VirtualBox

source: vbox/trunk/src/libs/openssl-3.1.7/test/ssl-tests/17-renegotiate.cnf.in@ 107935

Last change on this file since 107935 was 104078, checked in by vboxsync, 11 months ago

openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
File size: 8.8 KB
Line 
1# -*- mode: perl; -*-
2# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License"). You may not use
5# this file except in compliance with the License. You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10## Test Renegotiation
11
12use strict;
13use warnings;
14
15package ssltests;
16use OpenSSL::Test::Utils;
17
18our @tests = (
19 {
20 name => "renegotiate-client-no-resume",
21 server => {
22 "Options" => "NoResumptionOnRenegotiation",
23 "MaxProtocol" => "TLSv1.2"
24 },
25 client => {},
26 test => {
27 "Method" => "TLS",
28 "HandshakeMode" => "RenegotiateClient",
29 "ResumptionExpected" => "No",
30 "ExpectedResult" => "Success"
31 }
32 },
33 {
34 name => "renegotiate-client-resume",
35 server => {
36 "MaxProtocol" => "TLSv1.2"
37 },
38 client => {},
39 test => {
40 "Method" => "TLS",
41 "HandshakeMode" => "RenegotiateClient",
42 "ResumptionExpected" => "Yes",
43 "ExpectedResult" => "Success"
44 }
45 },
46 {
47 name => "renegotiate-server-no-resume",
48 server => {
49 "Options" => "NoResumptionOnRenegotiation",
50 "MaxProtocol" => "TLSv1.2"
51 },
52 client => {},
53 test => {
54 "Method" => "TLS",
55 "HandshakeMode" => "RenegotiateServer",
56 "ResumptionExpected" => "No",
57 "ExpectedResult" => "Success"
58 }
59 },
60 {
61 name => "renegotiate-server-resume",
62 server => {
63 "MaxProtocol" => "TLSv1.2"
64 },
65 client => {},
66 test => {
67 "Method" => "TLS",
68 "HandshakeMode" => "RenegotiateServer",
69 "ResumptionExpected" => "Yes",
70 "ExpectedResult" => "Success"
71 }
72 },
73 {
74 name => "renegotiate-client-auth-require",
75 server => {
76 "Options" => "NoResumptionOnRenegotiation",
77 "MaxProtocol" => "TLSv1.2",
78 "VerifyCAFile" => test_pem("root-cert.pem"),
79 "VerifyMode" => "Require",
80 },
81 client => {
82 "Certificate" => test_pem("ee-client-chain.pem"),
83 "PrivateKey" => test_pem("ee-key.pem"),
84 },
85 test => {
86 "Method" => "TLS",
87 "HandshakeMode" => "RenegotiateServer",
88 "ResumptionExpected" => "No",
89 "ExpectedResult" => "Success"
90 }
91 },
92 {
93 name => "renegotiate-client-auth-once",
94 server => {
95 "Options" => "NoResumptionOnRenegotiation",
96 "MaxProtocol" => "TLSv1.2",
97 "VerifyCAFile" => test_pem("root-cert.pem"),
98 "VerifyMode" => "Once",
99 },
100 client => {
101 "Certificate" => test_pem("ee-client-chain.pem"),
102 "PrivateKey" => test_pem("ee-key.pem"),
103 },
104 test => {
105 "Method" => "TLS",
106 "HandshakeMode" => "RenegotiateServer",
107 "ResumptionExpected" => "No",
108 "ExpectedResult" => "Success"
109 }
110 },
111 {
112# Just test that UnsafeLegacyServerConnect option
113# exists, it won't have any real effect here
114 name => "renegotiate-client-legacy-connect",
115 server => {
116 "MaxProtocol" => "TLSv1.2"
117 },
118 client => {
119 "Options" => "UnsafeLegacyServerConnect",
120 },
121 test => {
122 "Method" => "TLS",
123 "HandshakeMode" => "RenegotiateClient",
124 "ResumptionExpected" => "Yes",
125 "ExpectedResult" => "Success"
126 }
127 },
128);
129our @tests_tls1_2 = (
130 {
131 name => "renegotiate-aead-to-non-aead",
132 server => {
133 "Options" => "NoResumptionOnRenegotiation",
134 },
135 client => {
136 "CipherString" => "AES128-GCM-SHA256",
137 "MaxProtocol" => "TLSv1.2",
138 extra => {
139 "RenegotiateCiphers" => "AES128-SHA"
140 }
141 },
142 test => {
143 "Method" => "TLS",
144 "HandshakeMode" => "RenegotiateClient",
145 "ResumptionExpected" => "No",
146 "ExpectedResult" => "Success"
147 }
148 },
149 {
150 name => "renegotiate-non-aead-to-aead",
151 server => {
152 "Options" => "NoResumptionOnRenegotiation",
153 },
154 client => {
155 "CipherString" => "AES128-SHA",
156 "MaxProtocol" => "TLSv1.2",
157 extra => {
158 "RenegotiateCiphers" => "AES128-GCM-SHA256"
159 }
160 },
161 test => {
162 "Method" => "TLS",
163 "HandshakeMode" => "RenegotiateClient",
164 "ResumptionExpected" => "No",
165 "ExpectedResult" => "Success"
166 }
167 },
168 {
169 name => "renegotiate-non-aead-to-non-aead",
170 server => {
171 "Options" => "NoResumptionOnRenegotiation",
172 },
173 client => {
174 "CipherString" => "AES128-SHA",
175 "MaxProtocol" => "TLSv1.2",
176 extra => {
177 "RenegotiateCiphers" => "AES256-SHA"
178 }
179 },
180 test => {
181 "Method" => "TLS",
182 "HandshakeMode" => "RenegotiateClient",
183 "ResumptionExpected" => "No",
184 "ExpectedResult" => "Success"
185 }
186 },
187 {
188 name => "renegotiate-aead-to-aead",
189 server => {
190 "Options" => "NoResumptionOnRenegotiation",
191 },
192 client => {
193 "CipherString" => "AES128-GCM-SHA256",
194 "MaxProtocol" => "TLSv1.2",
195 extra => {
196 "RenegotiateCiphers" => "AES256-GCM-SHA384"
197 }
198 },
199 test => {
200 "Method" => "TLS",
201 "HandshakeMode" => "RenegotiateClient",
202 "ResumptionExpected" => "No",
203 "ExpectedResult" => "Success"
204 }
205 },
206 {
207 name => "no-renegotiation-server-by-client",
208 server => {
209 "Options" => "NoRenegotiation",
210 "MaxProtocol" => "TLSv1.2"
211 },
212 client => { },
213 test => {
214 "Method" => "TLS",
215 "HandshakeMode" => "RenegotiateClient",
216 "ResumptionExpected" => "No",
217 "ExpectedResult" => "ClientFail"
218 }
219 },
220 {
221 name => "no-renegotiation-server-by-server",
222 server => {
223 "Options" => "NoRenegotiation",
224 "MaxProtocol" => "TLSv1.2"
225 },
226 client => { },
227 test => {
228 "Method" => "TLS",
229 "HandshakeMode" => "RenegotiateServer",
230 "ResumptionExpected" => "No",
231 "ExpectedResult" => "ServerFail"
232 }
233 },
234 {
235 name => "no-renegotiation-client-by-server",
236 server => {
237 "MaxProtocol" => "TLSv1.2"
238 },
239 client => {
240 "Options" => "NoRenegotiation",
241 },
242 test => {
243 "Method" => "TLS",
244 "HandshakeMode" => "RenegotiateServer",
245 "ResumptionExpected" => "No",
246 "ExpectedResult" => "ServerFail"
247 }
248 },
249 {
250 name => "no-renegotiation-client-by-client",
251 server => {
252 "MaxProtocol" => "TLSv1.2"
253 },
254 client => {
255 "Options" => "NoRenegotiation",
256 },
257 test => {
258 "Method" => "TLS",
259 "HandshakeMode" => "RenegotiateClient",
260 "ResumptionExpected" => "No",
261 "ExpectedResult" => "ClientFail"
262 }
263 },
264 {
265 name => "no-extms-on-renegotiation",
266 server => {
267 "MaxProtocol" => "TLSv1.2"
268 },
269 client => {
270 "MaxProtocol" => "TLSv1.2",
271 extra => {
272 "RenegotiateNoExtms" => "Yes"
273 }
274 },
275 test => {
276 "Method" => "TLS",
277 "HandshakeMode" => "RenegotiateClient",
278 "ResumptionExpected" => "No",
279 "ExpectedResult" => "ServerFail"
280 }
281 },
282 {
283 name => "allow-client-renegotiation",
284 server => {
285 "MaxProtocol" => "TLSv1.2",
286 },
287 client => {
288 "MaxProtocol" => "TLSv1.2"
289 },
290 test => {
291 "Method" => "TLS",
292 "HandshakeMode" => "RenegotiateClient",
293 "ResumptionExpected" => "Yes",
294 "ExpectedResult" => "Success"
295 }
296 },
297 {
298 name => "no-client-renegotiation",
299 server => {
300 "MaxProtocol" => "TLSv1.2",
301 "Options" => "-ClientRenegotiation"
302 },
303 client => {
304 "MaxProtocol" => "TLSv1.2",
305 },
306 test => {
307 "Method" => "TLS",
308 "HandshakeMode" => "RenegotiateClient",
309 "ResumptionExpected" => "No",
310 "ExpectedResult" => "ClientFail",
311 "ExpectedServerAlert" => "NoRenegotiation"
312 }
313 }
314);
315
316push @tests, @tests_tls1_2 unless disabled("tls1_2");
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette