -l RC4-SHA @@ -341,11 +274,11 @@ -v 1 -l ECDHE-RSA-DES-CBC3-SHA -# server TLSv1 ECDHE-RSA-AES128 +# server TLSv1 ECDHE-RSA-AES128 -v 1 -l ECDHE-RSA-AES128-SHA -# client TLSv1 ECDHE-RSA-AES128 +# client TLSv1 ECDHE-RSA-AES128 -v 1 -l ECDHE-RSA-AES128-SHA @@ -373,11 +306,11 @@ -v 2 -l ECDHE-RSA-DES-CBC3-SHA -# server TLSv1.1 ECDHE-RSA-AES128 +# server TLSv1.1 ECDHE-RSA-AES128 -v 2 -l ECDHE-RSA-AES128-SHA -# client TLSv1.1 ECDHE-RSA-AES128 +# client TLSv1.1 ECDHE-RSA-AES128 -v 2 -l ECDHE-RSA-AES128-SHA @@ -405,11 +338,11 @@ -v 3 -l ECDHE-RSA-DES-CBC3-SHA -# server TLSv1.2 ECDHE-RSA-AES128 +# server TLSv1.2 ECDHE-RSA-AES128 -v 3 -l ECDHE-RSA-AES128-SHA -# client TLSv1.2 ECDHE-RSA-AES128 +# client TLSv1.2 ECDHE-RSA-AES128 -v 3 -l ECDHE-RSA-AES128-SHA @@ -417,7 +350,7 @@ -v 3 -l ECDHE-RSA-AES128-SHA256 -# client TLSv1.2 ECDHE-RSA-AES128-SHA256 +# client TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l ECDHE-RSA-AES128-SHA256 @@ -484,13 +417,13 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -# server TLSv1 ECDHE-ECDSA-AES128 +# server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client TLSv1 ECDHE-ECDSA-AES128 +# client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem @@ -528,13 +461,13 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -# server TLSv1.1 ECDHE-ECDSA-AES128 +# server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client TLSv1.1 ECDHE-ECDSA-AES128 +# client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem @@ -572,13 +505,13 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -# server TLSv1.2 ECDHE-ECDSA-AES128 +# server TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client TLSv1.2 ECDHE-ECDSA-AES128 +# client TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/server-ecc.pem @@ -625,13 +558,13 @@ -v 1 -l ECDH-RSA-DES-CBC3-SHA -# server TLSv1 ECDH-RSA-AES128 +# server TLSv1 ECDH-RSA-AES128 -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -# client TLSv1 ECDH-RSA-AES128 +# client TLSv1 ECDH-RSA-AES128 -v 1 -l ECDH-RSA-AES128-SHA @@ -665,13 +598,13 @@ -v 2 -l ECDH-RSA-DES-CBC3-SHA -# server TLSv1.1 ECDH-RSA-AES128 +# server TLSv1.1 ECDH-RSA-AES128 -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -# client TLSv1.1 ECDH-RSA-AES128 +# client TLSv1.1 ECDH-RSA-AES128 -v 2 -l ECDH-RSA-AES128-SHA @@ -705,23 +638,23 @@ -v 3 -l ECDH-RSA-DES-CBC3-SHA -# server TLSv1.2 ECDH-RSA-AES128 +# server TLSv1.2 ECDH-RSA-AES128 -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -# client TLSv1.2 ECDH-RSA-AES128 +# client TLSv1.2 ECDH-RSA-AES128 -v 3 -l ECDH-RSA-AES128-SHA -# server TLSv1.2 ECDH-RSA-AES128-SHA256 +# server TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -# client TLSv1.2 ECDH-RSA-AES128-SHA256 +# client TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l ECDH-RSA-AES128-SHA256 @@ -757,13 +690,13 @@ -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -# server TLSv1 ECDH-ECDSA-AES128 +# server TLSv1 ECDH-ECDSA-AES128 -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client TLSv1 ECDH-ECDSA-AES128 +# client TLSv1 ECDH-ECDSA-AES128 -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem @@ -801,13 +734,13 @@ -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -# server TLSv1.1 ECDH-ECDSA-AES128 +# server TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client TLSv1.1 ECDH-ECDSA-AES128 +# client TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem @@ -845,13 +778,13 @@ -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/server-ecc.pem -# server TLSv1.2 ECDH-ECDSA-AES128 +# server TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client TLSv1.2 ECDH-ECDSA-AES128 +# client TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/server-ecc.pem @@ -862,7 +795,7 @@ -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client TLSv1.2 ECDH-ECDSA-AES128-SHA256 +# client TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/server-ecc.pem @@ -882,7 +815,7 @@ -v 3 -l ECDHE-RSA-AES256-SHA384 -# client TLSv1.2 ECDHE-RSA-AES256-SHA384 +# client TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l ECDHE-RSA-AES256-SHA384 @@ -897,13 +830,13 @@ -l ECDHE-ECDSA-AES256-SHA384 -A ./certs/server-ecc.pem -# server TLSv1.2 ECDH-RSA-AES256-SHA384 +# server TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -# client TLSv1.2 ECDH-RSA-AES256-SHA384 +# client TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l ECDH-RSA-AES256-SHA384 @@ -913,7 +846,7 @@ -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client TLSv1.2 ECDH-ECDSA-AES256-SHA384 +# client TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l ECDH-ECDSA-AES256-SHA384 -A ./certs/server-ecc.pem @@ -1078,22 +1011,6 @@ -v 1 -l DHE-RSA-AES256-SHA -# server TLSv1 DHE AES128-SHA256 --v 1 --l DHE-RSA-AES128-SHA256 - -# client TLSv1 DHE AES128-SHA256 --v 1 --l DHE-RSA-AES128-SHA256 - -# server TLSv1 DHE AES256-SHA256 --v 1 --l DHE-RSA-AES256-SHA256 - -# client TLSv1 DHE AES256-SHA256 --v 1 --l DHE-RSA-AES256-SHA256 - # server TLSv1.1 DHE AES128 -v 2 -l DHE-RSA-AES128-SHA @@ -1110,22 +1027,6 @@ -v 2 -l DHE-RSA-AES256-SHA -# server TLSv1.1 DHE AES128-SHA256 --v 2 --l DHE-RSA-AES128-SHA256 - -# client TLSv1.1 DHE AES128-SHA256 --v 2 --l DHE-RSA-AES128-SHA256 - -# server TLSv1.1 DHE AES256-SHA256 --v 2 --l DHE-RSA-AES256-SHA256 - -# client TLSv1.1 DHE AES256-SHA256 --v 2 --l DHE-RSA-AES256-SHA256 - # server TLSv1.1 DHE 3DES -v 2 -l EDH-RSA-DES-CBC3-SHA @@ -1664,11 +1565,11 @@ -v 3 -l DHE-RSA-CAMELLIA256-SHA256 -# server TLSv1.2 RSA-AES128-GCM-SHA256 +# server TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l AES128-GCM-SHA256 -# client TLSv1.2 RSA-AES128-GCM-SHA256 +# client TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l AES128-GCM-SHA256 @@ -1680,13 +1581,13 @@ -v 3 -l AES256-GCM-SHA384 -# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/server-ecc.pem @@ -1702,13 +1603,13 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/server-ecc.pem -# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 +# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 +# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/server-ecc.pem @@ -1724,11 +1625,11 @@ -l ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/server-ecc.pem -# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 @@ -1740,13 +1641,13 @@ -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 +# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem -# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 +# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l ECDH-RSA-AES128-GCM-SHA256 @@ -1760,11 +1661,11 @@ -v 3 -l ECDH-RSA-AES256-GCM-SHA384 -# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l DHE-RSA-AES128-GCM-SHA256 -# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l DHE-RSA-AES128-GCM-SHA256