WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Added test for server to use the default cipher suite list using new “-U” option. This allows the InitSuites logic to be used for determining cipher suites instead of always overriding using the “-l” option. Now both versions are used, so tests are done with wolfSSL_CTX_set_cipher_list and InitSuites. Removed a few cipher suite tests from test.conf that are not valid with old TLS. These were not picked up as failures before because wolfSSL_CTX_set_cipher_list matched on name only, allowing older versions to use the suite.

pull/830/head
David Garske 2017-04-04 14:31:47 -07:00
parent b827380baf
commit 4dcad96f97
4 changed files with 181 additions and 318 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
examples/server/server.c
View File

@ -267,6 +267,7 @@ static void Usage(void)
#endif
printf("-g Return basic HTML web page\n");
printf("-C <num> The number of connections to accept, default: 1\n");
printf("-U Force use of the default cipher suite list\n");
}
THREAD_RETURN CYASSL_THREAD server_test(void* args)
@ -319,6 +320,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
char* alpnList = NULL;
unsigned char alpn_opt = 0;
char* cipherList = NULL;
int useDefCipherList = 0;
const char* verifyCert = cliCertFile;
const char* ourCert = svrCertFile;
const char* ourKey = svrKeyFile;
@ -391,7 +393,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
useAnyAddr = 1;
#else
while ((ch = mygetopt(argc, argv,
"?jdbstnNuGfrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:E:q:gC:")) != -1) {
"?jdbstnNuGfrawPIR:p:v:l:A:c:k:Z:S:oO:D:L:ieB:E:q:gC:U")) != -1) {
switch (ch) {
case '?' :
Usage();
@ -475,6 +477,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
cipherList = myoptarg;
break;
case 'U' :
useDefCipherList = 1;
break;
case 'A' :
verifyCert = myoptarg;
break;
@ -716,9 +722,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
#endif
if (cipherList)
if (cipherList && !useDefCipherList) {
if (SSL_CTX_set_cipher_list(ctx, cipherList) != SSL_SUCCESS)
err_sys("server can't set cipher list 1");
}
#ifdef CYASSL_LEANPSK
if (!usePsk) {

182
tests/suites.c
View File

@ -35,7 +35,7 @@
#define MAX_ARGS 40
#define MAX_COMMAND_SZ 240
#define MAX_SUITE_SZ 80
#define MAX_SUITE_SZ 80
#define NOT_BUILT_IN -123
#if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3)
#define VERSION_TOO_OLD -124
@ -54,6 +54,7 @@ static char flagSep[] = " ";
static char portFlag[] = "-p";
static char svrPort[] = "0";
#endif
static char forceDefCipherListFlag[] = "-U";
#ifndef WOLFSSL_ALLOW_SSLV3
@ -155,7 +156,7 @@ static int IsValidCipherSuite(const char* line, char* suite)
static int execute_test_case(int svr_argc, char** svr_argv,
int cli_argc, char** cli_argv,
int addNoVerify, int addNonBlocking,
int addDisableEMS)
int addDisableEMS, int forceSrvDefCipherList)
{
#ifdef WOLFSSL_TIRTOS
func_args cliArgs = {0};
@ -174,20 +175,22 @@ static int execute_test_case(int svr_argc, char** svr_argv,
char commandLine[MAX_COMMAND_SZ];
char cipherSuite[MAX_SUITE_SZ+1];
int i;
size_t added = 0;
size_t added;
static int tests = 1;
/* Is Valid Cipher and Version Checks */
/* build command list for the Is checks below */
commandLine[0] = '\0';
for (i = 0; i < svr_argc; i++) {
added = 0;
for (i = 0; i < svrArgs.argc; i++) {
added += XSTRLEN(svr_argv[i]) + 2;
if (added >= MAX_COMMAND_SZ) {
printf("server command line too long\n");
printf("server command line too long\n");
break;
}
strcat(commandLine, svr_argv[i]);
strcat(commandLine, flagSep);
}
if (IsValidCipherSuite(commandLine, cipherSuite) == 0) {
#ifdef DEBUG_SUITE_TESTS
printf("cipher suite %s not supported in build\n", cipherSuite);
@ -203,7 +206,6 @@ static int execute_test_case(int svr_argc, char** svr_argv,
return VERSION_TOO_OLD;
}
#endif
#ifdef NO_OLD_TLS
if (IsOldTlsVersion(commandLine) == 1) {
#ifdef DEBUG_SUITE_TESTS
@ -213,78 +215,52 @@ static int execute_test_case(int svr_argc, char** svr_argv,
}
#endif
/* Build Client Command */
if (addNoVerify) {
printf("repeating test with client cert request off\n");
added += 4; /* -d plus space plus terminator */
if (added >= MAX_COMMAND_SZ || svr_argc >= MAX_ARGS)
printf("repeating test with client cert request off\n");
if (svrArgs.argc >= MAX_ARGS)
printf("server command line too long\n");
else {
svr_argv[svr_argc++] = noVerifyFlag;
svrArgs.argc = svr_argc;
strcat(commandLine, noVerifyFlag);
strcat(commandLine, flagSep);
}
else
svr_argv[svrArgs.argc++] = noVerifyFlag;
}
if (addNonBlocking) {
printf("repeating test with non blocking on\n");
added += 4; /* -N plus terminator */
if (added >= MAX_COMMAND_SZ || svr_argc >= MAX_ARGS)
printf("repeating test with non blocking on\n");
if (svrArgs.argc >= MAX_ARGS)
printf("server command line too long\n");
else {
svr_argv[svr_argc++] = nonblockFlag;
svrArgs.argc = svr_argc;
strcat(commandLine, nonblockFlag);
strcat(commandLine, flagSep);
}
else
svr_argv[svrArgs.argc++] = nonblockFlag;
}
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
/* add port 0 */
if (svr_argc + 2 > MAX_ARGS)
/* add port */
if (svrArgs.argc + 2 > MAX_ARGS)
printf("cannot add the magic port number flag to server\n");
else
{
svr_argv[svr_argc++] = portFlag;
svr_argv[svr_argc++] = svrPort;
svrArgs.argc = svr_argc;
else {
svr_argv[svrArgs.argc++] = portFlag;
svr_argv[svrArgs.argc++] = svrPort;
}
#endif
printf("trying server command line[%d]: %s\n", tests, commandLine);
if (forceSrvDefCipherList) {
if (svrArgs.argc >= MAX_ARGS)
printf("cannot add the force def cipher list flag to server\n");
else
svr_argv[svrArgs.argc++] = forceDefCipherListFlag;
}
/* update server flags list */
commandLine[0] = '\0';
added = 0;
for (i = 0; i < cli_argc; i++) {
added += XSTRLEN(cli_argv[i]) + 2;
for (i = 0; i < svrArgs.argc; i++) {
added += XSTRLEN(svr_argv[i]) + 2;
if (added >= MAX_COMMAND_SZ) {
printf("client command line too long\n");
printf("server command line too long\n");
break;
}
strcat(commandLine, cli_argv[i]);
strcat(commandLine, svr_argv[i]);
strcat(commandLine, flagSep);
}
if (addNonBlocking) {
added += 4; /* -N plus space plus terminator */
if (added >= MAX_COMMAND_SZ)
printf("client command line too long\n");
else {
cli_argv[cli_argc++] = nonblockFlag;
strcat(commandLine, nonblockFlag);
strcat(commandLine, flagSep);
cliArgs.argc = cli_argc;
}
}
if (addDisableEMS) {
printf("repeating test without extended master secret\n");
added += 4; /* -n plus terminator */
if (added >= MAX_COMMAND_SZ)
printf("client command line too long\n");
else {
cli_argv[cli_argc++] = disableEMSFlag;
strcat(commandLine, disableEMSFlag);
strcat(commandLine, flagSep);
cliArgs.argc = cli_argc;
}
}
printf("trying client command line[%d]: %s\n", tests++, commandLine);
printf("trying server command line[%d]: %s\n", tests, commandLine);
tests++; /* test count */
InitTcpReady(&ready);
@ -296,31 +272,59 @@ static int execute_test_case(int svr_argc, char** svr_argv,
svrArgs.signal = &ready;
start_thread(server_test, &svrArgs, &serverThread);
wait_tcp_ready(&svrArgs);
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
if (ready.port != 0)
{
if (cli_argc + 2 > MAX_ARGS)
printf("cannot add the magic port number flag to client\n");
else {
char portNumber[8];
snprintf(portNumber, sizeof(portNumber), "%d", ready.port);
cli_argv[cli_argc++] = portFlag;
cli_argv[cli_argc++] = portNumber;
cliArgs.argc = cli_argc;
}
/* Build Client Command */
if (addNonBlocking) {
if (cliArgs.argc >= MAX_ARGS)
printf("cannot add the non block flag to client\n");
else
cli_argv[cliArgs.argc++] = nonblockFlag;
}
if (addDisableEMS) {
printf("repeating test without extended master secret\n");
if (cliArgs.argc >= MAX_ARGS)
printf("cannot add the disable EMS flag to client\n");
else
cli_argv[cliArgs.argc++] = disableEMSFlag;
}
#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS)
if (ready.port != 0) {
if (cliArgs.argc + 2 > MAX_ARGS)
printf("cannot add the magic port number flag to client\n");
else {
char portNumber[8];
snprintf(portNumber, sizeof(portNumber), "%d", ready.port);
cli_argv[cliArgs.argc++] = portFlag;
cli_argv[cliArgs.argc++] = portNumber;
}
#endif
}
#endif
commandLine[0] = '\0';
added = 0;
for (i = 0; i < cliArgs.argc; i++) {
added += XSTRLEN(cli_argv[i]) + 2;
if (added >= MAX_COMMAND_SZ) {
printf("client command line too long\n");
break;
}
strcat(commandLine, cli_argv[i]);
strcat(commandLine, flagSep);
}
printf("trying client command line[%d]: %s\n", tests, commandLine);
/* start client */
client_test(&cliArgs);
/* verify results */
/* verify results */
if (cliArgs.return_code != 0) {
printf("client_test failed\n");
exit(EXIT_FAILURE);
}
join_thread(serverThread);
if (svrArgs.return_code != 0) {
if (svrArgs.return_code != 0) {
printf("server_test failed\n");
exit(EXIT_FAILURE);
}
@ -329,7 +333,7 @@ static int execute_test_case(int svr_argc, char** svr_argv,
fdCloseSession(Task_self());
#endif
FreeTcpReady(&ready);
return 0;
}
@ -393,7 +397,7 @@ static void test_harness(void* vargs)
args->return_code = 1;
return;
}
fclose(file);
script[sz] = 0;
@ -442,7 +446,7 @@ static void test_harness(void* vargs)
else
svrArgs[svrArgsSz++] = strsep(&cursor, "\n");
if (*cursor == 0) /* eof */
do_it = 1;
do_it = 1;
}
if (svrArgsSz == MAX_ARGS || cliArgsSz == MAX_ARGS) {
@ -452,24 +456,28 @@ static void test_harness(void* vargs)
if (do_it) {
ret = execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 0, 0);
cliArgsSz, cliArgs, 0, 0, 0, 0);
/* don't repeat if not supported in build */
if (ret == 0) {
/* test with default cipher list on server side */
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 1, 0);
cliArgsSz, cliArgs, 0, 0, 0, 1);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 0, 0);
cliArgsSz, cliArgs, 0, 1, 0, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 1, 0);
cliArgsSz, cliArgs, 1, 0, 0, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 1, 0, 0);
#ifdef HAVE_EXTENDED_MASTER
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 0, 1);
cliArgsSz, cliArgs, 0, 0, 1, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 0, 1, 1);
cliArgsSz, cliArgs, 0, 1, 1, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 0, 1);
cliArgsSz, cliArgs, 1, 0, 1, 0);
execute_test_case(svrArgsSz, svrArgs,
cliArgsSz, cliArgs, 1, 1, 1);
cliArgsSz, cliArgs, 1, 1, 1, 0);
#endif
}
svrArgsSz = 1;

119
tests/test-dtls.conf
View File

@ -1,36 +1,3 @@
# server DTLSv1 DHE-RSA-CHACHA20-POLY1305
-u
-v 2
-l DHE-RSA-CHACHA20-POLY1305
# client DTLSv1 DHE-RSA-CHACHA20-POLY1305
-u
-v 2
-l DHE-RSA-CHACHA20-POLY1305
# server DTLSv1 ECDHE-RSA-CHACHA20-POLY1305
-u
-v 2
-l ECDHE-RSA-CHACHA20-POLY1305
# client DTLSv1 ECDHE-RSA-CHACHA20-POLY1305
-u
-v 2
-l ECDHE-RSA-CHACHA20-POLY1305
# server DTLSv1 ECDHE-EDCSA-CHACHA20-POLY1305
-u
-v 2
-l ECDHE-ECDSA-CHACHA20-POLY1305
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1 ECDHE-ECDSA-CHACHA20-POLY1305
-u
-v 2
-l ECDHE-ECDSA-CHACHA20-POLY1305
-A ./certs/server-ecc.pem
# server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305
-u
-v 3
@ -223,16 +190,6 @@
-v 3
-l AES256-SHA
# server DTLSv1 AES128-SHA256
-u
-v 2
-l AES128-SHA256
# client DTLSv1 AES128-SHA256
-u
-v 2
-l AES128-SHA256
# server DTLSv1.2 AES128-SHA256
-u
-v 3
@ -243,16 +200,6 @@
-v 3
-l AES128-SHA256
# server DTLSv1 AES256-SHA256
-u
-v 2
-l AES256-SHA256
# client DTLSv1 AES256-SHA256
-u
-v 2
-l AES256-SHA256
# server DTLSv1.2 AES256-SHA256
-u
-v 3
@ -283,12 +230,12 @@
-v 2
-l ECDHE-RSA-DES-CBC3-SHA
# server DTLSv1.1 ECDHE-RSA-AES128
# server DTLSv1.1 ECDHE-RSA-AES128
-u
-v 2
-l ECDHE-RSA-AES128-SHA
# client DTLSv1.1 ECDHE-RSA-AES128
# client DTLSv1.1 ECDHE-RSA-AES128
-u
-v 2
-l ECDHE-RSA-AES128-SHA
@ -323,12 +270,12 @@
-v 3
-l ECDHE-RSA-DES-CBC3-SHA
# server DTLSv1.2 ECDHE-RSA-AES128
# server DTLSv1.2 ECDHE-RSA-AES128
-u
-v 3
-l ECDHE-RSA-AES128-SHA
# client DTLSv1.2 ECDHE-RSA-AES128
# client DTLSv1.2 ECDHE-RSA-AES128
-u
-v 3
-l ECDHE-RSA-AES128-SHA
@ -338,7 +285,7 @@
-v 3
-l ECDHE-RSA-AES128-SHA256
# client DTLSv1.2 ECDHE-RSA-AES128-SHA256
# client DTLSv1.2 ECDHE-RSA-AES128-SHA256
-u
-v 3
-l ECDHE-RSA-AES128-SHA256
@ -418,14 +365,14 @@
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDHE-ECDSA-AES128
# server DTLSv1.1 ECDHE-ECDSA-AES128
-u
-v 2
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDHE-ECDSA-AES128
# client DTLSv1.1 ECDHE-ECDSA-AES128
-u
-v 2
-l ECDHE-ECDSA-AES128-SHA
@ -470,14 +417,14 @@
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-ECDSA-AES128
# server DTLSv1.2 ECDHE-ECDSA-AES128
-u
-v 3
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128
# client DTLSv1.2 ECDHE-ECDSA-AES128
-u
-v 3
-l ECDHE-ECDSA-AES128-SHA
@ -533,14 +480,14 @@
-v 2
-l ECDH-RSA-DES-CBC3-SHA
# server DTLSv1.1 ECDH-RSA-AES128
# server DTLSv1.1 ECDH-RSA-AES128
-u
-v 2
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-RSA-AES128
# client DTLSv1.1 ECDH-RSA-AES128
-u
-v 2
-l ECDH-RSA-AES128-SHA
@ -581,26 +528,26 @@
-v 3
-l ECDH-RSA-DES-CBC3-SHA
# server DTLSv1.2 ECDH-RSA-AES128
# server DTLSv1.2 ECDH-RSA-AES128
-u
-v 3
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES128
# client DTLSv1.2 ECDH-RSA-AES128
-u
-v 3
-l ECDH-RSA-AES128-SHA
# server DTLSv1.2 ECDH-RSA-AES128-SHA256
# server DTLSv1.2 ECDH-RSA-AES128-SHA256
-u
-v 3
-l ECDH-RSA-AES128-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES128-SHA256
# client DTLSv1.2 ECDH-RSA-AES128-SHA256
-u
-v 3
-l ECDH-RSA-AES128-SHA256
@ -643,14 +590,14 @@
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.1 ECDH-ECDSA-AES128
# server DTLSv1.1 ECDH-ECDSA-AES128
-u
-v 2
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.1 ECDH-ECDSA-AES128
# client DTLSv1.1 ECDH-ECDSA-AES128
-u
-v 2
-l ECDH-ECDSA-AES128-SHA
@ -695,14 +642,14 @@
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-ECDSA-AES128
# server DTLSv1.2 ECDH-ECDSA-AES128
-u
-v 3
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES128
# client DTLSv1.2 ECDH-ECDSA-AES128
-u
-v 3
-l ECDH-ECDSA-AES128-SHA
@ -715,7 +662,7 @@
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256
# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256
-u
-v 3
-l ECDH-ECDSA-AES128-SHA256
@ -734,12 +681,12 @@
-l ECDH-ECDSA-AES256-SHA
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-RSA-AES256-SHA384
# server DTLSv1.2 ECDHE-RSA-AES256-SHA384
-u
-v 3
-l ECDHE-RSA-AES256-SHA384
# client DTLSv1.2 ECDHE-RSA-AES256-SHA384
# client DTLSv1.2 ECDHE-RSA-AES256-SHA384
-u
-v 3
-l ECDHE-RSA-AES256-SHA384
@ -757,14 +704,14 @@
-l ECDHE-ECDSA-AES256-SHA384
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-RSA-AES256-SHA384
# server DTLSv1.2 ECDH-RSA-AES256-SHA384
-u
-v 3
-l ECDH-RSA-AES256-SHA384
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES256-SHA384
# client DTLSv1.2 ECDH-RSA-AES256-SHA384
-u
-v 3
-l ECDH-RSA-AES256-SHA384
@ -776,7 +723,7 @@
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384
# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384
-u
-v 3
-l ECDH-ECDSA-AES256-SHA384
@ -926,14 +873,14 @@
-v 3
-l PSK-AES256-CBC-SHA384
# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
@ -952,14 +899,14 @@
-l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
@ -978,12 +925,12 @@
-l ECDH-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
@ -998,14 +945,14 @@
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-u
-v 3
-l ECDH-RSA-AES128-GCM-SHA256

187
tests/test.conf
View File

@ -1,30 +1,3 @@
# server TLSv1.1 DHE-RSA-CHACHA20-POLY1305
-v 2
-l DHE-RSA-CHACHA20-POLY1305
# client TLSv1.1 DHE-RSA-CHACHA20-POLY1305
-v 2
-l DHE-RSA-CHACHA20-POLY1305
# server TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305
-v 2
-l ECDHE-RSA-CHACHA20-POLY1305
# client TLSv1.1 ECDHE-RSA-CHACHA20-POLY1305
-v 2
-l ECDHE-RSA-CHACHA20-POLY1305
# server TLSv1.1 ECDHE-EDCSA-CHACHA20-POLY1305
-v 2
-l ECDHE-ECDSA-CHACHA20-POLY1305
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-CHACHA20-POLY1305
-v 2
-l ECDHE-ECDSA-CHACHA20-POLY1305
-A ./certs/server-ecc.pem
# server TLSv1.2 DHE-RSA-CHACHA20-POLY1305
-v 3
-l DHE-RSA-CHACHA20-POLY1305
@ -189,22 +162,6 @@
-v 1
-l AES256-SHA
# server TLSv1 AES128-SHA256
-v 1
-l AES128-SHA256
# client TLSv1 AES128-SHA256
-v 1
-l AES128-SHA256
# server TLSv1 AES256-SHA256
-v 1
-l AES256-SHA256
# client TLSv1 AES256-SHA256
-v 1
-l AES256-SHA256
# server TLSv1.1 RC4-SHA
-v 2
-l RC4-SHA
@ -245,30 +202,6 @@
-v 2
-l AES128-SHA
# server TLSv1.1 AES256-SHA
-v 2
-l AES256-SHA
# client TLSv1.1 AES256-SHA
-v 2
-l AES256-SHA
# server TLSv1.1 AES128-SHA256
-v 2
-l AES128-SHA256
# client TLSv1.1 AES128-SHA256
-v 2
-l AES128-SHA256
# server TLSv1.1 AES256-SHA256
-v 2
-l AES256-SHA256
# client TLSv1.1 AES256-SHA256
-v 2
-l AES256-SHA256
# server TLSv1.2 RC4-SHA
-v 3
-l RC4-SHA
@ -341,11 +274,11 @@
-v 1
-l ECDHE-RSA-DES-CBC3-SHA
# server TLSv1 ECDHE-RSA-AES128
# server TLSv1 ECDHE-RSA-AES128
-v 1
-l ECDHE-RSA-AES128-SHA
# client TLSv1 ECDHE-RSA-AES128
# client TLSv1 ECDHE-RSA-AES128
-v 1
-l ECDHE-RSA-AES128-SHA
@ -373,11 +306,11 @@
-v 2
-l ECDHE-RSA-DES-CBC3-SHA
# server TLSv1.1 ECDHE-RSA-AES128
# server TLSv1.1 ECDHE-RSA-AES128
-v 2
-l ECDHE-RSA-AES128-SHA
# client TLSv1.1 ECDHE-RSA-AES128
# client TLSv1.1 ECDHE-RSA-AES128
-v 2
-l ECDHE-RSA-AES128-SHA
@ -405,11 +338,11 @@
-v 3
-l ECDHE-RSA-DES-CBC3-SHA
# server TLSv1.2 ECDHE-RSA-AES128
# server TLSv1.2 ECDHE-RSA-AES128
-v 3
-l ECDHE-RSA-AES128-SHA
# client TLSv1.2 ECDHE-RSA-AES128
# client TLSv1.2 ECDHE-RSA-AES128
-v 3
-l ECDHE-RSA-AES128-SHA
@ -417,7 +350,7 @@
-v 3
-l ECDHE-RSA-AES128-SHA256
# client TLSv1.2 ECDHE-RSA-AES128-SHA256
# client TLSv1.2 ECDHE-RSA-AES128-SHA256
-v 3
-l ECDHE-RSA-AES128-SHA256
@ -484,13 +417,13 @@
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDHE-ECDSA-AES128
# server TLSv1 ECDHE-ECDSA-AES128
-v 1
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDHE-ECDSA-AES128
# client TLSv1 ECDHE-ECDSA-AES128
-v 1
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
@ -528,13 +461,13 @@
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDHE-ECDSA-AES128
# server TLSv1.1 ECDHE-ECDSA-AES128
-v 2
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDHE-ECDSA-AES128
# client TLSv1.1 ECDHE-ECDSA-AES128
-v 2
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
@ -572,13 +505,13 @@
-l ECDHE-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-ECDSA-AES128
# server TLSv1.2 ECDHE-ECDSA-AES128
-v 3
-l ECDHE-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128
# client TLSv1.2 ECDHE-ECDSA-AES128
-v 3
-l ECDHE-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
@ -625,13 +558,13 @@
-v 1
-l ECDH-RSA-DES-CBC3-SHA
# server TLSv1 ECDH-RSA-AES128
# server TLSv1 ECDH-RSA-AES128
-v 1
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-RSA-AES128
# client TLSv1 ECDH-RSA-AES128
-v 1
-l ECDH-RSA-AES128-SHA
@ -665,13 +598,13 @@
-v 2
-l ECDH-RSA-DES-CBC3-SHA
# server TLSv1.1 ECDH-RSA-AES128
# server TLSv1.1 ECDH-RSA-AES128
-v 2
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-RSA-AES128
# client TLSv1.1 ECDH-RSA-AES128
-v 2
-l ECDH-RSA-AES128-SHA
@ -705,23 +638,23 @@
-v 3
-l ECDH-RSA-DES-CBC3-SHA
# server TLSv1.2 ECDH-RSA-AES128
# server TLSv1.2 ECDH-RSA-AES128
-v 3
-l ECDH-RSA-AES128-SHA
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-AES128
# client TLSv1.2 ECDH-RSA-AES128
-v 3
-l ECDH-RSA-AES128-SHA
# server TLSv1.2 ECDH-RSA-AES128-SHA256
# server TLSv1.2 ECDH-RSA-AES128-SHA256
-v 3
-l ECDH-RSA-AES128-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-AES128-SHA256
# client TLSv1.2 ECDH-RSA-AES128-SHA256
-v 3
-l ECDH-RSA-AES128-SHA256
@ -757,13 +690,13 @@
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1 ECDH-ECDSA-AES128
# server TLSv1 ECDH-ECDSA-AES128
-v 1
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1 ECDH-ECDSA-AES128
# client TLSv1 ECDH-ECDSA-AES128
-v 1
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
@ -801,13 +734,13 @@
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1.1 ECDH-ECDSA-AES128
# server TLSv1.1 ECDH-ECDSA-AES128
-v 2
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.1 ECDH-ECDSA-AES128
# client TLSv1.1 ECDH-ECDSA-AES128
-v 2
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
@ -845,13 +778,13 @@
-l ECDH-ECDSA-DES-CBC3-SHA
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDH-ECDSA-AES128
# server TLSv1.2 ECDH-ECDSA-AES128
-v 3
-l ECDH-ECDSA-AES128-SHA
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES128
# client TLSv1.2 ECDH-ECDSA-AES128
-v 3
-l ECDH-ECDSA-AES128-SHA
-A ./certs/server-ecc.pem
@ -862,7 +795,7 @@
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES128-SHA256
# client TLSv1.2 ECDH-ECDSA-AES128-SHA256
-v 3
-l ECDH-ECDSA-AES128-SHA256
-A ./certs/server-ecc.pem
@ -882,7 +815,7 @@
-v 3
-l ECDHE-RSA-AES256-SHA384
# client TLSv1.2 ECDHE-RSA-AES256-SHA384
# client TLSv1.2 ECDHE-RSA-AES256-SHA384
-v 3
-l ECDHE-RSA-AES256-SHA384
@ -897,13 +830,13 @@
-l ECDHE-ECDSA-AES256-SHA384
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDH-RSA-AES256-SHA384
# server TLSv1.2 ECDH-RSA-AES256-SHA384
-v 3
-l ECDH-RSA-AES256-SHA384
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-AES256-SHA384
# client TLSv1.2 ECDH-RSA-AES256-SHA384
-v 3
-l ECDH-RSA-AES256-SHA384
@ -913,7 +846,7 @@
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES256-SHA384
# client TLSv1.2 ECDH-ECDSA-AES256-SHA384
-v 3
-l ECDH-ECDSA-AES256-SHA384
-A ./certs/server-ecc.pem
@ -1078,22 +1011,6 @@
-v 1
-l DHE-RSA-AES256-SHA
# server TLSv1 DHE AES128-SHA256
-v 1
-l DHE-RSA-AES128-SHA256
# client TLSv1 DHE AES128-SHA256
-v 1
-l DHE-RSA-AES128-SHA256
# server TLSv1 DHE AES256-SHA256
-v 1
-l DHE-RSA-AES256-SHA256
# client TLSv1 DHE AES256-SHA256
-v 1
-l DHE-RSA-AES256-SHA256
# server TLSv1.1 DHE AES128
-v 2
-l DHE-RSA-AES128-SHA
@ -1110,22 +1027,6 @@
-v 2
-l DHE-RSA-AES256-SHA
# server TLSv1.1 DHE AES128-SHA256
-v 2
-l DHE-RSA-AES128-SHA256
# client TLSv1.1 DHE AES128-SHA256
-v 2
-l DHE-RSA-AES128-SHA256
# server TLSv1.1 DHE AES256-SHA256
-v 2
-l DHE-RSA-AES256-SHA256
# client TLSv1.1 DHE AES256-SHA256
-v 2
-l DHE-RSA-AES256-SHA256
# server TLSv1.1 DHE 3DES
-v 2
-l EDH-RSA-DES-CBC3-SHA
@ -1664,11 +1565,11 @@
-v 3
-l DHE-RSA-CAMELLIA256-SHA256
# server TLSv1.2 RSA-AES128-GCM-SHA256
# server TLSv1.2 RSA-AES128-GCM-SHA256
-v 3
-l AES128-GCM-SHA256
# client TLSv1.2 RSA-AES128-GCM-SHA256
# client TLSv1.2 RSA-AES128-GCM-SHA256
-v 3
-l AES128-GCM-SHA256
@ -1680,13 +1581,13 @@
-v 3
-l AES256-GCM-SHA384
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDHE-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
@ -1702,13 +1603,13 @@
-l ECDHE-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-c ./certs/server-ecc.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256
-v 3
-l ECDH-ECDSA-AES128-GCM-SHA256
-A ./certs/server-ecc.pem
@ -1724,11 +1625,11 @@
-l ECDH-ECDSA-AES256-GCM-SHA384
-A ./certs/server-ecc.pem
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
-v 3
-l ECDHE-RSA-AES128-GCM-SHA256
@ -1740,13 +1641,13 @@
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
-c ./certs/server-ecc-rsa.pem
-k ./certs/ecc-key.pem
# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256
-v 3
-l ECDH-RSA-AES128-GCM-SHA256
@ -1760,11 +1661,11 @@
-v 3
-l ECDH-RSA-AES256-GCM-SHA384
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256
# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256
-v 3
-l DHE-RSA-AES128-GCM-SHA256
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256
# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256
-v 3
-l DHE-RSA-AES128-GCM-SHA256