Added test for server to use the default cipher suite list using new “-U” option. This allows the InitSuites logic to be used for determining cipher suites instead of always overriding using the “-l” option. Now both versions are used, so tests are done with wolfSSL_CTX_set_cipher_list and InitSuites. Removed a few cipher suite tests from test.conf that are not valid with old TLS. These were not picked up as failures before because wolfSSL_CTX_set_cipher_list matched on name only, allowing older versions to use the suite.

2017-04-04 14:31:47 -07:00 · 2017-04-04 14:31:47 -07:00 · 4dcad96f97
parent b827380baf
commit 4dcad96f97
4 changed files with 181 additions and 318 deletions
--- a/examples/server/server.c
+++ b/examples/server/server.c
@ -267,6 +267,7 @@ static void Usage(void)
 #endif
    printf("-g          Return basic HTML web page\n");
    printf("-C <num>    The number of connections to accept, default: 1\n");
    printf("-U          Force use of the default cipher suite list\n");
 }
 THREAD_RETURN CYASSL_THREAD server_test(void* args)
@ -319,6 +320,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    char*  alpnList = NULL;
    unsigned char alpn_opt = 0;
    char*  cipherList = NULL;
    int    useDefCipherList = 0;
    const char* verifyCert = cliCertFile;
    const char* ourCert    = svrCertFile;
    const char* ourKey     = svrKeyFile;
@ -391,7 +393,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    useAnyAddr = 1;
 #else
    while ((ch = mygetopt(argc, argv,
-               "?jdbstnNuGfrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:E:q:gC:")) != -1) {
+               "?jdbstnNuGfrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:E:q:gC:U")) != -1) {
        switch (ch) {
            case '?' :
                Usage();
@ -475,6 +477,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
                cipherList = myoptarg;
                break;
            case 'U' :
                useDefCipherList = 1;
                break;
            case 'A' :
                verifyCert = myoptarg;
                break;
@ -716,9 +722,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
    wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
 #endif
-    if (cipherList)
+    if (cipherList && !useDefCipherList) {
        if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
            err_sys("server can't set cipher list 1");
    }
 #ifdef CYASSL_LEANPSK
    if (!usePsk) {
--- a/tests/suites.c
+++ b/tests/suites.c
@ -35,7 +35,7 @@
 #define MAX_ARGS 40
 #define MAX_COMMAND_SZ 240
-#define MAX_SUITE_SZ 80 
+#define MAX_SUITE_SZ 80
 #define NOT_BUILT_IN -123
 #if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3)
    #define VERSION_TOO_OLD -124
@ -54,6 +54,7 @@ static char flagSep[] = " ";
    static char portFlag[] = "-p";
    static char svrPort[] = "0";
 #endif
 static char forceDefCipherListFlag[] = "-U";
 #ifndef WOLFSSL_ALLOW_SSLV3
@ -155,7 +156,7 @@ static int IsValidCipherSuite(const char* line, char* suite)
 static int execute_test_case(int svr_argc, char** svr_argv,
                              int cli_argc, char** cli_argv,
                              int addNoVerify, int addNonBlocking,
-                              int addDisableEMS)
+                              int addDisableEMS, int forceSrvDefCipherList)
 {
 #ifdef WOLFSSL_TIRTOS
    func_args cliArgs = {0};
@ -174,20 +175,22 @@ static int execute_test_case(int svr_argc, char** svr_argv,
    char        commandLine[MAX_COMMAND_SZ];
    char        cipherSuite[MAX_SUITE_SZ+1];
    int         i;
-    size_t      added = 0;
+    size_t      added;
    static      int tests = 1;
    /* Is Valid Cipher and Version Checks */
    /* build command list for the Is checks below */
    commandLine[0] = '\0';
-    for (i = 0; i < svr_argc; i++) {
+    added = 0;
    for (i = 0; i < svrArgs.argc; i++) {
        added += XSTRLEN(svr_argv[i]) + 2;
        if (added >= MAX_COMMAND_SZ) {
-            printf("server command line too long\n"); 
+            printf("server command line too long\n");
            break;
        }
        strcat(commandLine, svr_argv[i]);
        strcat(commandLine, flagSep);
    }
    if (IsValidCipherSuite(commandLine, cipherSuite) == 0) {
        #ifdef DEBUG_SUITE_TESTS
            printf("cipher suite %s not supported in build\n", cipherSuite);
@ -203,7 +206,6 @@ static int execute_test_case(int svr_argc, char** svr_argv,
        return VERSION_TOO_OLD;
    }
 #endif
 #ifdef NO_OLD_TLS
    if (IsOldTlsVersion(commandLine) == 1) {
        #ifdef DEBUG_SUITE_TESTS
@ -213,78 +215,52 @@ static int execute_test_case(int svr_argc, char** svr_argv,
    }
 #endif
    /* Build Client Command */
    if (addNoVerify) {
-        printf("repeating test with client cert request off\n"); 
+        printf("repeating test with client cert request off\n");
-        added += 4;   /* -d plus space plus terminator */
+        if (svrArgs.argc >= MAX_ARGS)
        if (added >= MAX_COMMAND_SZ || svr_argc >= MAX_ARGS)
            printf("server command line too long\n");
-        else {
+        else
-            svr_argv[svr_argc++] = noVerifyFlag;
+            svr_argv[svrArgs.argc++] = noVerifyFlag;
            svrArgs.argc = svr_argc;
            strcat(commandLine, noVerifyFlag);
            strcat(commandLine, flagSep);
        }
    }
    if (addNonBlocking) {
-        printf("repeating test with non blocking on\n"); 
+        printf("repeating test with non blocking on\n");
-        added += 4;   /* -N plus terminator */
+        if (svrArgs.argc >= MAX_ARGS)
        if (added >= MAX_COMMAND_SZ || svr_argc >= MAX_ARGS)
            printf("server command line too long\n");
-        else {
+        else
-            svr_argv[svr_argc++] = nonblockFlag;
+            svr_argv[svrArgs.argc++] = nonblockFlag;
            svrArgs.argc = svr_argc;
            strcat(commandLine, nonblockFlag);
            strcat(commandLine, flagSep);
        }
    }
    #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
-        /* add port 0 */
+        /* add port */
-        if (svr_argc + 2 > MAX_ARGS)
+        if (svrArgs.argc + 2 > MAX_ARGS)
            printf("cannot add the magic port number flag to server\n");
-        else
+        else {
-        {
+            svr_argv[svrArgs.argc++] = portFlag;
-            svr_argv[svr_argc++] = portFlag;
+            svr_argv[svrArgs.argc++] = svrPort;
            svr_argv[svr_argc++] = svrPort;
            svrArgs.argc = svr_argc;
        }
    #endif
-    printf("trying server command line[%d]: %s\n", tests, commandLine);
+    if (forceSrvDefCipherList) {
        if (svrArgs.argc >= MAX_ARGS)
            printf("cannot add the force def cipher list flag to server\n");
        else
            svr_argv[svrArgs.argc++] = forceDefCipherListFlag;
    }
    /* update server flags list */
    commandLine[0] = '\0';
    added = 0;
-    for (i = 0; i < cli_argc; i++) {
+    for (i = 0; i < svrArgs.argc; i++) {
-        added += XSTRLEN(cli_argv[i]) + 2;
+        added += XSTRLEN(svr_argv[i]) + 2;
        if (added >= MAX_COMMAND_SZ) {
-            printf("client command line too long\n"); 
+            printf("server command line too long\n");
            break;
        }
-        strcat(commandLine, cli_argv[i]);
+        strcat(commandLine, svr_argv[i]);
        strcat(commandLine, flagSep);
    }
-    if (addNonBlocking) {
+    printf("trying server command line[%d]: %s\n", tests, commandLine);
-        added += 4;   /* -N plus space plus terminator  */
+
-        if (added >= MAX_COMMAND_SZ)
+    tests++; /* test count */
            printf("client command line too long\n");
        else  {
            cli_argv[cli_argc++] = nonblockFlag;
            strcat(commandLine, nonblockFlag);
            strcat(commandLine, flagSep);
            cliArgs.argc = cli_argc;
        }
    }
    if (addDisableEMS) {
        printf("repeating test without extended master secret\n");
        added += 4;   /* -n plus terminator */
        if (added >= MAX_COMMAND_SZ)
            printf("client command line too long\n");
        else {
            cli_argv[cli_argc++] = disableEMSFlag;
            strcat(commandLine, disableEMSFlag);
            strcat(commandLine, flagSep);
            cliArgs.argc = cli_argc;
        }
    }
    printf("trying client command line[%d]: %s\n", tests++, commandLine);
    InitTcpReady(&ready);
@ -296,31 +272,59 @@ static int execute_test_case(int svr_argc, char** svr_argv,
    svrArgs.signal = &ready;
    start_thread(server_test, &svrArgs, &serverThread);
    wait_tcp_ready(&svrArgs);
-    #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
+
-        if (ready.port != 0)
+
-        {
+    /* Build Client Command */
-            if (cli_argc + 2 > MAX_ARGS)
+    if (addNonBlocking) {
-                printf("cannot add the magic port number flag to client\n");
+        if (cliArgs.argc >= MAX_ARGS)
-            else {
+            printf("cannot add the non block flag to client\n");
-                char portNumber[8];
+        else
-                snprintf(portNumber, sizeof(portNumber), "%d", ready.port);
+            cli_argv[cliArgs.argc++] = nonblockFlag;
-                cli_argv[cli_argc++] = portFlag;
+    }
-                cli_argv[cli_argc++] = portNumber;
+    if (addDisableEMS) {
-                cliArgs.argc = cli_argc;
+        printf("repeating test without extended master secret\n");
-            }
+        if (cliArgs.argc >= MAX_ARGS)
            printf("cannot add the disable EMS flag to client\n");
        else
            cli_argv[cliArgs.argc++] = disableEMSFlag;
    }
 #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
    if (ready.port != 0) {
        if (cliArgs.argc + 2 > MAX_ARGS)
            printf("cannot add the magic port number flag to client\n");
        else {
            char portNumber[8];
            snprintf(portNumber, sizeof(portNumber), "%d", ready.port);
            cli_argv[cliArgs.argc++] = portFlag;
            cli_argv[cliArgs.argc++] = portNumber;
        }
-    #endif
+    }
 #endif
    commandLine[0] = '\0';
    added = 0;
    for (i = 0; i < cliArgs.argc; i++) {
        added += XSTRLEN(cli_argv[i]) + 2;
        if (added >= MAX_COMMAND_SZ) {
            printf("client command line too long\n");
            break;
        }
        strcat(commandLine, cli_argv[i]);
        strcat(commandLine, flagSep);
    }
    printf("trying client command line[%d]: %s\n", tests, commandLine);
    /* start client */
    client_test(&cliArgs);
-    /* verify results */ 
+    /* verify results */
    if (cliArgs.return_code != 0) {
        printf("client_test failed\n");
        exit(EXIT_FAILURE);
    }
    join_thread(serverThread);
-    if (svrArgs.return_code != 0) { 
+    if (svrArgs.return_code != 0) {
        printf("server_test failed\n");
        exit(EXIT_FAILURE);
    }
@ -329,7 +333,7 @@ static int execute_test_case(int svr_argc, char** svr_argv,
    fdCloseSession(Task_self());
 #endif
    FreeTcpReady(&ready);
-    
+
    return 0;
 }
@ -393,7 +397,7 @@ static void test_harness(void* vargs)
        args->return_code = 1;
        return;
    }
-    
+
    fclose(file);
    script[sz] = 0;
@ -442,7 +446,7 @@ static void test_harness(void* vargs)
                else
                    svrArgs[svrArgsSz++] = strsep(&cursor, "\n");
                if (*cursor == 0)  /* eof */
-                    do_it = 1; 
+                    do_it = 1;
        }
        if (svrArgsSz == MAX_ARGS || cliArgsSz == MAX_ARGS) {
@ -452,24 +456,28 @@ static void test_harness(void* vargs)
        if (do_it) {
            ret = execute_test_case(svrArgsSz, svrArgs,
-                                    cliArgsSz, cliArgs, 0, 0, 0);
+                                    cliArgsSz, cliArgs, 0, 0, 0, 0);
            /* don't repeat if not supported in build */
            if (ret == 0) {
                /* test with default cipher list on server side */
                execute_test_case(svrArgsSz, svrArgs,
-                                  cliArgsSz, cliArgs, 0, 1, 0);
+                                  cliArgsSz, cliArgs, 0, 0, 0, 1);
                execute_test_case(svrArgsSz, svrArgs,
-                                  cliArgsSz, cliArgs, 1, 0, 0);
+                                  cliArgsSz, cliArgs, 0, 1, 0, 0);
                execute_test_case(svrArgsSz, svrArgs,
-                                  cliArgsSz, cliArgs, 1, 1, 0);
+                                  cliArgsSz, cliArgs, 1, 0, 0, 0);
                execute_test_case(svrArgsSz, svrArgs,
                                  cliArgsSz, cliArgs, 1, 1, 0, 0);
 #ifdef HAVE_EXTENDED_MASTER
                execute_test_case(svrArgsSz, svrArgs,
-                                  cliArgsSz, cliArgs, 0, 0, 1);
+                                  cliArgsSz, cliArgs, 0, 0, 1, 0);
                execute_test_case(svrArgsSz, svrArgs,
-                                  cliArgsSz, cliArgs, 0, 1, 1);
+                                  cliArgsSz, cliArgs, 0, 1, 1, 0);
                execute_test_case(svrArgsSz, svrArgs,
-                                  cliArgsSz, cliArgs, 1, 0, 1);
+                                  cliArgsSz, cliArgs, 1, 0, 1, 0);
                execute_test_case(svrArgsSz, svrArgs,
-                                  cliArgsSz, cliArgs, 1, 1, 1);
+                                  cliArgsSz, cliArgs, 1, 1, 1, 0);
 #endif
            }
            svrArgsSz = 1;
--- a/tests/test-dtls.conf
+++ b/tests/test-dtls.conf
@ -1,36 +1,3 @@
 # server DTLSv1 DHE-RSA-CHACHA20-POLY1305
 -u
 -v 2
 -l DHE-RSA-CHACHA20-POLY1305
 # client DTLSv1 DHE-RSA-CHACHA20-POLY1305
 -u
 -v 2
 -l DHE-RSA-CHACHA20-POLY1305
 # server DTLSv1 ECDHE-RSA-CHACHA20-POLY1305
 -u
 -v 2
 -l ECDHE-RSA-CHACHA20-POLY1305
 # client DTLSv1 ECDHE-RSA-CHACHA20-POLY1305
 -u
 -v 2
 -l ECDHE-RSA-CHACHA20-POLY1305
 # server DTLSv1 ECDHE-EDCSA-CHACHA20-POLY1305
 -u
 -v 2
 -l ECDHE-ECDSA-CHACHA20-POLY1305
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client DTLSv1 ECDHE-ECDSA-CHACHA20-POLY1305
 -u
 -v 2
 -l ECDHE-ECDSA-CHACHA20-POLY1305
 -A ./certs/server-ecc.pem
 # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305
 -u
 -v 3
@ -223,16 +190,6 @@
 -v 3
 -l AES256-SHA
 # server DTLSv1 AES128-SHA256
 -u
 -v 2
 -l AES128-SHA256
 # client DTLSv1 AES128-SHA256
 -u
 -v 2
 -l AES128-SHA256
 # server DTLSv1.2 AES128-SHA256
 -u
 -v 3
@ -243,16 +200,6 @@
 -v 3
 -l AES128-SHA256
 # server DTLSv1 AES256-SHA256
 -u
 -v 2
 -l AES256-SHA256
 # client DTLSv1 AES256-SHA256
 -u
 -v 2
 -l AES256-SHA256
 # server DTLSv1.2 AES256-SHA256
 -u
 -v 3
@ -283,12 +230,12 @@
 -v 2
 -l ECDHE-RSA-DES-CBC3-SHA
-# server DTLSv1.1 ECDHE-RSA-AES128 
+# server DTLSv1.1 ECDHE-RSA-AES128
 -u
 -v 2
 -l ECDHE-RSA-AES128-SHA
-# client DTLSv1.1 ECDHE-RSA-AES128 
+# client DTLSv1.1 ECDHE-RSA-AES128
 -u
 -v 2
 -l ECDHE-RSA-AES128-SHA
@ -323,12 +270,12 @@
 -v 3
 -l ECDHE-RSA-DES-CBC3-SHA
-# server DTLSv1.2 ECDHE-RSA-AES128 
+# server DTLSv1.2 ECDHE-RSA-AES128
 -u
 -v 3
 -l ECDHE-RSA-AES128-SHA
-# client DTLSv1.2 ECDHE-RSA-AES128 
+# client DTLSv1.2 ECDHE-RSA-AES128
 -u
 -v 3
 -l ECDHE-RSA-AES128-SHA
@ -338,7 +285,7 @@
 -v 3
 -l ECDHE-RSA-AES128-SHA256
-# client DTLSv1.2 ECDHE-RSA-AES128-SHA256 
+# client DTLSv1.2 ECDHE-RSA-AES128-SHA256
 -u
 -v 3
 -l ECDHE-RSA-AES128-SHA256
@ -418,14 +365,14 @@
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
-# server DTLSv1.1 ECDHE-ECDSA-AES128 
+# server DTLSv1.1 ECDHE-ECDSA-AES128
 -u
 -v 2
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client DTLSv1.1 ECDHE-ECDSA-AES128 
+# client DTLSv1.1 ECDHE-ECDSA-AES128
 -u
 -v 2
 -l ECDHE-ECDSA-AES128-SHA
@ -470,14 +417,14 @@
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
-# server DTLSv1.2 ECDHE-ECDSA-AES128 
+# server DTLSv1.2 ECDHE-ECDSA-AES128
 -u
 -v 3
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client DTLSv1.2 ECDHE-ECDSA-AES128 
+# client DTLSv1.2 ECDHE-ECDSA-AES128
 -u
 -v 3
 -l ECDHE-ECDSA-AES128-SHA
@ -533,14 +480,14 @@
 -v 2
 -l ECDH-RSA-DES-CBC3-SHA
-# server DTLSv1.1 ECDH-RSA-AES128 
+# server DTLSv1.1 ECDH-RSA-AES128
 -u
 -v 2
 -l ECDH-RSA-AES128-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
-# client DTLSv1.1 ECDH-RSA-AES128 
+# client DTLSv1.1 ECDH-RSA-AES128
 -u
 -v 2
 -l ECDH-RSA-AES128-SHA
@ -581,26 +528,26 @@
 -v 3
 -l ECDH-RSA-DES-CBC3-SHA
-# server DTLSv1.2 ECDH-RSA-AES128 
+# server DTLSv1.2 ECDH-RSA-AES128
 -u
 -v 3
 -l ECDH-RSA-AES128-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
-# client DTLSv1.2 ECDH-RSA-AES128 
+# client DTLSv1.2 ECDH-RSA-AES128
 -u
 -v 3
 -l ECDH-RSA-AES128-SHA
-# server DTLSv1.2 ECDH-RSA-AES128-SHA256 
+# server DTLSv1.2 ECDH-RSA-AES128-SHA256
 -u
 -v 3
 -l ECDH-RSA-AES128-SHA256
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
-# client DTLSv1.2 ECDH-RSA-AES128-SHA256 
+# client DTLSv1.2 ECDH-RSA-AES128-SHA256
 -u
 -v 3
 -l ECDH-RSA-AES128-SHA256
@ -643,14 +590,14 @@
 -l ECDH-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
-# server DTLSv1.1 ECDH-ECDSA-AES128 
+# server DTLSv1.1 ECDH-ECDSA-AES128
 -u
 -v 2
 -l ECDH-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client DTLSv1.1 ECDH-ECDSA-AES128 
+# client DTLSv1.1 ECDH-ECDSA-AES128
 -u
 -v 2
 -l ECDH-ECDSA-AES128-SHA
@ -695,14 +642,14 @@
 -l ECDH-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
-# server DTLSv1.2 ECDH-ECDSA-AES128 
+# server DTLSv1.2 ECDH-ECDSA-AES128
 -u
 -v 3
 -l ECDH-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client DTLSv1.2 ECDH-ECDSA-AES128 
+# client DTLSv1.2 ECDH-ECDSA-AES128
 -u
 -v 3
 -l ECDH-ECDSA-AES128-SHA
@ -715,7 +662,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 
+# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256
 -u
 -v 3
 -l ECDH-ECDSA-AES128-SHA256
@ -734,12 +681,12 @@
 -l ECDH-ECDSA-AES256-SHA
 -A ./certs/server-ecc.pem
-# server DTLSv1.2 ECDHE-RSA-AES256-SHA384 
+# server DTLSv1.2 ECDHE-RSA-AES256-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-SHA384
-# client DTLSv1.2 ECDHE-RSA-AES256-SHA384 
+# client DTLSv1.2 ECDHE-RSA-AES256-SHA384
 -u
 -v 3
 -l ECDHE-RSA-AES256-SHA384
@ -757,14 +704,14 @@
 -l ECDHE-ECDSA-AES256-SHA384
 -A ./certs/server-ecc.pem
-# server DTLSv1.2 ECDH-RSA-AES256-SHA384 
+# server DTLSv1.2 ECDH-RSA-AES256-SHA384
 -u
 -v 3
 -l ECDH-RSA-AES256-SHA384
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
-# client DTLSv1.2 ECDH-RSA-AES256-SHA384 
+# client DTLSv1.2 ECDH-RSA-AES256-SHA384
 -u
 -v 3
 -l ECDH-RSA-AES256-SHA384
@ -776,7 +723,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 
+# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384
 -u
 -v 3
 -l ECDH-ECDSA-AES256-SHA384
@ -926,14 +873,14 @@
 -v 3
 -l PSK-AES256-CBC-SHA384
-# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 
+# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
 -u
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 
+# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
 -u
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
@ -952,14 +899,14 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/server-ecc.pem
-# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 
+# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
 -u
 -v 3
 -l ECDH-ECDSA-AES128-GCM-SHA256
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 
+# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
 -u
 -v 3
 -l ECDH-ECDSA-AES128-GCM-SHA256
@ -978,12 +925,12 @@
 -l ECDH-ECDSA-AES256-GCM-SHA384
 -A ./certs/server-ecc.pem
-# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 
+# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 -u
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
-# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 
+# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 -u
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
@ -998,14 +945,14 @@
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
-# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 
+# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
 -u
 -v 3
 -l ECDH-RSA-AES128-GCM-SHA256
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
-# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 
+# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
 -u
 -v 3
 -l ECDH-RSA-AES128-GCM-SHA256
--- a/tests/test.conf
+++ b/tests/test.conf
@ -1,30 +1,3 @@
 # server TLSv1.1 DHE-RSA-CHACHA20-POLY1305
 -v 2
 -l DHE-RSA-CHACHA20-POLY1305
 # client TLSv1.1 DHE-RSA-CHACHA20-POLY1305
 -v 2
 -l DHE-RSA-CHACHA20-POLY1305
 # server TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305
 -v 2
 -l ECDHE-RSA-CHACHA20-POLY1305
 # client TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305
 -v 2
 -l ECDHE-RSA-CHACHA20-POLY1305
 # server TLSv1.1 ECDHE-EDCSA-CHACHA20-POLY1305
 -v 2
 -l ECDHE-ECDSA-CHACHA20-POLY1305
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 # client TLSv1.1 ECDHE-ECDSA-CHACHA20-POLY1305
 -v 2
 -l ECDHE-ECDSA-CHACHA20-POLY1305
 -A ./certs/server-ecc.pem
 # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305
 -v 3
 -l DHE-RSA-CHACHA20-POLY1305
@ -189,22 +162,6 @@
 -v 1
 -l AES256-SHA
 # server TLSv1 AES128-SHA256
 -v 1
 -l AES128-SHA256
 # client TLSv1 AES128-SHA256
 -v 1
 -l AES128-SHA256
 # server TLSv1 AES256-SHA256
 -v 1
 -l AES256-SHA256
 # client TLSv1 AES256-SHA256
 -v 1
 -l AES256-SHA256
 # server TLSv1.1 RC4-SHA
 -v 2
 -l RC4-SHA
@ -245,30 +202,6 @@
 -v 2
 -l AES128-SHA
 # server TLSv1.1 AES256-SHA
 -v 2
 -l AES256-SHA
 # client TLSv1.1 AES256-SHA
 -v 2
 -l AES256-SHA
 # server TLSv1.1 AES128-SHA256
 -v 2
 -l AES128-SHA256
 # client TLSv1.1 AES128-SHA256
 -v 2
 -l AES128-SHA256
 # server TLSv1.1 AES256-SHA256
 -v 2
 -l AES256-SHA256
 # client TLSv1.1 AES256-SHA256
 -v 2
 -l AES256-SHA256
 # server TLSv1.2 RC4-SHA
 -v 3
 -l RC4-SHA
@ -341,11 +274,11 @@
 -v 1
 -l ECDHE-RSA-DES-CBC3-SHA
-# server TLSv1 ECDHE-RSA-AES128 
+# server TLSv1 ECDHE-RSA-AES128
 -v 1
 -l ECDHE-RSA-AES128-SHA
-# client TLSv1 ECDHE-RSA-AES128 
+# client TLSv1 ECDHE-RSA-AES128
 -v 1
 -l ECDHE-RSA-AES128-SHA
@ -373,11 +306,11 @@
 -v 2
 -l ECDHE-RSA-DES-CBC3-SHA
-# server TLSv1.1 ECDHE-RSA-AES128 
+# server TLSv1.1 ECDHE-RSA-AES128
 -v 2
 -l ECDHE-RSA-AES128-SHA
-# client TLSv1.1 ECDHE-RSA-AES128 
+# client TLSv1.1 ECDHE-RSA-AES128
 -v 2
 -l ECDHE-RSA-AES128-SHA
@ -405,11 +338,11 @@
 -v 3
 -l ECDHE-RSA-DES-CBC3-SHA
-# server TLSv1.2 ECDHE-RSA-AES128 
+# server TLSv1.2 ECDHE-RSA-AES128
 -v 3
 -l ECDHE-RSA-AES128-SHA
-# client TLSv1.2 ECDHE-RSA-AES128 
+# client TLSv1.2 ECDHE-RSA-AES128
 -v 3
 -l ECDHE-RSA-AES128-SHA
@ -417,7 +350,7 @@
 -v 3
 -l ECDHE-RSA-AES128-SHA256
-# client TLSv1.2 ECDHE-RSA-AES128-SHA256 
+# client TLSv1.2 ECDHE-RSA-AES128-SHA256
 -v 3
 -l ECDHE-RSA-AES128-SHA256
@ -484,13 +417,13 @@
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
-# server TLSv1 ECDHE-ECDSA-AES128 
+# server TLSv1 ECDHE-ECDSA-AES128
 -v 1
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client TLSv1 ECDHE-ECDSA-AES128 
+# client TLSv1 ECDHE-ECDSA-AES128
 -v 1
 -l ECDHE-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
@ -528,13 +461,13 @@
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
-# server TLSv1.1 ECDHE-ECDSA-AES128 
+# server TLSv1.1 ECDHE-ECDSA-AES128
 -v 2
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client TLSv1.1 ECDHE-ECDSA-AES128 
+# client TLSv1.1 ECDHE-ECDSA-AES128
 -v 2
 -l ECDHE-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
@ -572,13 +505,13 @@
 -l ECDHE-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
-# server TLSv1.2 ECDHE-ECDSA-AES128 
+# server TLSv1.2 ECDHE-ECDSA-AES128
 -v 3
 -l ECDHE-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client TLSv1.2 ECDHE-ECDSA-AES128 
+# client TLSv1.2 ECDHE-ECDSA-AES128
 -v 3
 -l ECDHE-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
@ -625,13 +558,13 @@
 -v 1
 -l ECDH-RSA-DES-CBC3-SHA
-# server TLSv1 ECDH-RSA-AES128 
+# server TLSv1 ECDH-RSA-AES128
 -v 1
 -l ECDH-RSA-AES128-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
-# client TLSv1 ECDH-RSA-AES128 
+# client TLSv1 ECDH-RSA-AES128
 -v 1
 -l ECDH-RSA-AES128-SHA
@ -665,13 +598,13 @@
 -v 2
 -l ECDH-RSA-DES-CBC3-SHA
-# server TLSv1.1 ECDH-RSA-AES128 
+# server TLSv1.1 ECDH-RSA-AES128
 -v 2
 -l ECDH-RSA-AES128-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
-# client TLSv1.1 ECDH-RSA-AES128 
+# client TLSv1.1 ECDH-RSA-AES128
 -v 2
 -l ECDH-RSA-AES128-SHA
@ -705,23 +638,23 @@
 -v 3
 -l ECDH-RSA-DES-CBC3-SHA
-# server TLSv1.2 ECDH-RSA-AES128 
+# server TLSv1.2 ECDH-RSA-AES128
 -v 3
 -l ECDH-RSA-AES128-SHA
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
-# client TLSv1.2 ECDH-RSA-AES128 
+# client TLSv1.2 ECDH-RSA-AES128
 -v 3
 -l ECDH-RSA-AES128-SHA
-# server TLSv1.2 ECDH-RSA-AES128-SHA256 
+# server TLSv1.2 ECDH-RSA-AES128-SHA256
 -v 3
 -l ECDH-RSA-AES128-SHA256
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
-# client TLSv1.2 ECDH-RSA-AES128-SHA256 
+# client TLSv1.2 ECDH-RSA-AES128-SHA256
 -v 3
 -l ECDH-RSA-AES128-SHA256
@ -757,13 +690,13 @@
 -l ECDH-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
-# server TLSv1 ECDH-ECDSA-AES128 
+# server TLSv1 ECDH-ECDSA-AES128
 -v 1
 -l ECDH-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client TLSv1 ECDH-ECDSA-AES128 
+# client TLSv1 ECDH-ECDSA-AES128
 -v 1
 -l ECDH-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
@ -801,13 +734,13 @@
 -l ECDH-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
-# server TLSv1.1 ECDH-ECDSA-AES128 
+# server TLSv1.1 ECDH-ECDSA-AES128
 -v 2
 -l ECDH-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client TLSv1.1 ECDH-ECDSA-AES128 
+# client TLSv1.1 ECDH-ECDSA-AES128
 -v 2
 -l ECDH-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
@ -845,13 +778,13 @@
 -l ECDH-ECDSA-DES-CBC3-SHA
 -A ./certs/server-ecc.pem
-# server TLSv1.2 ECDH-ECDSA-AES128 
+# server TLSv1.2 ECDH-ECDSA-AES128
 -v 3
 -l ECDH-ECDSA-AES128-SHA
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client TLSv1.2 ECDH-ECDSA-AES128 
+# client TLSv1.2 ECDH-ECDSA-AES128
 -v 3
 -l ECDH-ECDSA-AES128-SHA
 -A ./certs/server-ecc.pem
@ -862,7 +795,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client TLSv1.2 ECDH-ECDSA-AES128-SHA256 
+# client TLSv1.2 ECDH-ECDSA-AES128-SHA256
 -v 3
 -l ECDH-ECDSA-AES128-SHA256
 -A ./certs/server-ecc.pem
@ -882,7 +815,7 @@
 -v 3
 -l ECDHE-RSA-AES256-SHA384
-# client TLSv1.2 ECDHE-RSA-AES256-SHA384 
+# client TLSv1.2 ECDHE-RSA-AES256-SHA384
 -v 3
 -l ECDHE-RSA-AES256-SHA384
@ -897,13 +830,13 @@
 -l ECDHE-ECDSA-AES256-SHA384
 -A ./certs/server-ecc.pem
-# server TLSv1.2 ECDH-RSA-AES256-SHA384 
+# server TLSv1.2 ECDH-RSA-AES256-SHA384
 -v 3
 -l ECDH-RSA-AES256-SHA384
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
-# client TLSv1.2 ECDH-RSA-AES256-SHA384 
+# client TLSv1.2 ECDH-RSA-AES256-SHA384
 -v 3
 -l ECDH-RSA-AES256-SHA384
@ -913,7 +846,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client TLSv1.2 ECDH-ECDSA-AES256-SHA384 
+# client TLSv1.2 ECDH-ECDSA-AES256-SHA384
 -v 3
 -l ECDH-ECDSA-AES256-SHA384
 -A ./certs/server-ecc.pem
@ -1078,22 +1011,6 @@
 -v 1
 -l DHE-RSA-AES256-SHA
 # server TLSv1 DHE AES128-SHA256
 -v 1
 -l DHE-RSA-AES128-SHA256
 # client TLSv1 DHE AES128-SHA256
 -v 1
 -l DHE-RSA-AES128-SHA256
 # server TLSv1 DHE AES256-SHA256
 -v 1
 -l DHE-RSA-AES256-SHA256
 # client TLSv1 DHE AES256-SHA256
 -v 1
 -l DHE-RSA-AES256-SHA256
 # server TLSv1.1 DHE AES128
 -v 2
 -l DHE-RSA-AES128-SHA
@ -1110,22 +1027,6 @@
 -v 2
 -l DHE-RSA-AES256-SHA
 # server TLSv1.1 DHE AES128-SHA256
 -v 2
 -l DHE-RSA-AES128-SHA256
 # client TLSv1.1 DHE AES128-SHA256
 -v 2
 -l DHE-RSA-AES128-SHA256
 # server TLSv1.1 DHE AES256-SHA256
 -v 2
 -l DHE-RSA-AES256-SHA256
 # client TLSv1.1 DHE AES256-SHA256
 -v 2
 -l DHE-RSA-AES256-SHA256
 # server TLSv1.1 DHE 3DES
 -v 2
 -l EDH-RSA-DES-CBC3-SHA
@ -1664,11 +1565,11 @@
 -v 3
 -l DHE-RSA-CAMELLIA256-SHA256
-# server TLSv1.2 RSA-AES128-GCM-SHA256 
+# server TLSv1.2 RSA-AES128-GCM-SHA256
 -v 3
 -l AES128-GCM-SHA256
-# client TLSv1.2 RSA-AES128-GCM-SHA256 
+# client TLSv1.2 RSA-AES128-GCM-SHA256
 -v 3
 -l AES128-GCM-SHA256
@ -1680,13 +1581,13 @@
 -v 3
 -l AES256-GCM-SHA384
-# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 
+# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 
+# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
 -v 3
 -l ECDHE-ECDSA-AES128-GCM-SHA256
 -A ./certs/server-ecc.pem
@ -1702,13 +1603,13 @@
 -l ECDHE-ECDSA-AES256-GCM-SHA384
 -A ./certs/server-ecc.pem
-# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 
+# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
 -v 3
 -l ECDH-ECDSA-AES128-GCM-SHA256
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
-# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 
+# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
 -v 3
 -l ECDH-ECDSA-AES128-GCM-SHA256
 -A ./certs/server-ecc.pem
@ -1724,11 +1625,11 @@
 -l ECDH-ECDSA-AES256-GCM-SHA384
 -A ./certs/server-ecc.pem
-# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 
+# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
-# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 
+# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
 -v 3
 -l ECDHE-RSA-AES128-GCM-SHA256
@ -1740,13 +1641,13 @@
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
-# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 
+# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
 -v 3
 -l ECDH-RSA-AES128-GCM-SHA256
 -c ./certs/server-ecc-rsa.pem
 -k ./certs/ecc-key.pem
-# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 
+# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
 -v 3
 -l ECDH-RSA-AES128-GCM-SHA256
@ -1760,11 +1661,11 @@
 -v 3
 -l ECDH-RSA-AES256-GCM-SHA384
-# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 
+# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256
 -v 3
 -l DHE-RSA-AES128-GCM-SHA256
-# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 
+# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256
 -v 3
 -l DHE-RSA-AES128-GCM-SHA256