diff --git a/certs/crl/ca-int-ecc.pem b/certs/crl/ca-int-ecc.pem new file mode 100644 index 000000000..654cd30cb --- /dev/null +++ b/certs/crl/ca-int-ecc.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBYDCCAQUCAQEwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0x +ODEyMjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBSXHWDD +hyJZm2AfhLSZHIhNv9oebjALBgNVHRQEBAICIAMwCgYIKoZIzj0EAwIDSQAwRgIh +AMrFN7PEk0mtpHWZXJQSaXrc2K2BY/iZ6GlKnbM9G44MAiEA5K9dEKgOX/2VvGlR +YN8aMaQ+Ly9fyMNEnXLR2OOMrBA= +-----END X509 CRL----- diff --git a/certs/crl/ca-int.pem b/certs/crl/ca-int.pem new file mode 100644 index 000000000..d0dd6ce4a --- /dev/null +++ b/certs/crl/ca-int.pem @@ -0,0 +1,14 @@ +-----BEGIN X509 CRL----- +MIICHDCCAQQCAQEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVTMRMwEQYD +VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm +U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRl +cm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4 +MTIyMTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFO9p4PfV +HeaZ7Nxt0PfiuVxkcYM1MAsGA1UdFAQEAgIgADANBgkqhkiG9w0BAQsFAAOCAQEA +d++OmLaoou17s32sU/onSY1+Y9PoqYcKqkjK14srsvnrMe8AS3QDsuF721cg3Ekp +pghG2pmyrvsCB8uaZ5yGE0B7YZ2ZfKjq6IQAQmcMkZ9tVtchmJNGyuB0T8uL8fJE +JsCvI+eAyYTSjgePQC4x9GMunWwRfQ4DWjXIal8f9WNLnRRZl8MKaTk6fuMM+GBt +6QJ1qEEeWWwbTnCqAia4dJ/IJGn7bbxwMAs305zrBE8G17gzh4Q4aj/nt71+oM5e +Jf4XHs2GahUUz29OqiXwsfNfpF9/DHxjTf0UyHjRVV95hdq2QBQNuozVQ/wDiXSH +12py+paDtyfh1Vw3RapYMQ== +-----END X509 CRL----- diff --git a/certs/crl/client-int-ecc.pem b/certs/crl/client-int-ecc.pem new file mode 100644 index 000000000..91315dcbe --- /dev/null +++ b/certs/crl/client-int-ecc.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBXTCCAQICAQEwCgYIKoZIzj0EAwIwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNTTCBDbGllbnQg +Q2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODEy +MjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBTr1EtZa5Vh +P1FXtgRNiUGIRFyr8jALBgNVHRQEBAICIAUwCgYIKoZIzj0EAwIDSQAwRgIhAJn0 +klExhxOHZtOQi45DuNnraKRzWV+V0moXQOvQmP4+AiEAk7Oqvn3Ij3ZhB/V+7VT0 +iPE8ipSUmQbQcZzI7BhT86E= +-----END X509 CRL----- diff --git a/certs/crl/client-int.pem b/certs/crl/client-int.pem new file mode 100644 index 000000000..0acea6861 --- /dev/null +++ b/certs/crl/client-int.pem @@ -0,0 +1,14 @@ +-----BEGIN X509 CRL----- +MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZwxCzAJBgNVBAYTAlVTMRMwEQYD +VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm +U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29sZlNTTCBDbGll +bnQgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MTIy +MTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFDPYRWbXaIcY +flQNcCeRxybXhWXAMAsGA1UdFAQEAgIgAjANBgkqhkiG9w0BAQsFAAOCAQEAefil +VL8oAVmbbtUyF7v7cwZ+3Olt6VuCcevIPYMc8yP7huO21UpkjwrVhr0tru6SA5xO +2I1lUwcyuH49c2H/RVEmS7q75TErYyXl/D209+LidOqPAnVibNWBsNaqQUn11dEM +T+VBC6aiUuLxnslpzWUkmromjh0BI2f1AbYEtRDHlaqZakxiZ4FdXPpnopcO44+T +ZLS2Kj52L6ykB1j70I2HOpZ7C07+MTBLvCV8J0Au1+GNBN1TZSO0dOX8AXLSpS+6 +q3vxJ1nsNYk/P7KdJO8eGYth9pXffKYPzMz0urrnavNd9nO9bR4u89SLepzuedBK +vX+Acp5M8IcAnw4sEA== +-----END X509 CRL----- diff --git a/certs/crl/include.am b/certs/crl/include.am index c5d635df8..4b1034ac3 100644 --- a/certs/crl/include.am +++ b/certs/crl/include.am @@ -14,3 +14,12 @@ EXTRA_DIST += \ EXTRA_DIST += \ certs/crl/crl.revoked + +# Intermediate cert CRL's +EXTRA_DIST += \ + certs/crl/ca-int.pem \ + certs/crl/client-int.pem \ + certs/crl/server-int.pem \ + certs/crl/ca-int-ecc.pem \ + certs/crl/client-int-ecc.pem \ + certs/crl/server-int-ecc.pem diff --git a/certs/crl/server-int-ecc.pem b/certs/crl/server-int-ecc.pem new file mode 100644 index 000000000..c4bedeaa8 --- /dev/null +++ b/certs/crl/server-int-ecc.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBXDCCAQICAQEwCgYIKoZIzj0EAwIwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNTTCBTZXJ2ZXIg +Q2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODEy +MjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBRdXSbvrH42 ++Zt2FStKJQIj77KJMDALBgNVHRQEBAICIAQwCgYIKoZIzj0EAwIDSAAwRQIgTKmg +a595JJuQ5U4Alhi7p8424/02UoN4WLg9tZiGtfICIQDKtdI2JZuVpTmCtRRo8gZH +H/s5EUrqsIpXoNMdsGO1+w== +-----END X509 CRL----- diff --git a/certs/crl/server-int.pem b/certs/crl/server-int.pem new file mode 100644 index 000000000..ccddf4b4f --- /dev/null +++ b/certs/crl/server-int.pem @@ -0,0 +1,14 @@ +-----BEGIN X509 CRL----- +MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZwxCzAJBgNVBAYTAlVTMRMwEQYD +VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm +U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29sZlNTTCBTZXJ2 +ZXIgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MTIy +MTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFLMRMsmSmITi +yfjQO24DQsofDo48MAsGA1UdFAQEAgIgATANBgkqhkiG9w0BAQsFAAOCAQEAEhz6 +qLMqvX2s8/nsg2BjT+07Di3f3kkCZqxWtdvoSHg44lQof2F6UuTeKzlBWfTmFLE9 +qZJ8dj6xSMPEnZnRB1z9HvHRKZGDotuSNWCt4BElXP6ZZpQcIFaYUsWUZJ0Zb7LW +/06fuepQTeHrxvwNPD6SF5+dVX7doQ2l2ytkQvGHznrWsQNdB2H9K2tAZTIbkiQA +KcRP1pm1Dt2pZWPbwHws/AcXM4nCIJRUTlo1drHBClDbJB1n/AU8LjX1shX4AUds ++HthMwVmDUjofoXuqzRVyCtfdMH5tgwY//opif+FRXwXjZajx9K+vu68Qa8hI5+9 +sXu6NDs92L2KLfGNmg== +-----END X509 CRL----- diff --git a/certs/include.am b/certs/include.am index 86eb71755..53bcb581c 100644 --- a/certs/include.am +++ b/certs/include.am @@ -100,3 +100,4 @@ include certs/external/include.am include certs/ocsp/include.am include certs/test/include.am include certs/test-pathlen/include.am +include certs/intermediate/include.am diff --git a/certs/intermediate/ca-int-cert.der b/certs/intermediate/ca-int-cert.der new file mode 100644 index 000000000..d7c9a71d6 Binary files /dev/null and b/certs/intermediate/ca-int-cert.der differ diff --git a/certs/intermediate/ca-int-cert.pem b/certs/intermediate/ca-int-cert.pem new file mode 100644 index 000000000..e2ccd52d7 --- /dev/null +++ b/certs/intermediate/ca-int-cert.pem @@ -0,0 +1,83 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 21 17:54:00 2018 GMT + Not After : Dec 16 17:54:00 2038 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:a2:73:5d:21:62:20:ce:3a:71:38:a7:94:bb: + db:87:04:1c:5a:1b:9e:4b:0d:3e:ca:f8:a5:f7:0d: + 6a:dc:23:90:22:6a:2b:58:63:4a:28:6a:48:a8:e7: + 73:1f:a2:55:d8:4d:02:3b:e2:cb:6b:e2:83:c9:51: + 8f:77:fd:dc:2d:5d:23:b7:23:9a:7e:b6:29:68:e8: + 2a:4e:a9:fe:32:70:31:9e:f0:ef:ee:f8:8d:e3:fc: + f3:d7:28:dd:7a:1d:9e:ad:23:2b:f1:a6:7f:34:52: + 29:66:d2:e5:64:55:64:d6:dd:4b:41:3b:55:83:6e: + c0:11:0e:6e:20:c2:16:73:eb:30:ff:09:46:bb:e7: + cc:c6:03:44:41:11:c6:c1:6c:36:2f:4a:f9:91:55: + ca:58:5e:37:b8:28:10:30:89:40:96:77:cf:70:66: + a4:55:fb:69:0b:e7:d9:b2:33:65:db:72:3a:77:b7: + 2b:49:fc:b6:cd:58:10:8d:ab:aa:cb:40:45:77:02: + 39:18:b3:8f:33:01:48:77:50:be:8e:73:a7:de:36: + a0:49:8e:2c:16:af:b9:fb:42:2d:35:6a:db:34:37: + d5:14:59:7d:65:72:e5:8b:65:55:4b:20:5e:47:f9: + f8:3a:d3:6c:d9:3a:f5:c7:01:46:31:c3:79:9a:18: + be:49 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Signature Algorithm: sha256WithRSAEncryption + 5e:cd:30:ce:13:06:a8:a3:25:6d:85:68:bf:88:3b:68:12:6a: + 5e:5f:22:82:51:4a:fd:b1:ae:b2:c2:3e:a1:e4:73:97:6f:77: + 1f:5e:0a:a6:3e:8a:20:93:4c:3f:68:64:69:a8:d7:ae:3e:a5: + 58:e4:d0:45:e4:7a:5f:cc:68:23:3d:7b:df:8d:33:8d:ba:0b: + 73:dd:97:41:99:1a:26:7f:17:87:c4:76:bb:3b:b5:15:24:b0: + 82:4f:2e:0a:c3:fe:ab:75:c9:4d:59:74:1a:c7:33:e7:4f:14: + 45:5b:f4:d3:c3:a9:9d:34:a8:e1:2a:33:ea:10:07:db:9e:33: + 83:60:f0:dd:7c:27:0d:6b:92:ef:90:cc:35:b3:4e:e3:fa:ca: + 87:55:31:e8:7b:8c:c2:35:19:41:6a:76:6c:6c:7a:d0:6a:d1: + 2d:a8:a6:97:40:73:52:9c:3c:43:a7:4b:f1:b7:04:af:e0:d1: + 32:3c:ac:df:a7:4a:15:fb:2e:56:d8:5c:4c:99:9d:3c:f0:6d: + a0:20:25:96:c9:24:fc:84:4c:dc:de:1d:29:e8:d4:e1:ff:ca: + 06:2f:39:ed:24:dc:79:f9:2a:18:00:ae:d2:8b:44:eb:2a:94: + fb:c8:02:86:0d:7e:1f:65:c7:20:06:5e:ca:50:af:bd:71:cb: + 06:da:12:ff +-----BEGIN CERTIFICATE----- +MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT +MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT +YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L +DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+ +tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD +bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV ++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW +r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj +ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn +jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB +/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i +glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z +jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo +4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim +l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU +4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w== +-----END CERTIFICATE----- diff --git a/certs/intermediate/ca-int-ecc-cert.der b/certs/intermediate/ca-int-ecc-cert.der new file mode 100644 index 000000000..171c86b1d Binary files /dev/null and b/certs/intermediate/ca-int-ecc-cert.der differ diff --git a/certs/intermediate/ca-int-ecc-cert.pem b/certs/intermediate/ca-int-ecc-cert.pem new file mode 100644 index 000000000..885ebf484 --- /dev/null +++ b/certs/intermediate/ca-int-ecc-cert.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4099 (0x1003) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 21 17:54:01 2018 GMT + Not After : Dec 16 17:54:01 2038 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:95:df:1c:b2:9e:20:a9:1d:a2:5b:ab:5c:9b:a8: + 66:06:29:e6:b2:d8:e3:14:a6:c3:c1:b4:ad:4d:44: + 18:20:1e:5d:67:fd:15:1d:6d:25:e1:17:b1:71:ca: + 85:03:f0:d2:af:41:66:46:36:6d:ea:41:cb:4f:c8: + 4a:d0:a0:61:8c + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Subject Key Identifier: + 97:1D:60:C3:87:22:59:9B:60:1F:84:B4:99:1C:88:4D:BF:DA:1E:6E + X509v3 Authority Key Identifier: + keyid:56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21 + + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:0 + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:20:8d:bd:bc:08:8a:52:20:ab:bc:f0:94:0c:3c: + 38:9c:9e:c0:18:53:94:94:7f:57:3d:15:8e:75:5f:8c:82:79: + 02:20:40:3e:0f:27:9a:e8:ba:9b:f4:99:cf:71:36:68:d1:ed: + 31:54:37:e8:2e:37:d0:9e:49:a9:27:79:c1:03:34:50 +-----BEGIN CERTIFICATE----- +MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD +wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD +VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y +uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG +MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf +jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA== +-----END CERTIFICATE----- diff --git a/certs/intermediate/ca-int-ecc-key.der b/certs/intermediate/ca-int-ecc-key.der new file mode 100644 index 000000000..7917cfccf Binary files /dev/null and b/certs/intermediate/ca-int-ecc-key.der differ diff --git a/certs/intermediate/ca-int-ecc-key.pem b/certs/intermediate/ca-int-ecc-key.pem new file mode 100644 index 000000000..47215bd06 --- /dev/null +++ b/certs/intermediate/ca-int-ecc-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIDOGXhoaF5CDp/zS7ulq2RPH/WnHFq2fZ0T+vCWd0+LXoAoGCCqGSM49 +AwEHoUQDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbDwbStTUQYIB5dZ/0VHW0l +4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjA== +-----END EC PRIVATE KEY----- diff --git a/certs/intermediate/ca-int-key.der b/certs/intermediate/ca-int-key.der new file mode 100644 index 000000000..be3ed6b87 Binary files /dev/null and b/certs/intermediate/ca-int-key.der differ diff --git a/certs/intermediate/ca-int-key.pem b/certs/intermediate/ca-int-key.pem new file mode 100644 index 000000000..0b050b6b8 --- /dev/null +++ b/certs/intermediate/ca-int-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEAw6JzXSFiIM46cTinlLvbhwQcWhueSw0+yvil9w1q3COQImor +WGNKKGpIqOdzH6JV2E0CO+LLa+KDyVGPd/3cLV0jtyOafrYpaOgqTqn+MnAxnvDv +7viN4/zz1yjdeh2erSMr8aZ/NFIpZtLlZFVk1t1LQTtVg27AEQ5uIMIWc+sw/wlG +u+fMxgNEQRHGwWw2L0r5kVXKWF43uCgQMIlAlnfPcGakVftpC+fZsjNl23I6d7cr +Sfy2zVgQjauqy0BFdwI5GLOPMwFId1C+jnOn3jagSY4sFq+5+0ItNWrbNDfVFFl9 +ZXLli2VVSyBeR/n4OtNs2Tr1xwFGMcN5mhi+SQIDAQABAoIBAQCwoB1pyrcOiULI +b+8U4Jpthq+WRvMeLYIwvFcS+uEsiUsbVyF1NoeAf5zEKdqNiAHbPIO0z6j66VI0 +U1elbOP5bOrO8O0OU6aFWX7A8MdYgGS8bCkjZvKsEPeRnQqAsvdMt8F39etIsJlC +hUunz1UwjDDiXxBwjnAHtjCFkNW2pt6LscUgqSPr/dYIM6H5ZdSINvUYd9v6xvYz +KQhOZSyikO2sqs/d+tTl1/Onca3HWxynhT4HCe47RQnxaCk+6qa25nrXCIHS+cNh +Ro79iBqkSsG43nYtZ14ZRsPh4jeie0myP1CzYL94fTNuc9wRXJ/dOIjZu3uCHDxt +opSopKSBAoGBAPH4m7hf4DbFtBQCXq3sQw2FqQB4WeEiOSGoZLhivAcarc6gUNZ0 +7/eVUJJJ+pW3UlDtZ5aF1yewBXTNackI/pNvHQziSf/hzRzDdsk4ei3cMnctshMk +XM6oHxw1MyR9g3YhYcAvzmDlevwYj/k2ABhnUva2yM3gD77ao0hjwIyZAoGBAM76 +Gr3ZwT3hh/CzO8GDZuzwLPahLTcBUmCEb+yfr9ELjPH++p4xOw7QZybxaHKlzla0 +wDZ+L5mSL+HciRYIR1JUH+K6PxGqp0ufu6dclLAcNBCEotAtoWSLW3Z7h4LX7/x4 +IafDkxHWMWQxYJaLN5REbJArurY0lu1z5uBqpJ0xAoGBALI2NBpbIru0aKjEBg96 +jvgKlSoveaMCnalYaLYUof9petFP6bnJbmOeqTTVH6Xc2teXwk9uS8SDM8GO+HaE +FVto3rB6iZ3YJEUnAPm6iuHz54c3NIw8n83krOUNmZkqiAQdGe1+SDW9ThMV1BPr +3a4bi1MB1GsstuwOA2xxa4MhAoGBAIoPNDU9AfRH8shwlcRv5QDY9/UO770ICa3N +yWaZ4cncHYjyHrPUfONVyeilEJmg1bDqYmg25YNXis7qrxpeLUzSRm6S8yzSm0ML +aj2puJh8R5JZFs0sEsKhXkH7BhoV9cN/Ulu4TeqQ6GM/uIDSniEtPwkv0hxlmeML +843wNJuRAoGBAKloBRB17AOMxVrB51GLWmVDOvbb398bL5WDHnM+j5QjEdL25rVx +9jDsw9ysikfkjTvs9UfQ6XUIjwurR40hhWoB5KGKvXU3rO/8ds3Gu1EbGmk0h9dS +seC5knwR/3QrRKHerNP5hzDIeRYaPOnko4Zhoo+28UFAHZcItQGF3lF/ +-----END RSA PRIVATE KEY----- diff --git a/certs/intermediate/client-chain-alt-ecc.pem b/certs/intermediate/client-chain-alt-ecc.pem new file mode 100644 index 000000000..58bb755f0 --- /dev/null +++ b/certs/intermediate/client-chain-alt-ecc.pem @@ -0,0 +1,55 @@ +-----BEGIN CERTIFICATE----- +MIICxjCCAmygAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ +bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s +ZlNTTCBDbGllbnQgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31 +cHvU7CSOGYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/ +tKOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQU +69RLWWuVYT9RV7YETYlBiERcq/IwHwYDVR0jBBgwFoAUlx1gw4ciWZtgH4S0mRyI +Tb/aHm4wDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF +BQcDBDAKBggqhkjOPQQDAgNIADBFAiBe6My62YzVR/EAn/a2IjlFpCektOZbCnJ0 +wFB0KiilZQIhAKofLu9dYlzn5JMB77wMijSohui3fABOA7QX43L+ZYHf +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD +wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD +VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y +uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG +MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf +jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- diff --git a/certs/intermediate/client-chain-alt.pem b/certs/intermediate/client-chain-alt.pem new file mode 100644 index 000000000..6ace19174 --- /dev/null +++ b/certs/intermediate/client-chain-alt.pem @@ -0,0 +1,71 @@ +-----BEGIN CERTIFICATE----- +MIIESjCCAzKgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK +DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT +TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV +BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm +U1NMIENsaWVudCBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr +Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N ++e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA +nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G +wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz +2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh +utMCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV +HQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwHwYDVR0jBBgwFoAU72ng99Ud5pns +3G3Q9+K5XGRxgzUwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC +BggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAiIEheKwEinl+zaW6O/5SYeic +XSiRymhyMZnVFXiZ0QP/thNZI0iekpTMkQGT3Bk2aNdIU6uZ2CP8KJhD8+uf4i/E +TLMcSDWSbVNGXcEgIQdxJaE3iRqb7PXj0RWg/hAuzWfVPW7WufU4jToSyS754anI +b9YEBWbfPDpp16prXnEN41M4PYdKHseIeByHWiG9D4b0fIa9UX2cy/KypkF6+LsI +EWdqMZ9I9tEHojaHg3NoO8kRXquj0GGa341SuYp50vNdsD0Vae6jtcK+tD8RsAbT +uLQyRZX/dkjrYwsdeQ9VldZ8htRhIPkPooKkH7EQU9joyCezvZh7CsRbgtBszw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT +MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT +YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L +DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+ +tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD +bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV ++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW +r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj +ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn +jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB +/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i +glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z +jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo +4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim +l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU +4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- diff --git a/certs/intermediate/client-chain-ecc.der b/certs/intermediate/client-chain-ecc.der new file mode 100644 index 000000000..b067fe290 Binary files /dev/null and b/certs/intermediate/client-chain-ecc.der differ diff --git a/certs/intermediate/client-chain-ecc.pem b/certs/intermediate/client-chain-ecc.pem new file mode 100644 index 000000000..5138cf271 --- /dev/null +++ b/certs/intermediate/client-chain-ecc.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIICxjCCAmygAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ +bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s +ZlNTTCBDbGllbnQgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31 +cHvU7CSOGYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/ +tKOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQU +69RLWWuVYT9RV7YETYlBiERcq/IwHwYDVR0jBBgwFoAUlx1gw4ciWZtgH4S0mRyI +Tb/aHm4wDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF +BQcDBDAKBggqhkjOPQQDAgNIADBFAiBe6My62YzVR/EAn/a2IjlFpCektOZbCnJ0 +wFB0KiilZQIhAKofLu9dYlzn5JMB77wMijSohui3fABOA7QX43L+ZYHf +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD +wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD +VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y +uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG +MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf +jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA== +-----END CERTIFICATE----- diff --git a/certs/intermediate/client-chain.der b/certs/intermediate/client-chain.der new file mode 100644 index 000000000..0097d2b2c Binary files /dev/null and b/certs/intermediate/client-chain.der differ diff --git a/certs/intermediate/client-chain.pem b/certs/intermediate/client-chain.pem new file mode 100644 index 000000000..9404a453e --- /dev/null +++ b/certs/intermediate/client-chain.pem @@ -0,0 +1,49 @@ +-----BEGIN CERTIFICATE----- +MIIESjCCAzKgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK +DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT +TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV +BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm +U1NMIENsaWVudCBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr +Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N ++e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA +nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G +wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz +2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh +utMCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV +HQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwHwYDVR0jBBgwFoAU72ng99Ud5pns +3G3Q9+K5XGRxgzUwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC +BggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAiIEheKwEinl+zaW6O/5SYeic +XSiRymhyMZnVFXiZ0QP/thNZI0iekpTMkQGT3Bk2aNdIU6uZ2CP8KJhD8+uf4i/E +TLMcSDWSbVNGXcEgIQdxJaE3iRqb7PXj0RWg/hAuzWfVPW7WufU4jToSyS754anI +b9YEBWbfPDpp16prXnEN41M4PYdKHseIeByHWiG9D4b0fIa9UX2cy/KypkF6+LsI +EWdqMZ9I9tEHojaHg3NoO8kRXquj0GGa341SuYp50vNdsD0Vae6jtcK+tD8RsAbT +uLQyRZX/dkjrYwsdeQ9VldZ8htRhIPkPooKkH7EQU9joyCezvZh7CsRbgtBszw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT +MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT +YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L +DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+ +tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD +bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV ++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW +r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj +ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn +jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB +/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i +glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z +jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo +4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim +l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU +4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w== +-----END CERTIFICATE----- diff --git a/certs/intermediate/client-int-cert.der b/certs/intermediate/client-int-cert.der new file mode 100644 index 000000000..e61086695 Binary files /dev/null and b/certs/intermediate/client-int-cert.der differ diff --git a/certs/intermediate/client-int-cert.pem b/certs/intermediate/client-int-cert.pem new file mode 100644 index 000000000..105ba85bb --- /dev/null +++ b/certs/intermediate/client-int-cert.pem @@ -0,0 +1,88 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4098 (0x1002) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 21 17:54:00 2018 GMT + Not After : Dec 18 17:54:00 2028 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Client Chain/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b: + 2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07: + 32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d: + 68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b: + ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf: + 65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5: + b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6: + 13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b: + 0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e: + bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14: + c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83: + ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19: + cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d: + 3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9: + 54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71: + d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86: + 2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1: + ba:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Subject Key Identifier: + 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + X509v3 Authority Key Identifier: + keyid:EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35 + + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, E-mail Protection + Signature Algorithm: sha256WithRSAEncryption + 88:81:21:78:ac:04:8a:79:7e:cd:a5:ba:3b:fe:52:61:e8:9c: + 5d:28:91:ca:68:72:31:99:d5:15:78:99:d1:03:ff:b6:13:59: + 23:48:9e:92:94:cc:91:01:93:dc:19:36:68:d7:48:53:ab:99: + d8:23:fc:28:98:43:f3:eb:9f:e2:2f:c4:4c:b3:1c:48:35:92: + 6d:53:46:5d:c1:20:21:07:71:25:a1:37:89:1a:9b:ec:f5:e3: + d1:15:a0:fe:10:2e:cd:67:d5:3d:6e:d6:b9:f5:38:8d:3a:12: + c9:2e:f9:e1:a9:c8:6f:d6:04:05:66:df:3c:3a:69:d7:aa:6b: + 5e:71:0d:e3:53:38:3d:87:4a:1e:c7:88:78:1c:87:5a:21:bd: + 0f:86:f4:7c:86:bd:51:7d:9c:cb:f2:b2:a6:41:7a:f8:bb:08: + 11:67:6a:31:9f:48:f6:d1:07:a2:36:87:83:73:68:3b:c9:11: + 5e:ab:a3:d0:61:9a:df:8d:52:b9:8a:79:d2:f3:5d:b0:3d:15: + 69:ee:a3:b5:c2:be:b4:3f:11:b0:06:d3:b8:b4:32:45:95:ff: + 76:48:eb:63:0b:1d:79:0f:55:95:d6:7c:86:d4:61:20:f9:0f: + a2:82:a4:1f:b1:10:53:d8:e8:c8:27:b3:bd:98:7b:0a:c4:5b: + 82:d0:6c:cf +-----BEGIN CERTIFICATE----- +MIIESjCCAzKgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK +DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT +TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV +BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm +U1NMIENsaWVudCBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr +Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N ++e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA +nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G +wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz +2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh +utMCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV +HQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwHwYDVR0jBBgwFoAU72ng99Ud5pns +3G3Q9+K5XGRxgzUwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC +BggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAiIEheKwEinl+zaW6O/5SYeic +XSiRymhyMZnVFXiZ0QP/thNZI0iekpTMkQGT3Bk2aNdIU6uZ2CP8KJhD8+uf4i/E +TLMcSDWSbVNGXcEgIQdxJaE3iRqb7PXj0RWg/hAuzWfVPW7WufU4jToSyS754anI +b9YEBWbfPDpp16prXnEN41M4PYdKHseIeByHWiG9D4b0fIa9UX2cy/KypkF6+LsI +EWdqMZ9I9tEHojaHg3NoO8kRXquj0GGa341SuYp50vNdsD0Vae6jtcK+tD8RsAbT +uLQyRZX/dkjrYwsdeQ9VldZ8htRhIPkPooKkH7EQU9joyCezvZh7CsRbgtBszw== +-----END CERTIFICATE----- diff --git a/certs/intermediate/client-int-ecc-cert.der b/certs/intermediate/client-int-ecc-cert.der new file mode 100644 index 000000000..6b806bbc5 Binary files /dev/null and b/certs/intermediate/client-int-ecc-cert.der differ diff --git a/certs/intermediate/client-int-ecc-cert.pem b/certs/intermediate/client-int-ecc-cert.pem new file mode 100644 index 000000000..4b9fbddd2 --- /dev/null +++ b/certs/intermediate/client-int-ecc-cert.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4101 (0x1005) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 21 17:54:01 2018 GMT + Not After : Dec 18 17:54:01 2028 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Client Chain ECC/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d: + f5:70:7b:d4:ec:24:8e:19:80:ec:5a:4c:a2:24:03: + 62:2c:9b:da:ef:a2:35:12:43:84:76:16:c6:56:95: + 06:cc:01:a9:bd:f6:75:1a:42:f7:bd:a9:b2:36:22: + 5f:c7:5d:7f:b4 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Subject Key Identifier: + EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2 + X509v3 Authority Key Identifier: + keyid:97:1D:60:C3:87:22:59:9B:60:1F:84:B4:99:1C:88:4D:BF:DA:1E:6E + + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, E-mail Protection + Signature Algorithm: ecdsa-with-SHA256 + 30:45:02:20:5e:e8:cc:ba:d9:8c:d5:47:f1:00:9f:f6:b6:22: + 39:45:a4:27:a4:b4:e6:5b:0a:72:74:c0:50:74:2a:28:a5:65: + 02:21:00:aa:1f:2e:ef:5d:62:5c:e7:e4:93:01:ef:bc:0c:8a: + 34:a8:86:e8:b7:7c:00:4e:03:b4:17:e3:72:fe:65:81:df +-----BEGIN CERTIFICATE----- +MIICxjCCAmygAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ +bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s +ZlNTTCBDbGllbnQgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31 +cHvU7CSOGYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/ +tKOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQU +69RLWWuVYT9RV7YETYlBiERcq/IwHwYDVR0jBBgwFoAUlx1gw4ciWZtgH4S0mRyI +Tb/aHm4wDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF +BQcDBDAKBggqhkjOPQQDAgNIADBFAiBe6My62YzVR/EAn/a2IjlFpCektOZbCnJ0 +wFB0KiilZQIhAKofLu9dYlzn5JMB77wMijSohui3fABOA7QX43L+ZYHf +-----END CERTIFICATE----- diff --git a/certs/intermediate/genintcerts.sh b/certs/intermediate/genintcerts.sh new file mode 100755 index 000000000..920b6f94d --- /dev/null +++ b/certs/intermediate/genintcerts.sh @@ -0,0 +1,293 @@ +#!/bin/sh + +# Script for generating RSA and ECC Intermediate CA and server/client certs based on it. + +# Result is chains that looks like: +# RSA Server +# ROOT: ./certs/ca-cert.pem +# C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com) +# INTERMEDIATE: ./certs/intermediate/ca-int-cert.pem +# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com +# SERVER: ./certs/intermediate/server-int-cert.pem +# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Server Chain/emailAddress=info@wolfssl.com + +# RSA Client +# ROOT: ./certs/ca-cert.pem +# C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com) +# INTERMEDIATE: ./certs/intermediate/ca-int-cert.pem +# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com +# CLIENT: ./certs/intermediate/client-int-cert.pem +# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Client Chain/emailAddress=info@wolfssl.com + +# ECC Server +# ROOT: ./certs/ca-ecc-cert.pem +# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com +# INTERMEDIATE: ./certs/intermediate/ca-int-ecc-cert.pem +# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com +# SERVER: ./certs/intermediate/server-int-ecc-cert.pem +# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Server Chain ECC/emailAddress=info@wolfssl.com + +# ECC Client +# ROOT: ./certs/ca-ecc-cert.pem +# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com/emailAddress=info@wolfssl.com +# INTERMEDIATE: ./certs/intermediate/ca-int-ecc-cert.pem +# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com +# CLIENT: ./certs/intermediate/client-int-ecc-cert.pem +# C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Client Chain ECC/emailAddress=info@wolfssl.com + + +# Run from wolfssl-root as `./certs/intermediate/genintcerts.sh` +# To cleanup temp files use `./certs/intermediate/genintcerts.sh clean` +# To cleanup all files use `./certs/intermediate/genintcerts.sh cleanall` + +dir="." + +cleanup_files(){ + rm -f ./certs/intermediate/index.* + rm -f ./certs/intermediate/*.old + rm -f ./certs/intermediate/serial + rm -f ./certs/intermediate/crlnumber + rm -f ./certs/intermediate/*.cnf + rm -rf ./certs/intermediate/new_certs + exit 0 +} + +check_result() { + if [ $1 -ne 0 ]; then + echo "Step Failed, Abort" + exit 1 + else + echo "Step Succeeded!" + fi +} + +# Args: 1=CnfFile, 2=Key, 3=Cert +create_ca_config() { + echo "# Generated openssl conf" > "$1" + echo "[ ca ]" >> "$1" + echo "default_ca = CA_default" >> "$1" + echo "" >> "$1" + echo "[ CA_default ]" >> "$1" + echo "certs = $dir/certs/intermediate" >> "$1" + echo "new_certs_dir = $dir/certs/intermediate/new_certs">> "$1" + echo "database = $dir/certs/intermediate/index.txt">> "$1" + echo "serial = $dir/certs/intermediate/serial" >> "$1" + echo "RANDFILE = $dir/private/.rand" >> "$1" + echo "" >> "$1" + echo "private_key = $dir/$2" >> "$1" + echo "certificate = $dir/$3" >> "$1" + echo "" >> "$1" + echo "crlnumber = $dir/certs/intermediate/crlnumber">> "$1" + echo "crl_extensions = crl_ext" >> "$1" + echo "default_crl_days = 1000" >> "$1" + echo "default_md = sha256" >> "$1" + echo "" >> "$1" + echo "name_opt = ca_default" >> "$1" + echo "cert_opt = ca_default" >> "$1" + echo "default_days = 3650" >> "$1" + echo "preserve = no" >> "$1" + echo "policy = policy_loose" >> "$1" + echo "" >> "$1" + echo "[ policy_strict ]" >> "$1" + echo "countryName = match" >> "$1" + echo "stateOrProvinceName = match" >> "$1" + echo "organizationName = match" >> "$1" + echo "organizationalUnitName = optional" >> "$1" + echo "commonName = supplied" >> "$1" + echo "emailAddress = optional" >> "$1" + echo "" >> "$1" + echo "[ policy_loose ]" >> "$1" + echo "countryName = optional" >> "$1" + echo "stateOrProvinceName = optional" >> "$1" + echo "localityName = optional" >> "$1" + echo "organizationName = optional" >> "$1" + echo "organizationalUnitName = optional" >> "$1" + echo "commonName = supplied" >> "$1" + echo "emailAddress = optional" >> "$1" + echo "" >> "$1" + echo "[ req ]" >> "$1" + echo "default_bits = 2048" >> "$1" + echo "distinguished_name = req_distinguished_name" >> "$1" + echo "string_mask = utf8only" >> "$1" + echo "default_md = sha256" >> "$1" + echo "x509_extensions = v3_ca" >> "$1" + echo "" >> "$1" + echo "[ req_distinguished_name ]" >> "$1" + echo "countryName = US" >> "$1" + echo "stateOrProvinceName = Washington" >> "$1" + echo "localityName = Seattle" >> "$1" + echo "organizationName = wolfSSL" >> "$1" + echo "organizationalUnitName = Development" >> "$1" + echo "commonName = www.wolfssl.com" >> "$1" + echo "emailAddress = info@wolfssl.com" >> "$1" + echo "" >> "$1" + echo "[ v3_ca ]" >> "$1" + echo "subjectKeyIdentifier = hash" >> "$1" + echo "authorityKeyIdentifier = keyid:always,issuer" >> "$1" + echo "basicConstraints = critical, CA:true" >> "$1" + echo "keyUsage = critical, digitalSignature, cRLSign, keyCertSign">> "$1" + echo "" >> "$1" + echo "[ v3_intermediate_ca ]" >> "$1" + echo "subjectKeyIdentifier = hash" >> "$1" + echo "authorityKeyIdentifier = keyid:always,issuer" >> "$1" + echo "basicConstraints = critical, CA:true, pathlen:0" >> "$1" + echo "keyUsage = critical, digitalSignature, cRLSign, keyCertSign">> "$1" + echo "" >> "$1" + echo "[ usr_cert ]" >> "$1" + echo "basicConstraints = CA:FALSE" >> "$1" + echo "nsCertType = client, email" >> "$1" + echo "subjectKeyIdentifier = hash" >> "$1" + echo "authorityKeyIdentifier = keyid,issuer" >> "$1" + echo "keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment">> "$1" + echo "extendedKeyUsage = clientAuth, emailProtection" >> "$1" + echo "" >> "$1" + echo "[ server_cert ]" >> "$1" + echo "basicConstraints = CA:FALSE" >> "$1" + echo "nsCertType = server" >> "$1" + echo "subjectKeyIdentifier = hash" >> "$1" + echo "authorityKeyIdentifier = keyid,issuer:always" >> "$1" + echo "keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement">> "$1" + echo "extendedKeyUsage = serverAuth" >> "$1" + echo "" >> "$1" + echo "[ crl_ext ]" >> "$1" + echo "authorityKeyIdentifier=keyid:always" >> "$1" +} + +# Args: 1=reqcnf, 2=signcnf, 3=keyfile, 4=certfile, 5=ext, 6=subj, 7=days +create_cert() { + openssl req -config ./certs/intermediate/$1.cnf -new -sha256 \ + -key $3 \ + -out ./certs/intermediate/tmp.csr \ + -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=$6/emailAddress=info@wolfssl.com" + check_result $? + openssl ca -config ./certs/intermediate/$2.cnf -extensions $5 -days $7 -notext -md sha256 \ + -in ./certs/intermediate/tmp.csr -out ./certs/intermediate/$4.pem -batch + check_result $? + rm ./certs/intermediate/tmp.csr + + # Convert Cert to DER + openssl x509 -in ./certs/intermediate/$4.pem -inform PEM -out ./certs/intermediate/$4.der -outform DER + check_result $? + + # Add text to cert PEM file + openssl x509 -in ./certs/intermediate/$4.pem -text > ./certs/intermediate/tmp.pem + check_result $? + mv ./certs/intermediate/tmp.pem ./certs/intermediate/$4.pem +} + +if [ "$1" == "clean" ]; then + echo "Cleaning temp files" + cleanup_files +fi +if [ "$1" == "cleanall" ]; then + echo "Cleaning all files" + rm -f ./certs/intermediate/*.pem + rm -f ./certs/intermediate/*.der + rm -f ./certs/intermediate/*.csr + cleanup_files +fi + +# Make sure required CA files exist and are populated +rm -f ./certs/intermediate/index.* +touch ./certs/intermediate/index.txt +if [ ! -f ./certs/intermediate/serial ]; then + echo 1000 > ./certs/intermediate/serial +fi +if [ ! -f ./certs/intermediate/crlnumber ]; then + echo 2000 > ./certs/intermediate/crlnumber +fi +if [ ! -d ./certs/intermediate/new_certs ]; then + mkdir ./certs/intermediate/new_certs +fi + + +# RSA +echo "Creating RSA CA configuration cnf files" +create_ca_config ./certs/intermediate/wolfssl_root.cnf certs/ca-key.pem certs/ca-cert.pem +create_ca_config ./certs/intermediate/wolfssl_int.cnf certs/intermediate/ca-int-key.pem certs/intermediate/ca-int-cert.pem + +if [ ! -f ./certs/intermediate/ca-int-key.pem ]; then + echo "Make Intermediate RSA CA Key" + openssl genrsa -out ./certs/intermediate/ca-int-key.pem 2048 + check_result $? + openssl rsa -in ./certs/intermediate/ca-int-key.pem -inform PEM -out ./certs/intermediate/ca-int-key.der -outform DER + check_result $? +fi + +echo "Create RSA Intermediate CA signed by root" +create_cert wolfssl_int wolfssl_root ./certs/intermediate/ca-int-key.pem ca-int-cert v3_intermediate_ca "wolfSSL Intermediate CA" 7300 + +echo "Create RSA Server Certificate signed by intermediate" +create_cert wolfssl_int wolfssl_int ./certs/server-key.pem server-int-cert server_cert "wolfSSL Server Chain" 3650 + +echo "Create RSA Client Certificate signed by intermediate" +create_cert wolfssl_int wolfssl_int ./certs/client-key.pem client-int-cert usr_cert "wolfSSL Client Chain" 3650 + +echo "Generate CRLs for new certificates" +openssl ca -config ./certs/intermediate/wolfssl_root.cnf -gencrl -crldays 1000 -out ./certs/crl/ca-int.pem -keyfile ./certs/intermediate/ca-int-key.pem -cert ./certs/intermediate/ca-int-cert.pem +check_result $? +openssl ca -config ./certs/intermediate/wolfssl_int.cnf -gencrl -crldays 1000 -out ./certs/crl/server-int.pem -keyfile ./certs/server-key.pem -cert ./certs/intermediate/server-int-cert.pem +check_result $? +openssl ca -config ./certs/intermediate/wolfssl_int.cnf -gencrl -crldays 1000 -out ./certs/crl/client-int.pem -keyfile ./certs/client-key.pem -cert ./certs/intermediate/client-int-cert.pem +check_result $? + +echo "Assemble test chains - peer first, then intermediate" +openssl x509 -in ./certs/intermediate/server-int-cert.pem > ./certs/intermediate/server-chain.pem +openssl x509 -in ./certs/intermediate/ca-int-cert.pem >> ./certs/intermediate/server-chain.pem +cat ./certs/intermediate/server-int-cert.der ./certs/intermediate/ca-int-cert.der > ./certs/intermediate/server-chain.der + +openssl x509 -in ./certs/intermediate/client-int-cert.pem > ./certs/intermediate/client-chain.pem +openssl x509 -in ./certs/intermediate/ca-int-cert.pem >> ./certs/intermediate/client-chain.pem +cat ./certs/intermediate/client-int-cert.der ./certs/intermediate/ca-int-cert.der > ./certs/intermediate/client-chain.der + +echo "Assemble cert chain with extra cert for testing alternate chains" +cp ./certs/intermediate/server-chain.pem ./certs/intermediate/server-chain-alt.pem +cp ./certs/intermediate/client-chain.pem ./certs/intermediate/client-chain-alt.pem +openssl x509 -in ./certs/external/ca-google-root.pem >> ./certs/intermediate/server-chain-alt.pem +openssl x509 -in ./certs/external/ca-google-root.pem >> ./certs/intermediate/client-chain-alt.pem + + +# ECC +echo "Creating ECC CA configuration cnf files" +create_ca_config ./certs/intermediate/wolfssl_root_ecc.cnf certs/ca-ecc-key.pem certs/ca-ecc-cert.pem +create_ca_config ./certs/intermediate/wolfssl_int_ecc.cnf certs/intermediate/ca-int-ecc-key.pem certs/intermediate/ca-int-ecc-cert.pem + +if [ ! -f ./certs/intermediate/ca-int-ecc-key.pem ]; then + echo "Make Intermediate ECC CA Key" + openssl ecparam -name prime256v1 -genkey -noout -out ./certs/intermediate/ca-int-ecc-key.pem + check_result $? + openssl ec -in ./certs/intermediate/ca-int-ecc-key.pem -inform PEM -out ./certs/intermediate/ca-int-ecc-key.der -outform DER + check_result $? +fi + +echo "Create ECC Intermediate CA signed by root" +create_cert wolfssl_int_ecc wolfssl_root_ecc ./certs/intermediate/ca-int-ecc-key.pem ca-int-ecc-cert v3_intermediate_ca "wolfSSL Intermediate CA ECC" 7300 + +echo "Create ECC Server Certificate signed by intermediate" +create_cert wolfssl_int_ecc wolfssl_int_ecc ./certs/ecc-key.pem server-int-ecc-cert server_cert "wolfSSL Server Chain ECC" 3650 + +echo "Create ECC Client Certificate signed by intermediate" +create_cert wolfssl_int_ecc wolfssl_int_ecc ./certs/ecc-client-key.pem client-int-ecc-cert usr_cert "wolfSSL Client Chain ECC" 3650 + +echo "Generate CRLs for new certificates" +openssl ca -config ./certs/intermediate/wolfssl_root_ecc.cnf -gencrl -crldays 1000 -out ./certs/crl/ca-int-ecc.pem -keyfile ./certs/intermediate/ca-int-ecc-key.pem -cert ./certs/intermediate/ca-int-ecc-cert.pem +check_result $? +openssl ca -config ./certs/intermediate/wolfssl_int_ecc.cnf -gencrl -crldays 1000 -out ./certs/crl/server-int-ecc.pem -keyfile ./certs/ecc-key.pem -cert ./certs/intermediate/server-int-ecc-cert.pem +check_result $? +openssl ca -config ./certs/intermediate/wolfssl_int_ecc.cnf -gencrl -crldays 1000 -out ./certs/crl/client-int-ecc.pem -keyfile ./certs/ecc-client-key.pem -cert ./certs/intermediate/client-int-ecc-cert.pem +check_result $? + +echo "Assemble test chains - peer first, then intermediate" +openssl x509 -in ./certs/intermediate/server-int-ecc-cert.pem > ./certs/intermediate/server-chain-ecc.pem +openssl x509 -in ./certs/intermediate/ca-int-ecc-cert.pem >> ./certs/intermediate/server-chain-ecc.pem +cat ./certs/intermediate/server-int-ecc-cert.der ./certs/intermediate/ca-int-ecc-cert.der > ./certs/intermediate/server-chain-ecc.der + +openssl x509 -in ./certs/intermediate/client-int-ecc-cert.pem > ./certs/intermediate/client-chain-ecc.pem +openssl x509 -in ./certs/intermediate/ca-int-ecc-cert.pem >> ./certs/intermediate/client-chain-ecc.pem +cat ./certs/intermediate/client-int-ecc-cert.der ./certs/intermediate/ca-int-ecc-cert.der > ./certs/intermediate/client-chain-ecc.der + +echo "Assemble cert chain with extra untrusted cert for testing alternate chains" +cp ./certs/intermediate/server-chain-ecc.pem ./certs/intermediate/server-chain-alt-ecc.pem +cp ./certs/intermediate/client-chain-ecc.pem ./certs/intermediate/client-chain-alt-ecc.pem +openssl x509 -in ./certs/external/ca-google-root.pem >> ./certs/intermediate/server-chain-alt-ecc.pem +openssl x509 -in ./certs/external/ca-google-root.pem >> ./certs/intermediate/client-chain-alt-ecc.pem diff --git a/certs/intermediate/include.am b/certs/intermediate/include.am new file mode 100644 index 000000000..183f96c33 --- /dev/null +++ b/certs/intermediate/include.am @@ -0,0 +1,34 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + certs/intermediate/genintcerts.sh \ + certs/intermediate/ca-int-cert.der \ + certs/intermediate/ca-int-cert.pem \ + certs/intermediate/ca-int-ecc-cert.der \ + certs/intermediate/ca-int-ecc-cert.pem \ + certs/intermediate/ca-int-ecc-key.der \ + certs/intermediate/ca-int-ecc-key.pem \ + certs/intermediate/ca-int-key.der \ + certs/intermediate/ca-int-key.pem \ + certs/intermediate/client-chain-alt-ecc.pem \ + certs/intermediate/client-chain-alt.pem \ + certs/intermediate/client-chain-ecc.der \ + certs/intermediate/client-chain-ecc.pem \ + certs/intermediate/client-chain.der \ + certs/intermediate/client-chain.pem \ + certs/intermediate/client-int-cert.der \ + certs/intermediate/client-int-cert.pem \ + certs/intermediate/client-int-ecc-cert.der \ + certs/intermediate/client-int-ecc-cert.pem \ + certs/intermediate/server-chain-alt-ecc.pem \ + certs/intermediate/server-chain-alt.pem \ + certs/intermediate/server-chain-ecc.der \ + certs/intermediate/server-chain-ecc.pem \ + certs/intermediate/server-chain.der \ + certs/intermediate/server-chain.pem \ + certs/intermediate/server-int-cert.der \ + certs/intermediate/server-int-cert.pem \ + certs/intermediate/server-int-ecc-cert.der \ + certs/intermediate/server-int-ecc-cert.pem diff --git a/certs/intermediate/server-chain-alt-ecc.pem b/certs/intermediate/server-chain-alt-ecc.pem new file mode 100644 index 000000000..6655c17f3 --- /dev/null +++ b/certs/intermediate/server-chain-alt-ecc.pem @@ -0,0 +1,59 @@ +-----BEGIN CERTIFICATE----- +MIIDZDCCAwugAwIBAgICEAQwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ +bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s +ZlNTTCBTZXJ2ZXIgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuzOsTCdQSsZKpQTDPN6f +NttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ +2KOCAS4wggEqMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0GA1UdDgQW +BBRdXSbvrH42+Zt2FStKJQIj77KJMDCBxQYDVR0jBIG9MIG6gBSXHWDDhyJZm2Af +hLSZHIhNv9oebqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp +bmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNV +BAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq +hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhADMA4GA1UdDwEB/wQEAwIDqDAT +BgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNHADBEAiB0XGkL2vHYzyG8 +gayx5cWzOHL5nPFQLTEmSVjD3svlfQIgeJ0/W+ISuxstPSXbK6j0dgKQeySoHUmW +RVZXi7tZVPo= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD +wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD +VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y +uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG +MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf +jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- diff --git a/certs/intermediate/server-chain-alt.pem b/certs/intermediate/server-chain-alt.pem new file mode 100644 index 000000000..73118091b --- /dev/null +++ b/certs/intermediate/server-chain-alt.pem @@ -0,0 +1,75 @@ +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK +DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT +TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV +BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm +U1NMIFNlcnZlciBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaOCASswggEnMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0G +A1UdDgQWBBSzETLJkpiE4sn40DtuA0LKHw6OPDCBwgYDVR0jBIG6MIG3gBTvaeD3 +1R3mmezcbdD34rlcZHGDNaGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMw +EQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd +BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhAAMA4GA1UdDwEB/wQEAwID +qDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAPbWNZn6F +oIfMU6THyWNr1MREx0XQce8vWJJgfcg37WTqsasAG1b+93d4dv1kY314/9SuWBvw +FOnnvUvsNm80y5GwQyVmi8BZ0ertJQ1ccoop3orId1G51cTlJlAMvdeh6/qT7D02 +j8/utmtcqE8bccZNLK/S2iDIifP824TCqfaXYqyqp2v7OyFRhXpzVTSCm/iZy5aJ +otM5X7MNX46eRkpVV6veEc+AHyXJ7G9I/c5b0gUHa078DRCgioL75Hc6J+AODPtD +ZF+QjiYSlNuXGOwZlBtWXLm7JpscFVwH39EtnUGWwCpaSp5fnmaajGz/bMqhfbYS +o9QzCwAeul09eg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT +MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT +YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L +DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+ +tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD +bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV ++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW +r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj +ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn +jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB +/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i +glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z +jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo +4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim +l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU +4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- diff --git a/certs/intermediate/server-chain-ecc.der b/certs/intermediate/server-chain-ecc.der new file mode 100644 index 000000000..2e1c7742d Binary files /dev/null and b/certs/intermediate/server-chain-ecc.der differ diff --git a/certs/intermediate/server-chain-ecc.pem b/certs/intermediate/server-chain-ecc.pem new file mode 100644 index 000000000..379f945fa --- /dev/null +++ b/certs/intermediate/server-chain-ecc.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIDZDCCAwugAwIBAgICEAQwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ +bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s +ZlNTTCBTZXJ2ZXIgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuzOsTCdQSsZKpQTDPN6f +NttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ +2KOCAS4wggEqMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0GA1UdDgQW +BBRdXSbvrH42+Zt2FStKJQIj77KJMDCBxQYDVR0jBIG9MIG6gBSXHWDDhyJZm2Af +hLSZHIhNv9oebqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp +bmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNV +BAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq +hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhADMA4GA1UdDwEB/wQEAwIDqDAT +BgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNHADBEAiB0XGkL2vHYzyG8 +gayx5cWzOHL5nPFQLTEmSVjD3svlfQIgeJ0/W+ISuxstPSXbK6j0dgKQeySoHUmW +RVZXi7tZVPo= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD +wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD +VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y +uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG +MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf +jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA== +-----END CERTIFICATE----- diff --git a/certs/intermediate/server-chain.der b/certs/intermediate/server-chain.der new file mode 100644 index 000000000..04c47848f Binary files /dev/null and b/certs/intermediate/server-chain.der differ diff --git a/certs/intermediate/server-chain.pem b/certs/intermediate/server-chain.pem new file mode 100644 index 000000000..bf66d2bf8 --- /dev/null +++ b/certs/intermediate/server-chain.pem @@ -0,0 +1,53 @@ +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK +DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT +TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV +BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm +U1NMIFNlcnZlciBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaOCASswggEnMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0G +A1UdDgQWBBSzETLJkpiE4sn40DtuA0LKHw6OPDCBwgYDVR0jBIG6MIG3gBTvaeD3 +1R3mmezcbdD34rlcZHGDNaGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMw +EQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd +BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhAAMA4GA1UdDwEB/wQEAwID +qDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAPbWNZn6F +oIfMU6THyWNr1MREx0XQce8vWJJgfcg37WTqsasAG1b+93d4dv1kY314/9SuWBvw +FOnnvUvsNm80y5GwQyVmi8BZ0ertJQ1ccoop3orId1G51cTlJlAMvdeh6/qT7D02 +j8/utmtcqE8bccZNLK/S2iDIifP824TCqfaXYqyqp2v7OyFRhXpzVTSCm/iZy5aJ +otM5X7MNX46eRkpVV6veEc+AHyXJ7G9I/c5b0gUHa078DRCgioL75Hc6J+AODPtD +ZF+QjiYSlNuXGOwZlBtWXLm7JpscFVwH39EtnUGWwCpaSp5fnmaajGz/bMqhfbYS +o9QzCwAeul09eg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT +MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT +YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L +DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+ +tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD +bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV ++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW +r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj +ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn +jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB +/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i +glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z +jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo +4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim +l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU +4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w== +-----END CERTIFICATE----- diff --git a/certs/intermediate/server-int-cert.der b/certs/intermediate/server-int-cert.der new file mode 100644 index 000000000..3af5f5a1e Binary files /dev/null and b/certs/intermediate/server-int-cert.der differ diff --git a/certs/intermediate/server-int-cert.pem b/certs/intermediate/server-int-cert.pem new file mode 100644 index 000000000..66edf0b5b --- /dev/null +++ b/certs/intermediate/server-int-cert.pem @@ -0,0 +1,94 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4097 (0x1001) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 21 17:54:00 2018 GMT + Not After : Dec 18 17:54:00 2028 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Server Chain/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Server + X509v3 Subject Key Identifier: + B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C + X509v3 Authority Key Identifier: + keyid:EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:10:00 + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Key Agreement + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + 3d:b5:8d:66:7e:85:a0:87:cc:53:a4:c7:c9:63:6b:d4:c4:44: + c7:45:d0:71:ef:2f:58:92:60:7d:c8:37:ed:64:ea:b1:ab:00: + 1b:56:fe:f7:77:78:76:fd:64:63:7d:78:ff:d4:ae:58:1b:f0: + 14:e9:e7:bd:4b:ec:36:6f:34:cb:91:b0:43:25:66:8b:c0:59: + d1:ea:ed:25:0d:5c:72:8a:29:de:8a:c8:77:51:b9:d5:c4:e5: + 26:50:0c:bd:d7:a1:eb:fa:93:ec:3d:36:8f:cf:ee:b6:6b:5c: + a8:4f:1b:71:c6:4d:2c:af:d2:da:20:c8:89:f3:fc:db:84:c2: + a9:f6:97:62:ac:aa:a7:6b:fb:3b:21:51:85:7a:73:55:34:82: + 9b:f8:99:cb:96:89:a2:d3:39:5f:b3:0d:5f:8e:9e:46:4a:55: + 57:ab:de:11:cf:80:1f:25:c9:ec:6f:48:fd:ce:5b:d2:05:07: + 6b:4e:fc:0d:10:a0:8a:82:fb:e4:77:3a:27:e0:0e:0c:fb:43: + 64:5f:90:8e:26:12:94:db:97:18:ec:19:94:1b:56:5c:b9:bb: + 26:9b:1c:15:5c:07:df:d1:2d:9d:41:96:c0:2a:5a:4a:9e:5f: + 9e:66:9a:8c:6c:ff:6c:ca:a1:7d:b6:12:a3:d4:33:0b:00:1e: + ba:5d:3d:7a +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK +DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT +TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV +BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm +U1NMIFNlcnZlciBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaOCASswggEnMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0G +A1UdDgQWBBSzETLJkpiE4sn40DtuA0LKHw6OPDCBwgYDVR0jBIG6MIG3gBTvaeD3 +1R3mmezcbdD34rlcZHGDNaGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMw +EQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd +BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhAAMA4GA1UdDwEB/wQEAwID +qDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAPbWNZn6F +oIfMU6THyWNr1MREx0XQce8vWJJgfcg37WTqsasAG1b+93d4dv1kY314/9SuWBvw +FOnnvUvsNm80y5GwQyVmi8BZ0ertJQ1ccoop3orId1G51cTlJlAMvdeh6/qT7D02 +j8/utmtcqE8bccZNLK/S2iDIifP824TCqfaXYqyqp2v7OyFRhXpzVTSCm/iZy5aJ +otM5X7MNX46eRkpVV6veEc+AHyXJ7G9I/c5b0gUHa078DRCgioL75Hc6J+AODPtD +ZF+QjiYSlNuXGOwZlBtWXLm7JpscFVwH39EtnUGWwCpaSp5fnmaajGz/bMqhfbYS +o9QzCwAeul09eg== +-----END CERTIFICATE----- diff --git a/certs/intermediate/server-int-ecc-cert.der b/certs/intermediate/server-int-ecc-cert.der new file mode 100644 index 000000000..e51fff2a6 Binary files /dev/null and b/certs/intermediate/server-int-ecc-cert.der differ diff --git a/certs/intermediate/server-int-ecc-cert.pem b/certs/intermediate/server-int-ecc-cert.pem new file mode 100644 index 000000000..8b19fcd0e --- /dev/null +++ b/certs/intermediate/server-int-ecc-cert.pem @@ -0,0 +1,63 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4100 (0x1004) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 21 17:54:01 2018 GMT + Not After : Dec 18 17:54:01 2028 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Server Chain ECC/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de: + 9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c: + 16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92: + 21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33: + 0b:80:34:89:d8 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Server + X509v3 Subject Key Identifier: + 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 + X509v3 Authority Key Identifier: + keyid:97:1D:60:C3:87:22:59:9B:60:1F:84:B4:99:1C:88:4D:BF:DA:1E:6E + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:10:03 + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Key Agreement + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:74:5c:69:0b:da:f1:d8:cf:21:bc:81:ac:b1:e5: + c5:b3:38:72:f9:9c:f1:50:2d:31:26:49:58:c3:de:cb:e5:7d: + 02:20:78:9d:3f:5b:e2:12:bb:1b:2d:3d:25:db:2b:a8:f4:76: + 02:90:7b:24:a8:1d:49:96:45:56:57:8b:bb:59:54:fa +-----BEGIN CERTIFICATE----- +MIIDZDCCAwugAwIBAgICEAQwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ +bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s +ZlNTTCBTZXJ2ZXIgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuzOsTCdQSsZKpQTDPN6f +NttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ +2KOCAS4wggEqMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0GA1UdDgQW +BBRdXSbvrH42+Zt2FStKJQIj77KJMDCBxQYDVR0jBIG9MIG6gBSXHWDDhyJZm2Af +hLSZHIhNv9oebqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp +bmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNV +BAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq +hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhADMA4GA1UdDwEB/wQEAwIDqDAT +BgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNHADBEAiB0XGkL2vHYzyG8 +gayx5cWzOHL5nPFQLTEmSVjD3svlfQIgeJ0/W+ISuxstPSXbK6j0dgKQeySoHUmW +RVZXi7tZVPo= +-----END CERTIFICATE----- diff --git a/tests/include.am b/tests/include.am index 2b6baf558..f5efa3ed3 100644 --- a/tests/include.am +++ b/tests/include.am @@ -34,5 +34,9 @@ EXTRA_DIST += tests/test.conf \ tests/test-enckeys.conf \ tests/test-maxfrag.conf \ tests/test-maxfrag-dtls.conf \ - tests/test-fails.conf + tests/test-fails.conf \ + tests/test-chains.conf \ + tests/test-altchains.conf \ + tests/test-trustedpeer.conf \ + tests/test-dhprime.conf DISTCLEANFILES+= tests/.libs/unit.test diff --git a/tests/suites.c b/tests/suites.c index d41c3e274..7f37a0b8b 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -59,8 +59,10 @@ static char flagSep[] = " "; static char portFlag[] = "-p"; static char svrPort[] = "0"; #endif -static char forceDefCipherListFlag[] = "-HdefCipherList"; -static char exitWithRetFlag[] = "-HexitWithRet"; +static char intTestFlag[] = "-H"; +static char forceDefCipherListFlag[] = "defCipherList"; +static char exitWithRetFlag[] = "exitWithRet"; +static char disableDHPrimeTest[] = "-2"; #ifdef WOLFSSL_ASYNC_CRYPT static int devId = INVALID_DEVID; @@ -192,10 +194,10 @@ static int IsValidCert(const char* line) } static int execute_test_case(int svr_argc, char** svr_argv, - int cli_argc, char** cli_argv, - int addNoVerify, int addNonBlocking, - int addDisableEMS, int forceSrvDefCipherList, - int forceCliDefCipherList, int testShouldFail) + int cli_argc, char** cli_argv, + int addNoVerify, int addNonBlocking, + int addDisableEMS, int forceSrvDefCipherList, + int forceCliDefCipherList) { #ifdef WOLFSSL_TIRTOS func_args cliArgs = {0}; @@ -219,6 +221,7 @@ static int execute_test_case(int svr_argc, char** svr_argv, #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) char portNumber[8]; #endif + int cliTestShouldFail = 0, svrTestShouldFail = 0; /* Is Valid Cipher and Version Checks */ /* build command list for the Is checks below */ @@ -296,17 +299,17 @@ static int execute_test_case(int svr_argc, char** svr_argv, } #endif if (forceSrvDefCipherList) { - if (svrArgs.argc >= MAX_ARGS) + if (svrArgs.argc + 2 > MAX_ARGS) printf("cannot add the force def cipher list flag to server\n"); - else + else { + svr_argv[svrArgs.argc++] = intTestFlag; svr_argv[svrArgs.argc++] = forceDefCipherListFlag; + } } #ifdef TEST_PK_PRIVKEY svr_argv[svrArgs.argc++] = (char*)"-P"; #endif - if (testShouldFail) { - svr_argv[svrArgs.argc++] = exitWithRetFlag; - } + /* update server flags list */ commandLine[0] = '\0'; @@ -324,6 +327,11 @@ static int execute_test_case(int svr_argc, char** svr_argv, tests++; /* test count */ + /* determine based on args if this test is expected to fail */ + if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) { + svrTestShouldFail = 1; + } + InitTcpReady(&ready); #ifdef WOLFSSL_TIRTOS @@ -362,17 +370,16 @@ static int execute_test_case(int svr_argc, char** svr_argv, } #endif if (forceCliDefCipherList) { - if (cliArgs.argc >= MAX_ARGS) + if (cliArgs.argc + 2 > MAX_ARGS) printf("cannot add the force def cipher list flag to client\n"); - else + else { + cli_argv[cliArgs.argc++] = intTestFlag; cli_argv[cliArgs.argc++] = forceDefCipherListFlag; + } } #ifdef TEST_PK_PRIVKEY cli_argv[cliArgs.argc++] = (char*)"-P"; #endif - if (testShouldFail) { - cli_argv[cliArgs.argc++] = exitWithRetFlag; - } commandLine[0] = '\0'; added = 0; @@ -387,19 +394,24 @@ static int execute_test_case(int svr_argc, char** svr_argv, } printf("trying client command line[%d]: %s\n", tests, commandLine); + /* determine based on args if this test is expected to fail */ + if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) { + cliTestShouldFail = 1; + } + /* start client */ client_test(&cliArgs); /* verify results */ - if ((cliArgs.return_code != 0 && testShouldFail == 0) || - (cliArgs.return_code == 0 && testShouldFail != 0)) { + if ((cliArgs.return_code != 0 && cliTestShouldFail == 0) || + (cliArgs.return_code == 0 && cliTestShouldFail != 0)) { printf("client_test failed\n"); XEXIT(EXIT_FAILURE); } join_thread(serverThread); - if ((svrArgs.return_code != 0 && testShouldFail == 0) || - (svrArgs.return_code == 0 && testShouldFail != 0)) { + if ((svrArgs.return_code != 0 && svrTestShouldFail == 0) || + (svrArgs.return_code == 0 && svrTestShouldFail != 0)) { printf("server_test failed\n"); XEXIT(EXIT_FAILURE); } @@ -409,8 +421,10 @@ static int execute_test_case(int svr_argc, char** svr_argv, #endif FreeTcpReady(&ready); - /* only run the first test for failure cases */ - if (testShouldFail) { + /* only run the first test for expected failure cases */ + /* the example server/client are not designed to handle expected failure in + all cases, such as non-blocking, etc... */ + if (svrTestShouldFail || cliTestShouldFail) { return NOT_BUILT_IN; } @@ -432,12 +446,15 @@ static void test_harness(void* vargs) char* cursor; char* comment; const char* fname = "tests/test.conf"; - int testShouldFail = 0; + const char* addArgs = NULL; if (args->argc == 1) { printf("notice: using default file %s\n", fname); } - else if(args->argc > 3) { + else if (args->argc == 3) { + addArgs = args->argv[2]; + } + else if (args->argc > 3) { printf("usage: harness [FILE] [ARG]\n"); args->return_code = 1; return; @@ -446,9 +463,6 @@ static void test_harness(void* vargs) if (args->argc >= 2) { fname = args->argv[1]; } - if (args->argc == 3) { - testShouldFail = 1; - } file = fopen(fname, "rb"); if (file == NULL) { @@ -468,7 +482,7 @@ static void test_harness(void* vargs) script = (char*)malloc(sz+1); if (script == 0) { - fprintf(stderr, "unable to allocte script buffer\n"); + fprintf(stderr, "unable to allocate script buffer\n"); fclose(file); args->return_code = 1; return; @@ -501,38 +515,29 @@ static void test_harness(void* vargs) to client mode if we don't have the client command yet */ if (cliMode == 0) cliMode = 1; /* switch to client mode processing */ + /* skip extra newlines */ else do_it = 1; /* Do It, we have server and client */ cursor++; break; case '#': - /* Ignore lines that start with a #. */ + /* Ignore lines that start with a # */ comment = XSTRSEP(&cursor, "\n"); -#ifdef DEBUG_SUITE_TESTS + #ifdef DEBUG_SUITE_TESTS printf("%s\n", comment); -#else + #else (void)comment; -#endif + #endif break; case '-': + default: /* Parameters start with a -. They end in either a newline * or a space. Capture until either, save in Args list. */ if (cliMode) cliArgs[cliArgsSz++] = XSTRSEP(&cursor, " \n"); else svrArgs[svrArgsSz++] = XSTRSEP(&cursor, " \n"); - if (*cursor == 0) /* eof */ - do_it = 1; - break; - default: - /* Anything from cursor until end of line that isn't the above - * is data for a paramter. Just up until the next newline in - * the Args list. */ - if (cliMode) - cliArgs[cliArgsSz++] = XSTRSEP(&cursor, "\n"); - else - svrArgs[svrArgsSz++] = XSTRSEP(&cursor, "\n"); - if (*cursor == 0) /* eof */ + if (*cursor == '\0') /* eof */ do_it = 1; break; } @@ -543,42 +548,48 @@ static void test_harness(void* vargs) } if (do_it) { + /* additional arguments processing */ + if (cliArgsSz+2 < MAX_ARGS && svrArgsSz+2 < MAX_ARGS) { + if (addArgs == NULL || XSTRSTR(addArgs, "doDH") == NULL) { + /* The `-2` disable DH prime check is added to all tests by default */ + cliArgs[cliArgsSz++] = disableDHPrimeTest; + svrArgs[svrArgsSz++] = disableDHPrimeTest; + } + if (addArgs && XSTRSTR(addArgs, "expFail")) { + /* Tests should expect to fail */ + cliArgs[cliArgsSz++] = intTestFlag; + cliArgs[cliArgsSz++] = exitWithRetFlag; + svrArgs[svrArgsSz++] = intTestFlag; + svrArgs[svrArgsSz++] = exitWithRetFlag; + } + } + ret = execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 0, 0, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 0, 0, 0, 0, 0); /* don't repeat if not supported in build */ if (ret == 0) { /* test with default cipher list on server side */ execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 0, 0, 1, 0, - testShouldFail); + cliArgsSz, cliArgs, 0, 0, 0, 1, 0); /* test with default cipher list on client side */ execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 0, 0, 0, 1, - testShouldFail); + cliArgsSz, cliArgs, 0, 0, 0, 0, 1); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 1, 0, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 0, 1, 0, 0, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 1, 0, 0, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 1, 0, 0, 0, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 1, 1, 0, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 1, 1, 0, 0, 0); #ifdef HAVE_EXTENDED_MASTER execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 0, 1, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 0, 0, 1, 0, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 1, 1, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 0, 1, 1, 0, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 1, 0, 1, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 1, 0, 1, 0, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 1, 1, 1, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 1, 1, 1, 0, 0); #endif } svrArgsSz = 1; @@ -593,7 +604,7 @@ static void test_harness(void* vargs) #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ -int SuiteTest(void) +int SuiteTest(int argc, char** argv) { #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) func_args args; @@ -613,8 +624,6 @@ int SuiteTest(void) byte memory[200000]; #endif - (void)test_harness; - cipherSuiteCtx = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (cipherSuiteCtx == NULL) { printf("can't get cipher suite ctx\n"); @@ -642,6 +651,23 @@ int SuiteTest(void) wolfSSL_CTX_UseAsync(cipherSuiteCtx, devId); #endif /* WOLFSSL_ASYNC_CRYPT */ + /* support for custom command line tests */ + if (argc > 1) { + /* Examples: + ./tests/unit.test tests/test-altchains.conf + ./tests/unit.test tests/test-fails.conf expFail + ./tests/unit.test tests/test-dhprime.conf doDH + */ + args.argc = argc; + args.argv = argv; + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + } + goto exit; + } + /* default case */ args.argc = 1; printf("starting default cipher suite tests\n"); @@ -806,10 +832,56 @@ int SuiteTest(void) #endif #endif +#ifdef WOLFSSL_ALT_CERT_CHAINS + /* tests for alt chains */ + strcpy(argv0[1], "tests/test-altchains.conf"); + printf("starting certificate alternate chain cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#else + /* tests for chains */ + strcpy(argv0[1], "tests/test-chains.conf"); + printf("starting certificate chain cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif + +#ifdef WOLFSSL_TRUST_PEER_CERT + /* tests for trusted peer cert */ + strcpy(argv0[1], "tests/test-trustpeer.conf"); + printf("starting trusted peer certificate cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif + + /* tests for dh prime */ + args.argc = 3; + strcpy(argv0[1], "tests/test-dhprime.conf"); + strcpy(argv0[2], "doDH"); /* add DH prime flag */ + printf("starting tests that expect failure\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + /* failure tests */ args.argc = 3; strcpy(argv0[1], "tests/test-fails.conf"); - strcpy(argv0[2], "-f"); + strcpy(argv0[2], "expFail"); /* tests are expected to fail */ printf("starting tests that expect failure\n"); test_harness(&args); if (args.return_code != 0) { @@ -832,4 +904,6 @@ exit: #else return NOT_COMPILED_IN; #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ + (void)argc; + (void)argv; } diff --git a/tests/test-altchains.conf b/tests/test-altchains.conf new file mode 100644 index 000000000..cf1ef4a11 --- /dev/null +++ b/tests/test-altchains.conf @@ -0,0 +1,212 @@ +# Tests will use complete chain with intermediate CA for testing +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-ecc.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-ecc.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-ecc.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-ecc.pem + +# Test will load intermediate CA as trusted and only present the peer cert (partial chain) +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# Test will use alternate chain where chain contains extra cert +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-alt-ecc.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-alt-ecc.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-alt-ecc.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-alt-ecc.pem diff --git a/tests/test-chains.conf b/tests/test-chains.conf new file mode 100644 index 000000000..b1f5c1b2f --- /dev/null +++ b/tests/test-chains.conf @@ -0,0 +1,223 @@ +# Tests will use complete chain with intermediate CA for testing +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-ecc.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-ecc.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-ecc.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-ecc.pem + +# Test will load intermediate CA as trusted and only present the peer cert (partial chain) +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# Test will use alternate chain where chain contains extra cert +# These tests should fail +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem +-H exitWithRet + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem +-H exitWithRet + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem +-H exitWithRet + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem +-H exitWithRet + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain Fail +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-alt-ecc.pem +-H exitWithRet + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain Fail +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-alt-ecc.pem +-H exitWithRet + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem +-H exitWithRet + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem +-H exitWithRet + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain Fail +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-alt-ecc.pem +-H exitWithRet + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain Fail +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-alt-ecc.pem +-H exitWithRet diff --git a/tests/test-dhprime.conf b/tests/test-dhprime.conf new file mode 100644 index 000000000..dc180f618 --- /dev/null +++ b/tests/test-dhprime.conf @@ -0,0 +1,25 @@ +# server TLSv1.2 DHE AES128 (DHE prime test) +-v 3 +-l DHE-RSA-AES128-SHA + +# client TLSv1.2 DHE AES128 (DHE prime test) +-v 3 +-l DHE-RSA-AES128-SHA + + # server TLSv1.2 DHE AES256-SHA256 (DHE prime test) +-v 3 +-l DHE-RSA-AES256-SHA256 + +# client TLSv1.2 DHE AES256-SHA256 (DHE prime test) +-v 3 +-l DHE-RSA-AES256-SHA256 + +# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) + -s +-v 3 +-l DHE-PSK-AES128-CBC-SHA256 + +# client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) +-s +-v 3 +-l DHE-PSK-AES128-CBC-SHA256 diff --git a/tests/test-dtls.conf b/tests/test-dtls.conf index fed6448ba..1ace19d5f 100644 --- a/tests/test-dtls.conf +++ b/tests/test-dtls.conf @@ -2,25 +2,21 @@ -u -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 -u -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -u -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -u -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -u @@ -28,80 +24,68 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -u -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -u -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -u -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -u -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -u -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 PSK-CHACHA20-POLY1305 -u -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 PSK-CHACHA20-POLY1305 -u -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD -u @@ -109,230 +93,192 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD -u -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1 IDEA-CBC-SHA -u -v 2 -l IDEA-CBC-SHA --2 # client DTLSv1 IDEA-CBC-SHA -u -v 2 -l IDEA-CBC-SHA --2 # server DTLSv1 DES-CBC3-SHA -u -v 2 -l DES-CBC3-SHA --2 # client DTLSv1 DES-CBC3-SHA -u -v 2 -l DES-CBC3-SHA --2 # server DTLSv1.2 DES-CBC3-SHA -u -v 3 -l DES-CBC3-SHA --2 # client DTLSv1.2 DES-CBC3-SHA -u -v 3 -l DES-CBC3-SHA --2 # server DTLSv1 AES128-SHA -u -v 2 -l AES128-SHA --2 # client DTLSv1 AES128-SHA -u -v 2 -l AES128-SHA --2 # server DTLSv1.2 AES128-SHA -u -v 3 -l AES128-SHA --2 # client DTLSv1.2 AES128-SHA -u -v 3 -l AES128-SHA --2 # server DTLSv1 AES256-SHA -u -v 2 -l AES256-SHA --2 # client DTLSv1 AES256-SHA -u -v 2 -l AES256-SHA --2 # server DTLSv1.2 AES256-SHA -u -v 3 -l AES256-SHA --2 # client DTLSv1.2 AES256-SHA -u -v 3 -l AES256-SHA --2 # server DTLSv1 AES128-SHA256 -u -v 2 -l AES128-SHA256 --2 # client DTLSv1 AES128-SHA256 -u -v 2 -l AES128-SHA256 --2 # server DTLSv1.2 AES128-SHA256 -u -v 3 -l AES128-SHA256 --2 # client DTLSv1.2 AES128-SHA256 -u -v 3 -l AES128-SHA256 --2 # server DTLSv1 AES256-SHA256 -u -v 2 -l AES256-SHA256 --2 # client DTLSv1 AES256-SHA256 -u -v 2 -l AES256-SHA256 --2 # server DTLSv1.2 AES256-SHA256 -u -v 3 -l AES256-SHA256 --2 # client DTLSv1.2 AES256-SHA256 -u -v 3 -l AES256-SHA256 --2 # server DTLSv1.1 ECDHE-RSA-DES3 -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # client DTLSv1.1 ECDHE-RSA-DES3 -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # server DTLSv1.1 ECDHE-RSA-AES128 -u -v 2 -l ECDHE-RSA-AES128-SHA --2 # client DTLSv1.1 ECDHE-RSA-AES128 -u -v 2 -l ECDHE-RSA-AES128-SHA --2 # server DTLSv1.1 ECDHE-RSA-AES256 -u -v 2 -l ECDHE-RSA-AES256-SHA --2 # client DTLSv1.1 ECDHE-RSA-AES256 -u -v 2 -l ECDHE-RSA-AES256-SHA --2 # server DTLSv1.2 ECDHE-RSA-DES3 -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # client DTLSv1.2 ECDHE-RSA-DES3 -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # server DTLSv1.2 ECDHE-RSA-AES128 -u -v 3 -l ECDHE-RSA-AES128-SHA --2 # client DTLSv1.2 ECDHE-RSA-AES128 -u -v 3 -l ECDHE-RSA-AES128-SHA --2 # server DTLSv1.2 ECDHE-RSA-AES128-SHA256 -u -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # client DTLSv1.2 ECDHE-RSA-AES128-SHA256 -u -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # server DTLSv1.2 ECDHE-RSA-AES256 -u -v 3 -l ECDHE-RSA-AES256-SHA --2 # client DTLSv1.2 ECDHE-RSA-AES256 -u -v 3 -l ECDHE-RSA-AES256-SHA --2 # server TLSv1 ECDHE-ECDSA-NULL-SHA -u @@ -340,14 +286,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -u -v 1 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-NULL-SHA -u @@ -355,14 +299,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -u -v 2 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-NULL-SHA -u @@ -370,14 +312,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-NULL-SHA -u -v 3 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-DES3 -u @@ -385,14 +325,12 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-DES3 -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-AES128 -u @@ -400,14 +338,12 @@ -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-AES128 -u -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-AES256 -u @@ -415,14 +351,12 @@ -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-AES256 -u -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-DES3 -u @@ -430,14 +364,12 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-DES3 -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128 -u @@ -445,14 +377,12 @@ -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128 -u -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 -u @@ -460,14 +390,12 @@ -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256 -u @@ -475,14 +403,12 @@ -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256 -u -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-RSA-DES3 -u @@ -490,13 +416,11 @@ -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-DES3 -u -v 2 -l ECDH-RSA-DES-CBC3-SHA --2 # server DTLSv1.1 ECDH-RSA-AES128 -u @@ -504,13 +428,11 @@ -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-AES128 -u -v 2 -l ECDH-RSA-AES128-SHA --2 # server DTLSv1.1 ECDH-RSA-AES256 -u @@ -518,13 +440,11 @@ -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-AES256 -u -v 2 -l ECDH-RSA-AES256-SHA --2 # server DTLSv1.2 ECDH-RSA-DES3 -u @@ -532,13 +452,11 @@ -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-DES3 -u -v 3 -l ECDH-RSA-DES-CBC3-SHA --2 # server DTLSv1.2 ECDH-RSA-AES128 -u @@ -546,13 +464,11 @@ -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128 -u -v 3 -l ECDH-RSA-AES128-SHA --2 # server DTLSv1.2 ECDH-RSA-AES128-SHA256 -u @@ -560,13 +476,11 @@ -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128-SHA256 -u -v 3 -l ECDH-RSA-AES128-SHA256 --2 # server DTLSv1.2 ECDH-RSA-AES256 -u @@ -574,13 +488,11 @@ -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256 -u -v 3 -l ECDH-RSA-AES256-SHA --2 # server DTLSv1.1 ECDH-ECDSA-DES3 -u @@ -588,14 +500,12 @@ -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-DES3 -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-ECDSA-AES128 -u @@ -603,14 +513,12 @@ -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-AES128 -u -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-ECDSA-AES256 -u @@ -618,14 +526,12 @@ -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-AES256 -u -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-DES3 -u @@ -633,14 +539,12 @@ -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-DES3 -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128 -u @@ -648,14 +552,12 @@ -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128 -u -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -u @@ -663,14 +565,12 @@ -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES256 -u @@ -678,26 +578,22 @@ -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256 -u -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-RSA-AES256-SHA384 -u -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-SHA384 -u -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 -u @@ -705,14 +601,12 @@ -l ECDHE-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 -u -v 3 -l ECDHE-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-RSA-AES256-SHA384 -u @@ -720,13 +614,11 @@ -l ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256-SHA384 -u -v 3 -l ECDH-RSA-AES256-SHA384 --2 # server DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -u @@ -734,182 +626,156 @@ -l ECDH-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -u -v 3 -l ECDH-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-PSK-AES128-SHA256 -s -u -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1 ECDHE-PSK-AES128-SHA256 -s -u -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -u -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -u -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -u -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -u -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1 ECDHE-PSK-NULL-SHA256 -s -u -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1 ECDHE-PSK-NULL-SHA256 -s -u -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -u -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -u -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -u -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -u -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # server DTLSv1 PSK-AES128 -s -u -v 2 -l PSK-AES128-CBC-SHA --2 # client DTLSv1 PSK-AES128 -s -u -v 2 -l PSK-AES128-CBC-SHA --2 # server DTLSv1 PSK-AES256 -s -u -v 2 -l PSK-AES256-CBC-SHA --2 # client DTLSv1 PSK-AES256 -s -u -v 2 -l PSK-AES256-CBC-SHA --2 # server DTLSv1.2 PSK-AES128 -s -u -v 3 -l PSK-AES128-CBC-SHA --2 # client DTLSv1.2 PSK-AES128 -s -u -v 3 -l PSK-AES128-CBC-SHA --2 # server DTLSv1.2 PSK-AES256 -s -u -v 3 -l PSK-AES256-CBC-SHA --2 # client DTLSv1.2 PSK-AES256 -s -u -v 3 -l PSK-AES256-CBC-SHA --2 # server DTLSv1.2 PSK-AES128-SHA256 -s -u -v 3 -l PSK-AES128-CBC-SHA256 --2 # client DTLSv1.2 PSK-AES128-SHA256 -s -u -v 3 -l PSK-AES128-CBC-SHA256 --2 # server DTLSv1.2 PSK-AES256-SHA384 -s -u -v 3 -l PSK-AES256-CBC-SHA384 --2 # client DTLSv1.2 PSK-AES256-SHA384 -s -u -v 3 -l PSK-AES256-CBC-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -u @@ -917,14 +783,12 @@ -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -u -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -932,14 +796,12 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -u @@ -947,14 +809,12 @@ -l ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -u -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -u @@ -962,38 +822,32 @@ -l ECDH-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -u -v 3 -l ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -u -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -u -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -u @@ -1001,13 +855,11 @@ -l ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -u -v 3 -l ECDH-RSA-AES128-GCM-SHA256 --2 # server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -u @@ -1015,41 +867,35 @@ -l ECDH-RSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDH-RSA-AES256-GCM-SHA384 --2 # server DTLSv1.2 PSK-AES128-GCM-SHA256 -u -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # client DTLSv1.2 PSK-AES128-GCM-SHA256 -u -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # server DTLSv1.2 PSK-AES256-GCM-SHA384 -u -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # client DTLSv1.2 PSK-AES256-GCM-SHA384 -u -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM -u @@ -1057,14 +903,12 @@ -l ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-CCM -u -v 3 -l ECDHE-ECDSA-AES128-CCM -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -u @@ -1072,14 +916,12 @@ -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -u -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -u @@ -1087,39 +929,33 @@ -l ECDHE-ECDSA-AES256-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -u -v 3 -l ECDHE-ECDSA-AES256-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ADH-AES128-SHA -u -a -v 3 -l ADH-AES128-SHA --2 # client DTLSv1.2 ADH-AES128-SHA -u -a -v 3 -l ADH-AES128-SHA --2 # server DTLSv1.0 ADH-AES128-SHA -u -a -v 2 -l ADH-AES128-SHA --2 # client DTLSv1.0 ADH-AES128-SHA -u -a -v 2 -l ADH-AES128-SHA --2 diff --git a/tests/test-ed25519.conf b/tests/test-ed25519.conf index 8c73e2e22..e13c67b18 100644 --- a/tests/test-ed25519.conf +++ b/tests/test-ed25519.conf @@ -3,14 +3,12 @@ -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ed25519/root-ed25519.pem -C --2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 @@ -20,7 +18,6 @@ -A ./certs/ed25519/client-ed25519.pem -V # Remove -V when CRL for ED25519 certificates available. --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 @@ -29,21 +26,18 @@ -k ./certs/ed25519/client-ed25519-key.pem -A ./certs/ed25519/root-ed25519.pem -C --2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-key.pem --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -A ./certs/ed25519/root-ed25519.pem -C --2 # Enable when CRL for ED25519 certificates available. # server TLSv1.3 TLS13-AES128-GCM-SHA256 @@ -54,7 +48,6 @@ -A ./certs/ed25519/client-ed25519.pem -V # Remove -V when CRL for ED25519 certificates available. --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 @@ -63,5 +56,4 @@ -k ./certs/ed25519/client-ed25519-key.pem -A ./certs/ed25519/root-ed25519.pem -C --2 diff --git a/tests/test-enckeys.conf b/tests/test-enckeys.conf index 929dca03b..9e371c239 100644 --- a/tests/test-enckeys.conf +++ b/tests/test-enckeys.conf @@ -1,52 +1,42 @@ # server RSA encrypted key -v 3 -k ./certs/server-keyEnc.pem --2 # client RSA encrypted key -v 3 -k ./certs/client-keyEnc.pem --2 # server RSA encrypted key PKCS8 -v 3 -k ./certs/server-keyPkcs8Enc.pem --2 # client RSA encrypted key -v 3 -k ./certs/client-keyEnc.pem --2 # server RSA encrypted key PKCS8 2 -v 3 -k ./certs/server-keyPkcs8Enc2.pem --2 # client RSA encrypted key -v 3 -k ./certs/client-keyEnc.pem --2 # server RSA encrypted key PKCS8 12 -v 3 -k ./certs/server-keyPkcs8Enc12.pem --2 # client RSA encrypted key -v 3 -k ./certs/client-keyEnc.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 PKCS8 encrypted key -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-keyPkcs8Enc.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 diff --git a/tests/test-fails.conf b/tests/test-fails.conf index 223b163bf..d976b307b 100644 --- a/tests/test-fails.conf +++ b/tests/test-fails.conf @@ -5,7 +5,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-badcnnull.pem -d --2 # client bad certificate common name has null -v 3 @@ -14,7 +13,6 @@ -A ./certs/test/server-badcnnull.pem -m -x --2 # server bad certificate alternate name has null -v 3 @@ -22,7 +20,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-badaltnull.pem -d --2 # client bad certificate alternate name has null -v 3 @@ -31,7 +28,6 @@ -A ./certs/test/server-badaltnull.pem -m -x --2 # server nomatch common name -v 3 @@ -39,7 +35,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-badcn.pem -d --2 # client nomatch common name -v 3 @@ -48,7 +43,6 @@ -A ./certs/test/server-badcn.pem -m -x --2 # server nomatch alternate name -v 3 @@ -56,7 +50,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-badaltname.pem -d --2 # client nomatch alternate name -v 3 @@ -65,57 +58,47 @@ -A ./certs/test/server-badaltname.pem -m -x --2 # server RSA no signer error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # client RSA no signer error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -A ./certs/client-cert.pem --2 # server ECC no signer error -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 --2 # client ECC no signer error -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/client-ecc-cert.pem --2 # server RSA bad sig error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-rsa-badsig.pem --2 # client RSA bad sig error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # server ECC bad sig error -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-ecc-badsig.pem --2 # client ECC bad sig error -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 --2 # server missing CN from alternate names list -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-garbage.pem --2 # client missing CN from alternate names list -v 3 @@ -123,53 +106,44 @@ -h localhost -A ./certs/test/server-garbage.pem -m --2 # Verify Callback Failure Tests # no error going into callback, return error # server -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # client verify should fail -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -H verifyFail --2 # server verify should fail -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -H verifyFail --2 # client -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # server -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 --2 # client verify should fail -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -H verifyFail --2 # server verify should fail -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -H verifyFail --2 # client -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 --2 # error going into callback, return error # server @@ -177,23 +151,19 @@ -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-rsa-badsig.pem -k ./certs/server-key.pem --2 # client verify should fail -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -H verifyFail --2 # server -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-ecc-badsig.pem -k ./certs/ecc-key.pem --2 # client verify should fail -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -H verifyFail --2 diff --git a/tests/test-maxfrag-dtls.conf b/tests/test-maxfrag-dtls.conf index 988ad4d7d..67aef1776 100644 --- a/tests/test-maxfrag-dtls.conf +++ b/tests/test-maxfrag-dtls.conf @@ -4,7 +4,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -12,33 +11,28 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 1 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 1 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 1 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -46,7 +40,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -54,33 +47,28 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 2 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 2 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 2 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -88,7 +76,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -96,33 +83,28 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 3 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 3 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 3 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -130,7 +112,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -138,33 +119,28 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 4 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 4 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 4 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -172,7 +148,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -180,33 +155,28 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 5 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 5 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 5 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -214,7 +184,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -222,30 +191,25 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 6 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 6 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 6 --2 diff --git a/tests/test-maxfrag.conf b/tests/test-maxfrag.conf index ac109a28b..2ca6cc8dd 100644 --- a/tests/test-maxfrag.conf +++ b/tests/test-maxfrag.conf @@ -3,213 +3,177 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 1 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 1 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 1 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 2 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 2 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 2 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 3 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 3 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 3 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 4 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 4 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 4 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 5 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 5 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 5 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 6 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 6 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 6 --2 diff --git a/tests/test-psk-no-id.conf b/tests/test-psk-no-id.conf index bc36456de..d6247b1e4 100644 --- a/tests/test-psk-no-id.conf +++ b/tests/test-psk-no-id.conf @@ -3,311 +3,263 @@ -I -v 3 -l PSK-CHACHA20-POLY1305 --2 # No Hint client TLSv1.2 PSK-CHACHA20-POLY1305 -s -v 3 -l PSK-CHACHA20-POLY1305 --2 # No Hint server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -s -I -v 3 -l DHE-PSK-CHACHA20-POLY1305 --2 # No Hint client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -s -v 3 -l DHE-PSK-CHACHA20-POLY1305 --2 # No Hint server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -s -I -v 3 -l ECDHE-PSK-CHACHA20-POLY1305 --2 # No Hint client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -s -v 3 -l ECDHE-PSK-CHACHA20-POLY1305 --2 # No Hint server TLSv1 ECDHE-PSK-AES128-SHA256 -s -I -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint client TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -I -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -I -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint server TLSv1 ECDHE-PSK-NULL-SHA256 -s -I -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint client TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -I -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -I -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint server TLSv1 PSK-AES128 -s -I -v 1 -l PSK-AES128-CBC-SHA --2 # No Hint client TLSv1 PSK-AES128 -s -v 1 -l PSK-AES128-CBC-SHA --2 # No Hint server TLSv1 PSK-AES256 -s -I -v 1 -l PSK-AES256-CBC-SHA --2 # No Hint client TLSv1 PSK-AES256 -s -v 1 -l PSK-AES256-CBC-SHA --2 # No Hint server TLSv1.1 PSK-AES128 -s -I -v 2 -l PSK-AES128-CBC-SHA --2 # No Hint client TLSv1.1 PSK-AES128 -s -v 2 -l PSK-AES128-CBC-SHA --2 # No Hint server TLSv1.1 PSK-AES256 -s -I -v 2 -l PSK-AES256-CBC-SHA --2 # No Hint client TLSv1.1 PSK-AES256 -s -v 2 -l PSK-AES256-CBC-SHA --2 # No Hint server TLSv1.2 PSK-AES128 -s -I -v 3 -l PSK-AES128-CBC-SHA --2 # No Hint client TLSv1.2 PSK-AES128 -s -v 3 -l PSK-AES128-CBC-SHA --2 # No Hint server TLSv1.2 PSK-AES256 -s -I -v 3 -l PSK-AES256-CBC-SHA --2 # No Hint client TLSv1.2 PSK-AES256 -s -v 3 -l PSK-AES256-CBC-SHA --2 # No Hint server TLSv1.0 PSK-AES128-SHA256 -s -I -v 1 -l PSK-AES128-CBC-SHA256 --2 # No Hint client TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l PSK-AES128-CBC-SHA256 --2 # No Hint server TLSv1.1 PSK-AES128-SHA256 -s -I -v 2 -l PSK-AES128-CBC-SHA256 --2 # No Hint client TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l PSK-AES128-CBC-SHA256 --2 # No Hint server TLSv1.2 PSK-AES128-SHA256 -s -I -v 3 -l PSK-AES128-CBC-SHA256 --2 # No Hint client TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l PSK-AES128-CBC-SHA256 --2 # No Hint server TLSv1.0 PSK-AES256-SHA384 -s -I -v 1 -l PSK-AES256-CBC-SHA384 --2 # No Hint client TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l PSK-AES256-CBC-SHA384 --2 # No Hint server TLSv1.1 PSK-AES256-SHA384 -s -I -v 2 -l PSK-AES256-CBC-SHA384 --2 # No Hint client TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l PSK-AES256-CBC-SHA384 --2 # No Hint server TLSv1.2 PSK-AES256-SHA384 -s -I -v 3 -l PSK-AES256-CBC-SHA384 --2 # No Hint client TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l PSK-AES256-CBC-SHA384 --2 # server TLSv1.2 PSK-AES128-GCM-SHA256 -s -I -v 3 -l PSK-AES128-GCM-SHA256 --2 # client TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # server TLSv1.2 PSK-AES256-GCM-SHA384 -s -I -v 3 -l PSK-AES256-GCM-SHA384 --2 # client TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # server TLSv1.3 AES128-GCM-SHA256 -s -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 AES128-GCM-SHA256 -s -v 4 -l TLS13-AES128-GCM-SHA256 --2 # server TLSv1.3 accepting EarlyData using PSK -v 4 @@ -315,7 +267,6 @@ -r -s -0 --2 # client TLSv1.3 sending EarlyData using PSK -v 4 @@ -323,14 +274,12 @@ -r -s -0 --2 # server TLSv1.3 not accepting EarlyData using PSK -v 4 -l TLS13-AES128-GCM-SHA256 -r -s --2 # client TLSv1.3 sending EarlyData using PSK -v 4 @@ -338,7 +287,6 @@ -r -s -0 --2 # server TLSv1.3 accepting EarlyData using PSK -v 4 @@ -346,11 +294,9 @@ -r -s -0 --2 # client TLSv1.3 not sending EarlyData using PSK -v 4 -l TLS13-AES128-GCM-SHA256 -r -s --2 diff --git a/tests/test-psk.conf b/tests/test-psk.conf index e726ac9cf..f4f11b298 100644 --- a/tests/test-psk.conf +++ b/tests/test-psk.conf @@ -1,9 +1,7 @@ # server - PSK plus certificates -j -l PSK-CHACHA20-POLY1305 --2 # client- standard PSK -s -l PSK-CHACHA20-POLY1305 --2 diff --git a/tests/test-qsh.conf b/tests/test-qsh.conf index 9704987db..357467465 100644 --- a/tests/test-qsh.conf +++ b/tests/test-qsh.conf @@ -2,2479 +2,2035 @@ -v 3 -s -l QSH:DHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:DHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:ECDHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:ECDHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:DHE-RSA-CHACHA20-POLY1305-OLD --2 # client TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:DHE-RSA-CHACHA20-POLY1305-OLD --2 # server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:ECDHE-ECDSA-CHACHA20-POLY1305-OLD -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l QSH:DHE-RSA-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l QSH:DHE-RSA-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -v 3 -l QSH:ECDHE-RSA-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -v 3 -l QSH:ECDHE-RSA-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -v 3 -l QSH:ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -v 3 -l QSH:ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem --2 # server SSLv3 RC4-SHA -v 0 -l QSH:RC4-SHA --2 # client SSLv3 RC4-SHA -v 0 -l QSH:RC4-SHA --2 # server SSLv3 RC4-MD5 -v 0 -l QSH:RC4-MD5 --2 # client SSLv3 RC4-MD5 -v 0 -l QSH:RC4-MD5 --2 # server SSLv3 DES-CBC3-SHA -v 0 -l QSH:DES-CBC3-SHA --2 # client SSLv3 DES-CBC3-SHA -v 0 -l QSH:DES-CBC3-SHA --2 # server SSLv3 IDEA-CBC-SHA -v 0 -l QSH:IDEA-CBC-SHA --2 # client SSLv3 IDEA-CBC-SHA -v 0 -l QSH:IDEA-CBC-SHA --2 # server TLSv1 RC4-SHA -v 1 -l QSH:RC4-SHA --2 # client TLSv1 RC4-SHA -v 1 -l QSH:RC4-SHA --2 # server TLSv1 RC4-MD5 -v 1 -l QSH:RC4-MD5 --2 # client TLSv1 RC4-MD5 -v 1 -l QSH:RC4-MD5 --2 # server TLSv1 DES-CBC3-SHA -v 1 -l QSH:DES-CBC3-SHA --2 # client TLSv1 DES-CBC3-SHA -v 1 -l QSH:DES-CBC3-SHA --2 # server TLSv1 IDEA-CBC-SHA -v 1 -l QSH:IDEA-CBC-SHA --2 # client TLSv1 IDEA-CBC-SHA -v 1 -l QSH:IDEA-CBC-SHA --2 # server TLSv1 AES128-SHA -v 1 -l QSH:AES128-SHA --2 # client TLSv1 AES128-SHA -v 1 -l QSH:AES128-SHA --2 # server TLSv1 AES256-SHA -v 1 -l QSH:AES256-SHA --2 # client TLSv1 AES256-SHA -v 1 -l QSH:AES256-SHA --2 # server TLSv1 AES128-SHA256 -v 1 -l QSH:AES128-SHA256 --2 # client TLSv1 AES128-SHA256 -v 1 -l QSH:AES128-SHA256 --2 # server TLSv1 AES256-SHA256 -v 1 -l QSH:AES256-SHA256 --2 # client TLSv1 AES256-SHA256 -v 1 -l QSH:AES256-SHA256 --2 # server TLSv1.1 RC4-SHA -v 2 -l QSH:RC4-SHA --2 # client TLSv1.1 RC4-SHA -v 2 -l QSH:RC4-SHA --2 # server TLSv1.1 RC4-MD5 -v 2 -l QSH:RC4-MD5 --2 # client TLSv1.1 RC4-MD5 -v 2 -l QSH:RC4-MD5 --2 # server TLSv1.1 IDEA-CBC-SHA -v 2 -l QSH:IDEA-CBC-SHA --2 # client TLSv1.1 IDEA-CBC-SHA -v 2 -l QSH:IDEA-CBC-SHA --2 # server TLSv1.1 DES-CBC3-SHA -v 2 -l QSH:DES-CBC3-SHA --2 # client TLSv1.1 DES-CBC3-SHA -v 2 -l QSH:DES-CBC3-SHA --2 # server TLSv1.1 AES128-SHA -v 2 -l QSH:AES128-SHA --2 # client TLSv1.1 AES128-SHA -v 2 -l QSH:AES128-SHA --2 # server TLSv1.1 AES256-SHA -v 2 -l QSH:AES256-SHA --2 # client TLSv1.1 AES256-SHA -v 2 -l QSH:AES256-SHA --2 # server TLSv1.1 AES128-SHA256 -v 2 -l QSH:AES128-SHA256 --2 # client TLSv1.1 AES128-SHA256 -v 2 -l QSH:AES128-SHA256 --2 # server TLSv1.1 AES256-SHA256 -v 2 -l QSH:AES256-SHA256 --2 # client TLSv1.1 AES256-SHA256 -v 2 -l QSH:AES256-SHA256 --2 # server TLSv1.2 RC4-SHA -v 3 -l QSH:RC4-SHA --2 # client TLSv1.2 RC4-SHA -v 3 -l QSH:RC4-SHA --2 # server TLSv1.2 RC4-MD5 -v 3 -l QSH:RC4-MD5 --2 # client TLSv1.2 RC4-MD5 -v 3 -l QSH:RC4-MD5 --2 # server TLSv1.2 DES-CBC3-SHA -v 3 -l QSH:DES-CBC3-SHA --2 # client TLSv1.2 DES-CBC3-SHA -v 3 -l QSH:DES-CBC3-SHA --2 # server TLSv1.2 AES128-SHA -v 3 -l QSH:AES128-SHA --2 # client TLSv1.2 AES128-SHA -v 3 -l QSH:AES128-SHA --2 # server TLSv1.2 AES256-SHA -v 3 -l QSH:AES256-SHA --2 # client TLSv1.2 AES256-SHA -v 3 -l QSH:AES256-SHA --2 # server TLSv1.2 AES128-SHA256 -v 3 -l QSH:AES128-SHA256 --2 # client TLSv1.2 AES128-SHA256 -v 3 -l QSH:AES128-SHA256 --2 # server TLSv1.2 AES256-SHA256 -v 3 -l QSH:AES256-SHA256 --2 # client TLSv1.2 AES256-SHA256 -v 3 -l QSH:AES256-SHA256 --2 # server TLSv1 ECDHE-RSA-RC4 -v 1 -l QSH:ECDHE-RSA-RC4-SHA --2 # client TLSv1 ECDHE-RSA-RC4 -v 1 -l QSH:ECDHE-RSA-RC4-SHA --2 # server TLSv1 ECDHE-RSA-DES3 -v 1 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1 ECDHE-RSA-DES3 -v 1 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1 ECDHE-RSA-AES128 -v 1 -l QSH:ECDHE-RSA-AES128-SHA --2 # client TLSv1 ECDHE-RSA-AES128 -v 1 -l QSH:ECDHE-RSA-AES128-SHA --2 # server TLSv1 ECDHE-RSA-AES256 -v 1 -l QSH:ECDHE-RSA-AES256-SHA --2 # client TLSv1 ECDHE-RSA-AES256 -v 1 -l QSH:ECDHE-RSA-AES256-SHA --2 # server TLSv1 ECDHE-ECDSA-NULL-SHA -v 1 -l QSH:ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -v 1 -l QSH:ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-NULL-SHA -v 2 -l QSH:ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -v 2 -l QSH:ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-NULL-SHA -v 3 -l QSH:ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-NULL-SHA -v 3 -l QSH:ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-RSA-RC4 -v 2 -l QSH:ECDHE-RSA-RC4-SHA --2 # client TLSv1.1 ECDHE-RSA-RC4 -v 2 -l QSH:ECDHE-RSA-RC4-SHA --2 # server TLSv1.1 ECDHE-RSA-DES3 -v 2 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1.1 ECDHE-RSA-DES3 -v 2 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1.1 ECDHE-RSA-AES128 -v 2 -l QSH:ECDHE-RSA-AES128-SHA --2 # client TLSv1.1 ECDHE-RSA-AES128 -v 2 -l QSH:ECDHE-RSA-AES128-SHA --2 # server TLSv1.1 ECDHE-RSA-AES256 -v 2 -l QSH:ECDHE-RSA-AES256-SHA --2 # client TLSv1.1 ECDHE-RSA-AES256 -v 2 -l QSH:ECDHE-RSA-AES256-SHA --2 # server TLSv1.2 ECDHE-RSA-RC4 -v 3 -l QSH:ECDHE-RSA-RC4-SHA --2 # client TLSv1.2 ECDHE-RSA-RC4 -v 3 -l QSH:ECDHE-RSA-RC4-SHA --2 # server TLSv1.2 ECDHE-RSA-DES3 -v 3 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1.2 ECDHE-RSA-DES3 -v 3 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1.2 ECDHE-RSA-AES128 -v 3 -l QSH:ECDHE-RSA-AES128-SHA --2 # client TLSv1.2 ECDHE-RSA-AES128 -v 3 -l QSH:ECDHE-RSA-AES128-SHA --2 # server TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l QSH:ECDHE-RSA-AES128-SHA256 --2 # client TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l QSH:ECDHE-RSA-AES128-SHA256 --2 # server TLSv1.2 ECDHE-RSA-AES256 -v 3 -l QSH:ECDHE-RSA-AES256-SHA --2 # client TLSv1.2 ECDHE-RSA-AES256 -v 3 -l QSH:ECDHE-RSA-AES256-SHA --2 # server TLSv1 ECDHE-ECDSA-RC4 -v 1 -l QSH:ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-RC4 -v 1 -l QSH:ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-DES3 -v 1 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-DES3 -v 1 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l QSH:ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l QSH:ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES256 -v 1 -l QSH:ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES256 -v 1 -l QSH:ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-EDCSA-RC4 -v 2 -l QSH:ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-RC4 -v 2 -l QSH:ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l QSH:ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l QSH:ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l QSH:ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l QSH:ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l QSH:ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l QSH:ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l QSH:ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l QSH:ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l QSH:ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l QSH:ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l QSH:ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l QSH:ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-RSA-RC4 -v 1 -l QSH:ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-RC4 -v 1 -l QSH:ECDH-RSA-RC4-SHA --2 # server TLSv1 ECDH-RSA-DES3 -v 1 -l QSH:ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-DES3 -v 1 -l QSH:ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1 ECDH-RSA-AES128 -v 1 -l QSH:ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-AES128 -v 1 -l QSH:ECDH-RSA-AES128-SHA --2 # server TLSv1 ECDH-RSA-AES256 -v 1 -l QSH:ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-AES256 -v 1 -l QSH:ECDH-RSA-AES256-SHA --2 # server TLSv1.1 ECDH-RSA-RC4 -v 2 -l QSH:ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-RC4 -v 2 -l QSH:ECDH-RSA-RC4-SHA --2 # server TLSv1.1 ECDH-RSA-DES3 -v 2 -l QSH:ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-DES3 -v 2 -l QSH:ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1.1 ECDH-RSA-AES128 -v 2 -l QSH:ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-AES128 -v 2 -l QSH:ECDH-RSA-AES128-SHA --2 # server TLSv1.1 ECDH-RSA-AES256 -v 2 -l QSH:ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-AES256 -v 2 -l QSH:ECDH-RSA-AES256-SHA --2 # server TLSv1.2 ECDH-RSA-RC4 -v 3 -l QSH:ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-RC4 -v 3 -l QSH:ECDH-RSA-RC4-SHA --2 # server TLSv1.2 ECDH-RSA-DES3 -v 3 -l QSH:ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-DES3 -v 3 -l QSH:ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1.2 ECDH-RSA-AES128 -v 3 -l QSH:ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128 -v 3 -l QSH:ECDH-RSA-AES128-SHA --2 # server TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l QSH:ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l QSH:ECDH-RSA-AES128-SHA256 --2 # server TLSv1.2 ECDH-RSA-AES256 -v 3 -l QSH:ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256 -v 3 -l QSH:ECDH-RSA-AES256-SHA --2 # server TLSv1 ECDH-ECDSA-RC4 -v 1 -l QSH:ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-RC4 -v 1 -l QSH:ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-DES3 -v 1 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-DES3 -v 1 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-AES128 -v 1 -l QSH:ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-AES128 -v 1 -l QSH:ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-AES256 -v 1 -l QSH:ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-AES256 -v 1 -l QSH:ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-EDCSA-RC4 -v 2 -l QSH:ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-RC4 -v 2 -l QSH:ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-DES3 -v 2 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-DES3 -v 2 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l QSH:ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l QSH:ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-AES256 -v 2 -l QSH:ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-AES256 -v 2 -l QSH:ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l QSH:ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-RC4 -v 3 -l QSH:ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-DES3 -v 3 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-DES3 -v 3 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l QSH:ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l QSH:ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l QSH:ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l QSH:ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l QSH:ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l QSH:ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l QSH:ECDHE-RSA-AES256-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l QSH:ECDHE-RSA-AES256-SHA384 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l QSH:ECDHE-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l QSH:ECDHE-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l QSH:ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l QSH:ECDH-RSA-AES256-SHA384 --2 # server TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l QSH:ECDH-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l QSH:ECDH-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 HC128-SHA -v 1 -l QSH:HC128-SHA --2 # client TLSv1 HC128-SHA -v 1 -l QSH:HC128-SHA --2 # server TLSv1 HC128-MD5 -v 1 -l QSH:HC128-MD5 --2 # client TLSv1 HC128-MD5 -v 1 -l QSH:HC128-MD5 --2 # server TLSv1 HC128-B2B256 -v 1 -l QSH:HC128-B2B256 --2 # client TLSv1 HC128-B2B256 -v 1 -l QSH:HC128-B2B256 --2 # server TLSv1 AES128-B2B256 -v 1 -l QSH:AES128-B2B256 --2 # client TLSv1 AES128-B2B256 -v 1 -l QSH:AES128-B2B256 --2 # server TLSv1 AES256-B2B256 -v 1 -l QSH:AES256-B2B256 --2 # client TLSv1 AES256-B2B256 -v 1 -l QSH:AES256-B2B256 --2 # server TLSv1.1 HC128-SHA -v 2 -l QSH:HC128-SHA --2 # client TLSv1.1 HC128-SHA -v 2 -l QSH:HC128-SHA --2 # server TLSv1.1 HC128-MD5 -v 2 -l QSH:HC128-MD5 --2 # client TLSv1.1 HC128-MD5 -v 2 -l QSH:HC128-MD5 --2 # server TLSv1.1 HC128-B2B256 -v 2 -l QSH:HC128-B2B256 --2 # client TLSv1.1 HC128-B2B256 -v 2 -l QSH:HC128-B2B256 --2 # server TLSv1.1 AES128-B2B256 -v 2 -l QSH:AES128-B2B256 --2 # client TLSv1.1 AES128-B2B256 -v 2 -l QSH:AES128-B2B256 --2 # server TLSv1.1 AES256-B2B256 -v 2 -l QSH:AES256-B2B256 --2 # client TLSv1.1 AES256-B2B256 -v 2 -l QSH:AES256-B2B256 --2 # server TLSv1.2 HC128-SHA -v 3 -l QSH:HC128-SHA --2 # client TLSv1.2 HC128-SHA -v 3 -l QSH:HC128-SHA --2 # server TLSv1.2 HC128-MD5 -v 3 -l QSH:HC128-MD5 --2 # client TLSv1.2 HC128-MD5 -v 3 -l QSH:HC128-MD5 --2 # server TLSv1.2 HC128-B2B256 -v 3 -l QSH:HC128-B2B256 --2 # client TLSv1.2 HC128-B2B256 -v 3 -l QSH:HC128-B2B256 --2 # server TLSv1.2 AES128-B2B256 -v 3 -l QSH:AES128-B2B256 --2 # client TLSv1.2 AES128-B2B256 -v 3 -l QSH:AES128-B2B256 --2 # server TLSv1.2 AES256-B2B256 -v 3 -l QSH:AES256-B2B256 --2 # client TLSv1.2 AES256-B2B256 -v 3 -l QSH:AES256-B2B256 --2 # server TLSv1 RABBIT-SHA -v 1 -l QSH:RABBIT-SHA --2 # client TLSv1 RABBIT-SHA -v 1 -l QSH:RABBIT-SHA --2 # server TLSv1.1 RABBIT-SHA -v 2 -l QSH:RABBIT-SHA --2 # client TLSv1.1 RABBIT-SHA -v 2 -l QSH:RABBIT-SHA --2 # server TLSv1.2 RABBIT-SHA -v 3 -l QSH:RABBIT-SHA --2 # client TLSv1.2 RABBIT-SHA -v 3 -l QSH:RABBIT-SHA --2 # server TLSv1 DHE AES128 -v 1 -l QSH:DHE-RSA-AES128-SHA --2 # client TLSv1 DHE AES128 -v 1 -l QSH:DHE-RSA-AES128-SHA --2 # server TLSv1 DHE AES256 -v 1 -l QSH:DHE-RSA-AES256-SHA --2 # client TLSv1 DHE AES256 -v 1 -l QSH:DHE-RSA-AES256-SHA --2 # server TLSv1 DHE AES128-SHA256 -v 1 -l QSH:DHE-RSA-AES128-SHA256 --2 # client TLSv1 DHE AES128-SHA256 -v 1 -l QSH:DHE-RSA-AES128-SHA256 --2 # server TLSv1 DHE AES256-SHA256 -v 1 -l QSH:DHE-RSA-AES256-SHA256 --2 # client TLSv1 DHE AES256-SHA256 -v 1 -l QSH:DHE-RSA-AES256-SHA256 --2 # server TLSv1.1 DHE AES128 -v 2 -l QSH:DHE-RSA-AES128-SHA --2 # client TLSv1.1 DHE AES128 -v 2 -l QSH:DHE-RSA-AES128-SHA --2 # server TLSv1.1 DHE AES256 -v 2 -l QSH:DHE-RSA-AES256-SHA --2 # client TLSv1.1 DHE AES256 -v 2 -l QSH:DHE-RSA-AES256-SHA --2 # server TLSv1.1 DHE AES128-SHA256 -v 2 -l QSH:DHE-RSA-AES128-SHA256 --2 # client TLSv1.1 DHE AES128-SHA256 -v 2 -l QSH:DHE-RSA-AES128-SHA256 --2 # server TLSv1.1 DHE AES256-SHA256 -v 2 -l QSH:DHE-RSA-AES256-SHA256 --2 # client TLSv1.1 DHE AES256-SHA256 -v 2 -l QSH:DHE-RSA-AES256-SHA256 --2 # server TLSv1.2 DHE AES128 -v 3 -l QSH:DHE-RSA-AES128-SHA --2 # client TLSv1.2 DHE AES128 -v 3 -l QSH:DHE-RSA-AES128-SHA --2 # server TLSv1.2 DHE AES256 -v 3 -l QSH:DHE-RSA-AES256-SHA --2 # client TLSv1.2 DHE AES256 -v 3 -l QSH:DHE-RSA-AES256-SHA --2 # server TLSv1.2 DHE AES128-SHA256 -v 3 -l QSH:DHE-RSA-AES128-SHA256 --2 # client TLSv1.2 DHE AES128-SHA256 -v 3 -l QSH:DHE-RSA-AES128-SHA256 --2 # server TLSv1.2 DHE AES256-SHA256 -v 3 -l QSH:DHE-RSA-AES256-SHA256 --2 # client TLSv1.2 DHE AES256-SHA256 -v 3 -l QSH:DHE-RSA-AES256-SHA256 --2 # server TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # client TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # server TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # client TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # server TLSv1 PSK-AES128 -s -v 1 -l QSH:PSK-AES128-CBC-SHA --2 # client TLSv1 PSK-AES128 -s -v 1 -l QSH:PSK-AES128-CBC-SHA --2 # server TLSv1 PSK-AES256 -s -v 1 -l QSH:PSK-AES256-CBC-SHA --2 # client TLSv1 PSK-AES256 -s -v 1 -l QSH:PSK-AES256-CBC-SHA --2 # server TLSv1.1 PSK-AES128 -s -v 2 -l QSH:PSK-AES128-CBC-SHA --2 # client TLSv1.1 PSK-AES128 -s -v 2 -l QSH:PSK-AES128-CBC-SHA --2 # server TLSv1.1 PSK-AES256 -s -v 2 -l QSH:PSK-AES256-CBC-SHA --2 # client TLSv1.1 PSK-AES256 -s -v 2 -l QSH:PSK-AES256-CBC-SHA --2 # server TLSv1.2 PSK-AES128 -s -v 3 -l QSH:PSK-AES128-CBC-SHA --2 # client TLSv1.2 PSK-AES128 -s -v 3 -l QSH:PSK-AES128-CBC-SHA --2 # server TLSv1.2 PSK-AES256 -s -v 3 -l QSH:PSK-AES256-CBC-SHA --2 # client TLSv1.2 PSK-AES256 -s -v 3 -l QSH:PSK-AES256-CBC-SHA --2 # server TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l QSH:PSK-AES128-CBC-SHA256 --2 # client TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l QSH:PSK-AES128-CBC-SHA256 --2 # server TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l QSH:PSK-AES128-CBC-SHA256 --2 # client TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l QSH:PSK-AES128-CBC-SHA256 --2 # server TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l QSH:PSK-AES128-CBC-SHA256 --2 # client TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l QSH:PSK-AES128-CBC-SHA256 --2 # server TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l QSH:PSK-AES256-CBC-SHA384 --2 # client TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l QSH:PSK-AES256-CBC-SHA384 --2 # server TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l QSH:PSK-AES256-CBC-SHA384 --2 # client TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l QSH:PSK-AES256-CBC-SHA384 --2 # server TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l QSH:PSK-AES256-CBC-SHA384 --2 # client TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l QSH:PSK-AES256-CBC-SHA384 --2 # server TLSv1.0 PSK-NULL -s -v 1 -l QSH:PSK-NULL-SHA --2 # client TLSv1.0 PSK-NULL -s -v 1 -l QSH:PSK-NULL-SHA --2 # server TLSv1.1 PSK-NULL -s -v 2 -l QSH:PSK-NULL-SHA --2 # client TLSv1.1 PSK-NULL -s -v 2 -l QSH:PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL -s -v 3 -l QSH:PSK-NULL-SHA --2 # client TLSv1.2 PSK-NULL -s -v 3 -l QSH:PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l QSH:PSK-NULL-SHA256 --2 # client TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l QSH:PSK-NULL-SHA256 --2 # server TLSv1.2 PSK-NULL-SHA384 -s -v 3 -l QSH:PSK-NULL-SHA384 --2 # client TLSv1.2 PSK-NULL-SHA384 -s -v 3 -l QSH:PSK-NULL-SHA384 --2 # server TLSv1.2 PSK-NULL -s -v 3 -l QSH:PSK-NULL-SHA --2 # client TLSv1.2 PSK-NULL -s -v 3 -l QSH:PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l QSH:PSK-NULL-SHA256 --2 # client TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l QSH:PSK-NULL-SHA256 --2 # server TLSv1.0 RSA-NULL-SHA -v 1 -l QSH:NULL-SHA --2 # client TLSv1.0 RSA-NULL-SHA -v 1 -l QSH:NULL-SHA --2 # server TLSv1.1 RSA-NULL-SHA -v 2 -l QSH:NULL-SHA --2 # client TLSv1.1 RSA-NULL-SHA -v 2 -l QSH:NULL-SHA --2 # server TLSv1.2 RSA-NULL-SHA -v 3 -l QSH:NULL-SHA --2 # client TLSv1.2 RSA-NULL-SHA -v 3 -l QSH:NULL-SHA --2 # server TLSv1.0 RSA-NULL-SHA256 -v 1 -l QSH:NULL-SHA256 --2 # client TLSv1.0 RSA-NULL-SHA256 -v 1 -l QSH:NULL-SHA256 --2 # server TLSv1.1 RSA-NULL-SHA256 -v 2 -l QSH:NULL-SHA256 --2 # client TLSv1.1 RSA-NULL-SHA256 -v 2 -l QSH:NULL-SHA256 --2 # server TLSv1.2 RSA-NULL-SHA256 -v 3 -l QSH:NULL-SHA256 --2 # client TLSv1.2 RSA-NULL-SHA256 -v 3 -l QSH:NULL-SHA256 --2 # server TLSv1 CAMELLIA128-SHA -v 1 -l QSH:CAMELLIA128-SHA --2 # client TLSv1 CAMELLIA128-SHA -v 1 -l QSH:CAMELLIA128-SHA --2 # server TLSv1 CAMELLIA256-SHA -v 1 -l QSH:CAMELLIA256-SHA --2 # client TLSv1 CAMELLIA256-SHA -v 1 -l QSH:CAMELLIA256-SHA --2 # server TLSv1 CAMELLIA128-SHA256 -v 1 -l QSH:CAMELLIA128-SHA256 --2 # client TLSv1 CAMELLIA128-SHA256 -v 1 -l QSH:CAMELLIA128-SHA256 --2 # server TLSv1 CAMELLIA256-SHA256 -v 1 -l QSH:CAMELLIA256-SHA256 --2 # client TLSv1 CAMELLIA256-SHA256 -v 1 -l QSH:CAMELLIA256-SHA256 --2 # server TLSv1.1 CAMELLIA128-SHA -v 2 -l QSH:CAMELLIA128-SHA --2 # client TLSv1.1 CAMELLIA128-SHA -v 2 -l QSH:CAMELLIA128-SHA --2 # server TLSv1.1 CAMELLIA256-SHA -v 2 -l QSH:CAMELLIA256-SHA --2 # client TLSv1.1 CAMELLIA256-SHA -v 2 -l QSH:CAMELLIA256-SHA --2 # server TLSv1.1 CAMELLIA128-SHA256 -v 2 -l QSH:CAMELLIA128-SHA256 --2 # client TLSv1.1 CAMELLIA128-SHA256 -v 2 -l QSH:CAMELLIA128-SHA256 --2 # server TLSv1.1 CAMELLIA256-SHA256 -v 2 -l QSH:CAMELLIA256-SHA256 --2 # client TLSv1.1 CAMELLIA256-SHA256 -v 2 -l QSH:CAMELLIA256-SHA256 --2 # server TLSv1.2 CAMELLIA128-SHA -v 3 -l QSH:CAMELLIA128-SHA --2 # client TLSv1.2 CAMELLIA128-SHA -v 3 -l QSH:CAMELLIA128-SHA --2 # server TLSv1.2 CAMELLIA256-SHA -v 3 -l QSH:CAMELLIA256-SHA --2 # client TLSv1.2 CAMELLIA256-SHA -v 3 -l QSH:CAMELLIA256-SHA --2 # server TLSv1.2 CAMELLIA128-SHA256 -v 3 -l QSH:CAMELLIA128-SHA256 --2 # client TLSv1.2 CAMELLIA128-SHA256 -v 3 -l QSH:CAMELLIA128-SHA256 --2 # server TLSv1.2 CAMELLIA256-SHA256 -v 3 -l QSH:CAMELLIA256-SHA256 --2 # client TLSv1.2 CAMELLIA256-SHA256 -v 3 -l QSH:CAMELLIA256-SHA256 --2 # server TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l QSH:AES128-GCM-SHA256 --2 # client TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l QSH:AES128-GCM-SHA256 --2 # server TLSv1.2 RSA-AES256-GCM-SHA384 -v 3 -l QSH:AES256-GCM-SHA384 --2 # client TLSv1.2 RSA-AES256-GCM-SHA384 -v 3 -l QSH:AES256-GCM-SHA384 --2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDH-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDHE-RSA-AES128-GCM-SHA256 --2 # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDHE-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDHE-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDH-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDH-RSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDH-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l QSH:DHE-RSA-AES128-GCM-SHA256 --2 # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l QSH:DHE-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l QSH:DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l QSH:DHE-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l QSH:PSK-AES128-GCM-SHA256 --2 # client TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l QSH:PSK-AES128-GCM-SHA256 --2 # server TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l QSH:PSK-AES256-GCM-SHA384 --2 # client TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l QSH:PSK-AES256-GCM-SHA384 --2 # server TLSv1.2 AES128-CCM-8 -v 3 -l QSH:AES128-CCM-8 --2 # client TLSv1.2 AES128-CCM-8 -v 3 -l QSH:AES128-CCM-8 --2 # server TLSv1.2 AES256-CCM-8 -v 3 -l QSH:AES256-CCM-8 --2 # client TLSv1.2 AES256-CCM-8 -v 3 -l QSH:AES256-CCM-8 --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l QSH:ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l QSH:ECDHE-ECDSA-AES128-CCM -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l QSH:ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l QSH:ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -v 3 -l QSH:ECDHE-ECDSA-AES256-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -v 3 -l QSH:ECDHE-ECDSA-AES256-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 PSK-AES128-CCM -s -v 3 -l QSH:PSK-AES128-CCM --2 # client TLSv1.2 PSK-AES128-CCM -s -v 3 -l QSH:PSK-AES128-CCM --2 # server TLSv1.2 PSK-AES256-CCM -s -v 3 -l QSH:PSK-AES256-CCM --2 # client TLSv1.2 PSK-AES256-CCM -s -v 3 -l QSH:PSK-AES256-CCM --2 # server TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l QSH:PSK-AES128-CCM-8 --2 # client TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l QSH:PSK-AES128-CCM-8 --2 # server TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l QSH:PSK-AES256-CCM-8 --2 # client TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l QSH:PSK-AES256-CCM-8 --2 # server TLSv1.0 DHE-PSK-AES128-CBC-SHA256 -s -v 1 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.0 DHE-PSK-AES128-CBC-SHA256 -s -v 1 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # server TLSv1.1 DHE-PSK-AES128-CBC-SHA256 -s -v 2 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.1 DHE-PSK-AES128-CBC-SHA256 -s -v 2 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 -s -v 3 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 -s -v 3 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # server TLSv1.0 DHE-PSK-AES256-CBC-SHA384 -s -v 1 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.0 DHE-PSK-AES256-CBC-SHA384 -s -v 1 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.1 DHE-PSK-AES256-CBC-SHA384 -s -v 2 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.1 DHE-PSK-AES256-CBC-SHA384 -s -v 2 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.2 DHE-PSK-AES256-CBC-SHA384 -s -v 3 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.2 DHE-PSK-AES256-CBC-SHA384 -s -v 3 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.0 DHE-PSK-NULL-SHA256 -s -v 1 -l QSH:DHE-PSK-NULL-SHA256 --2 # client TLSv1.0 DHE-PSK-NULL-SHA256 -s -v 1 -l QSH:DHE-PSK-NULL-SHA256 --2 # server TLSv1.1 DHE-PSK-NULL-SHA256 -s -v 2 -l QSH:DHE-PSK-NULL-SHA256 --2 # client TLSv1.1 DHE-PSK-NULL-SHA256 -s -v 2 -l QSH:DHE-PSK-NULL-SHA256 --2 # server TLSv1.2 DHE-PSK-NULL-SHA256 -s -v 3 -l QSH:DHE-PSK-NULL-SHA256 --2 # client TLSv1.2 DHE-PSK-NULL-SHA256 -s -v 3 -l QSH:DHE-PSK-NULL-SHA256 --2 # server TLSv1.0 DHE-PSK-NULL-SHA384 -s -v 1 -l QSH:DHE-PSK-NULL-SHA384 --2 # client TLSv1.0 DHE-PSK-NULL-SHA384 -s -v 1 -l QSH:DHE-PSK-NULL-SHA384 --2 # server TLSv1.1 DHE-PSK-NULL-SHA384 -s -v 2 -l QSH:DHE-PSK-NULL-SHA384 --2 # client TLSv1.1 DHE-PSK-NULL-SHA384 -s -v 2 -l QSH:DHE-PSK-NULL-SHA384 --2 # server TLSv1.2 DHE-PSK-NULL-SHA384 -s -v 3 -l QSH:DHE-PSK-NULL-SHA384 --2 # client TLSv1.2 DHE-PSK-NULL-SHA384 -s -v 3 -l QSH:DHE-PSK-NULL-SHA384 --2 # server TLSv1.2 DHE-PSK-AES128-GCM-SHA256 -s -v 3 -l QSH:DHE-PSK-AES128-GCM-SHA256 --2 # client TLSv1.2 DHE-PSK-AES128-GCM-SHA256 -s -v 3 -l QSH:DHE-PSK-AES128-GCM-SHA256 --2 # server TLSv1.2 DHE-PSK-AES256-GCM-SHA384 -s -v 3 -l QSH:DHE-PSK-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-PSK-AES256-GCM-SHA384 -s -v 3 -l QSH:DHE-PSK-AES256-GCM-SHA384 --2 # server TLSv1.2 DHE-PSK-AES128-CCM -s -v 3 -l QSH:DHE-PSK-AES128-CCM --2 # client TLSv1.2 DHE-PSK-AES128-CCM -s -v 3 -l QSH:DHE-PSK-AES128-CCM --2 # server TLSv1.2 DHE-PSK-AES256-CCM -s -v 3 -l QSH:DHE-PSK-AES256-CCM --2 # client TLSv1.2 DHE-PSK-AES256-CCM -s -v 3 -l QSH:DHE-PSK-AES256-CCM --2 # server TLSv1.2 ADH-AES128-SHA -a -v 3 -l QSH:ADH-AES128-SHA --2 # client TLSv1.2 ADH-AES128-SHA -a -v 3 -l QSH:ADH-AES128-SHA --2 # server TLSv1.1 ADH-AES128-SHA -a -v 2 -l QSH:ADH-AES128-SHA --2 # client TLSv1.1 ADH-AES128-SHA -a -v 2 -l QSH:ADH-AES128-SHA --2 # server TLSv1.0 ADH-AES128-SHA -a -v 1 -l QSH:ADH-AES128-SHA --2 # client TLSv1.0 ADH-AES128-SHA -a -v 1 -l QSH:ADH-AES128-SHA --2 # server TLSv1 NTRU_RC4 -v 1 @@ -2482,12 +2038,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_RC4 -v 1 -l QSH:NTRU-RC4-SHA --2 # server TLSv1 NTRU_DES3 -v 1 @@ -2495,12 +2049,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_DES3 -v 1 -l QSH:NTRU-DES-CBC3-SHA --2 # server TLSv1 NTRU_AES128 -v 1 @@ -2508,12 +2060,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_AES128 -v 1 -l QSH:NTRU-AES128-SHA --2 # server TLSv1 NTRU_AES256 -v 1 @@ -2521,12 +2071,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_AES256 -v 1 -l QSH:NTRU-AES256-SHA --2 # server TLSv1.1 NTRU_RC4 -v 2 @@ -2534,12 +2082,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_RC4 -v 2 -l QSH:NTRU-RC4-SHA --2 # server TLSv1.1 NTRU_DES3 -v 2 @@ -2547,12 +2093,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_DES3 -v 2 -l QSH:NTRU-DES-CBC3-SHA --2 # server TLSv1.1 NTRU_AES128 -v 2 @@ -2560,12 +2104,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_AES128 -v 2 -l QSH:NTRU-AES128-SHA --2 # server TLSv1.1 NTRU_AES256 -v 2 @@ -2573,12 +2115,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_AES256 -v 2 -l QSH:NTRU-AES256-SHA --2 # server TLSv1.2 NTRU_RC4 -v 3 @@ -2586,12 +2126,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_RC4 -v 3 -l QSH:NTRU-RC4-SHA --2 # server TLSv1.2 NTRU_DES3 -v 3 @@ -2599,12 +2137,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_DES3 -v 3 -l QSH:NTRU-DES-CBC3-SHA --2 # server TLSv1.2 NTRU_AES128 -v 3 @@ -2612,9 +2148,7 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_AES128 -v 3 -l QSH:NTRU-AES128-SHA --2 diff --git a/tests/test-sctp.conf b/tests/test-sctp.conf index 79727512d..1f6a303fc 100644 --- a/tests/test-sctp.conf +++ b/tests/test-sctp.conf @@ -2,25 +2,21 @@ -G -v 2 -l DHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1 DHE-RSA-CHACHA20-POLY1305 -G -v 2 -l DHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1 ECDHE-RSA-CHACHA20-POLY1305 -G -v 2 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1 ECDHE-RSA-CHACHA20-POLY1305 -G -v 2 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1 ECDHE-EDCSA-CHACHA20-POLY1305 -G @@ -28,38 +24,32 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1 ECDHE-ECDSA-CHACHA20-POLY1305 -G -v 2 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 -G -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 -G -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -G -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -G -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -G @@ -67,80 +57,68 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -G -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -G -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -G -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -G -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -G -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 PSK-CHACHA20-POLY1305 -G -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 PSK-CHACHA20-POLY1305 -G -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -G -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -G -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -G -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -G -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD -G @@ -148,278 +126,232 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD -G -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1 RC4-SHA -G -v 2 -l RC4-SHA --2 # client DTLSv1 RC4-SHA -G -v 2 -l RC4-SHA --2 # server DTLSv1.2 RC4-SHA -G -v 3 -l RC4-SHA --2 # client DTLSv1.2 RC4-SHA -G -v 3 -l RC4-SHA --2 # server DTLSv1 IDEA-CBC-SHA -G -v 2 -l IDEA-CBC-SHA --2 # client DTLSv1 IDEA-CBC-SHA -G -v 2 -l IDEA-CBC-SHA --2 # server DTLSv1 DES-CBC3-SHA -G -v 2 -l DES-CBC3-SHA --2 # client DTLSv1 DES-CBC3-SHA -G -v 2 -l DES-CBC3-SHA --2 # server DTLSv1.2 DES-CBC3-SHA -G -v 3 -l DES-CBC3-SHA --2 # client DTLSv1.2 DES-CBC3-SHA -G -v 3 -l DES-CBC3-SHA --2 # server DTLSv1 AES128-SHA -G -v 2 -l AES128-SHA --2 # client DTLSv1 AES128-SHA -G -v 2 -l AES128-SHA --2 # server DTLSv1.2 AES128-SHA -G -v 3 -l AES128-SHA --2 # client DTLSv1.2 AES128-SHA -G -v 3 -l AES128-SHA --2 # server DTLSv1 AES256-SHA -G -v 2 -l AES256-SHA --2 # client DTLSv1 AES256-SHA -G -v 2 -l AES256-SHA --2 # server DTLSv1.2 AES256-SHA -G -v 3 -l AES256-SHA --2 # client DTLSv1.2 AES256-SHA -G -v 3 -l AES256-SHA --2 # server DTLSv1 AES128-SHA256 -G -v 2 -l AES128-SHA256 --2 # client DTLSv1 AES128-SHA256 -G -v 2 -l AES128-SHA256 --2 # server DTLSv1.2 AES128-SHA256 -G -v 3 -l AES128-SHA256 --2 # client DTLSv1.2 AES128-SHA256 -G -v 3 -l AES128-SHA256 --2 # server DTLSv1 AES256-SHA256 -G -v 2 -l AES256-SHA256 --2 # client DTLSv1 AES256-SHA256 -G -v 2 -l AES256-SHA256 --2 # server DTLSv1.2 AES256-SHA256 -G -v 3 -l AES256-SHA256 --2 # client DTLSv1.2 AES256-SHA256 -G -v 3 -l AES256-SHA256 --2 # server DTLSv1 ECDHE-RSA-RC4 -G -v 2 -l ECDHE-RSA-RC4-SHA --2 # client DTLSv1 ECDHE-RSA-RC4 -G -v 2 -l ECDHE-RSA-RC4-SHA --2 # server DTLSv1.1 ECDHE-RSA-DES3 -G -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # client DTLSv1.1 ECDHE-RSA-DES3 -G -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # server DTLSv1.1 ECDHE-RSA-AES128 -G -v 2 -l ECDHE-RSA-AES128-SHA --2 # client DTLSv1.1 ECDHE-RSA-AES128 -G -v 2 -l ECDHE-RSA-AES128-SHA --2 # server DTLSv1.1 ECDHE-RSA-AES256 -G -v 2 -l ECDHE-RSA-AES256-SHA --2 # client DTLSv1.1 ECDHE-RSA-AES256 -G -v 2 -l ECDHE-RSA-AES256-SHA --2 # server DTLSv1.2 ECDHE-RSA-RC4 -G -v 3 -l ECDHE-RSA-RC4-SHA --2 # client DTLSv1.2 ECDHE-RSA-RC4 -G -v 3 -l ECDHE-RSA-RC4-SHA --2 # server DTLSv1.2 ECDHE-RSA-DES3 -G -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # client DTLSv1.2 ECDHE-RSA-DES3 -G -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # server DTLSv1.2 ECDHE-RSA-AES128 -G -v 3 -l ECDHE-RSA-AES128-SHA --2 # client DTLSv1.2 ECDHE-RSA-AES128 -G -v 3 -l ECDHE-RSA-AES128-SHA --2 # server DTLSv1.2 ECDHE-RSA-AES128-SHA256 -G -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # client DTLSv1.2 ECDHE-RSA-AES128-SHA256 -G -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # server DTLSv1.2 ECDHE-RSA-AES256 -G -v 3 -l ECDHE-RSA-AES256-SHA --2 # client DTLSv1.2 ECDHE-RSA-AES256 -G -v 3 -l ECDHE-RSA-AES256-SHA --2 # server TLSv1 ECDHE-ECDSA-NULL-SHA -G @@ -427,14 +359,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -G -v 1 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-NULL-SHA -G @@ -442,14 +372,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -G -v 2 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-NULL-SHA -G @@ -457,14 +385,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-NULL-SHA -G -v 3 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-EDCSA-RC4 -G @@ -472,14 +398,12 @@ -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-RC4 -G -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-DES3 -G @@ -487,14 +411,12 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-DES3 -G -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-AES128 -G @@ -502,14 +424,12 @@ -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-AES128 -G -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-AES256 -G @@ -517,14 +437,12 @@ -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-AES256 -G -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-RC4 -G @@ -532,14 +450,12 @@ -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-RC4 -G -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-DES3 -G @@ -547,14 +463,12 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-DES3 -G -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128 -G @@ -562,14 +476,12 @@ -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128 -G -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 -G @@ -577,14 +489,12 @@ -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 -G -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256 -G @@ -592,14 +502,12 @@ -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256 -G -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-RSA-RC4 -G @@ -607,13 +515,11 @@ -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-RC4 -G -v 2 -l ECDH-RSA-RC4-SHA --2 # server DTLSv1.1 ECDH-RSA-DES3 -G @@ -621,13 +527,11 @@ -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-DES3 -G -v 2 -l ECDH-RSA-DES-CBC3-SHA --2 # server DTLSv1.1 ECDH-RSA-AES128 -G @@ -635,13 +539,11 @@ -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-AES128 -G -v 2 -l ECDH-RSA-AES128-SHA --2 # server DTLSv1.1 ECDH-RSA-AES256 -G @@ -649,13 +551,11 @@ -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-AES256 -G -v 2 -l ECDH-RSA-AES256-SHA --2 # server DTLSv1.2 ECDH-RSA-RC4 -G @@ -663,13 +563,11 @@ -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-RC4 -G -v 3 -l ECDH-RSA-RC4-SHA --2 # server DTLSv1.2 ECDH-RSA-DES3 -G @@ -677,13 +575,11 @@ -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-DES3 -G -v 3 -l ECDH-RSA-DES-CBC3-SHA --2 # server DTLSv1.2 ECDH-RSA-AES128 -G @@ -691,13 +587,11 @@ -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128 -G -v 3 -l ECDH-RSA-AES128-SHA --2 # server DTLSv1.2 ECDH-RSA-AES128-SHA256 -G @@ -705,13 +599,11 @@ -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128-SHA256 -G -v 3 -l ECDH-RSA-AES128-SHA256 --2 # server DTLSv1.2 ECDH-RSA-AES256 -G @@ -719,13 +611,11 @@ -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256 -G -v 3 -l ECDH-RSA-AES256-SHA --2 # server DTLSv1.1 ECDH-EDCSA-RC4 -G @@ -733,14 +623,12 @@ -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-RC4 -G -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-ECDSA-DES3 -G @@ -748,14 +636,12 @@ -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-DES3 -G -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-ECDSA-AES128 -G @@ -763,14 +649,12 @@ -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-AES128 -G -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-ECDSA-AES256 -G @@ -778,14 +662,12 @@ -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-AES256 -G -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-RC4 -G @@ -793,14 +675,12 @@ -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-RC4 -G -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-DES3 -G @@ -808,14 +688,12 @@ -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-DES3 -G -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128 -G @@ -823,14 +701,12 @@ -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128 -G -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -G @@ -838,14 +714,12 @@ -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -G -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES256 -G @@ -853,26 +727,22 @@ -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256 -G -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-RSA-AES256-SHA384 -G -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-SHA384 -G -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 -G @@ -880,14 +750,12 @@ -l ECDHE-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 -G -v 3 -l ECDHE-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-RSA-AES256-SHA384 -G @@ -895,13 +763,11 @@ -l ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256-SHA384 -G -v 3 -l ECDH-RSA-AES256-SHA384 --2 # server DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -G @@ -909,182 +775,156 @@ -l ECDH-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -G -v 3 -l ECDH-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-PSK-AES128-SHA256 -s -G -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1 ECDHE-PSK-AES128-SHA256 -s -G -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -G -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -G -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -G -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -G -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1 ECDHE-PSK-NULL-SHA256 -s -G -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1 ECDHE-PSK-NULL-SHA256 -s -G -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -G -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -G -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -G -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -G -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # server DTLSv1 PSK-AES128 -s -G -v 2 -l PSK-AES128-CBC-SHA --2 # client DTLSv1 PSK-AES128 -s -G -v 2 -l PSK-AES128-CBC-SHA --2 # server DTLSv1 PSK-AES256 -s -G -v 2 -l PSK-AES256-CBC-SHA --2 # client DTLSv1 PSK-AES256 -s -G -v 2 -l PSK-AES256-CBC-SHA --2 # server DTLSv1.2 PSK-AES128 -s -G -v 3 -l PSK-AES128-CBC-SHA --2 # client DTLSv1.2 PSK-AES128 -s -G -v 3 -l PSK-AES128-CBC-SHA --2 # server DTLSv1.2 PSK-AES256 -s -G -v 3 -l PSK-AES256-CBC-SHA --2 # client DTLSv1.2 PSK-AES256 -s -G -v 3 -l PSK-AES256-CBC-SHA --2 # server DTLSv1.2 PSK-AES128-SHA256 -s -G -v 3 -l PSK-AES128-CBC-SHA256 --2 # client DTLSv1.2 PSK-AES128-SHA256 -s -G -v 3 -l PSK-AES128-CBC-SHA256 --2 # server DTLSv1.2 PSK-AES256-SHA384 -s -G -v 3 -l PSK-AES256-CBC-SHA384 --2 # client DTLSv1.2 PSK-AES256-SHA384 -s -G -v 3 -l PSK-AES256-CBC-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -G @@ -1092,14 +932,12 @@ -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -G -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -G @@ -1107,14 +945,12 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -G -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -G @@ -1122,14 +958,12 @@ -l ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -G -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -G @@ -1137,38 +971,32 @@ -l ECDH-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -G -v 3 -l ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -G -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -G -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -G -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -G -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -G @@ -1176,13 +1004,11 @@ -l ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -G -v 3 -l ECDH-RSA-AES128-GCM-SHA256 --2 # server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -G @@ -1190,41 +1016,35 @@ -l ECDH-RSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -G -v 3 -l ECDH-RSA-AES256-GCM-SHA384 --2 # server DTLSv1.2 PSK-AES128-GCM-SHA256 -G -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # client DTLSv1.2 PSK-AES128-GCM-SHA256 -G -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # server DTLSv1.2 PSK-AES256-GCM-SHA384 -G -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # client DTLSv1.2 PSK-AES256-GCM-SHA384 -G -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM -G @@ -1232,14 +1052,12 @@ -l ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-CCM -G -v 3 -l ECDHE-ECDSA-AES128-CCM -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -G @@ -1247,14 +1065,12 @@ -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -G -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -G @@ -1262,39 +1078,33 @@ -l ECDHE-ECDSA-AES256-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -G -v 3 -l ECDHE-ECDSA-AES256-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ADH-AES128-SHA -G -a -v 3 -l ADH-AES128-SHA --2 # client DTLSv1.2 ADH-AES128-SHA -G -a -v 3 -l ADH-AES128-SHA --2 # server DTLSv1.0 ADH-AES128-SHA -G -a -v 2 -l ADH-AES128-SHA --2 # client DTLSv1.0 ADH-AES128-SHA -G -a -v 2 -l ADH-AES128-SHA --2 diff --git a/tests/test-sig.conf b/tests/test-sig.conf index 044ce2bf5..680eb3506 100644 --- a/tests/test-sig.conf +++ b/tests/test-sig.conf @@ -3,257 +3,217 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-DES3 -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES256 -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES256 -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-privkey.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l ECDHE-ECDSA-AES128-CCM -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-cert.pem --2 diff --git a/tests/test-tls13-down.conf b/tests/test-tls13-down.conf index f018cc2fe..181b286eb 100644 --- a/tests/test-tls13-down.conf +++ b/tests/test-tls13-down.conf @@ -2,55 +2,43 @@ # server TLSv1.3 downgrade #-v d #-l TLS13-CHACHA20-POLY1305-SHA256 --2 # client TLSv1.2 #-v 3 --2 # server TLSv1.2 -v 3 --2 # client TLSv1.3 downgrade -v d --2 # server TLSv1.3 downgrade -v d --2 # client TLSv1.3 downgrade -v d --2 # server TLSv1.3 downgrade but don't and resume -v d -r --2 # client TLSv1.3 downgrade but don't and resume -v d -r --2 # server TLSv1.3 downgrade and resume -v d -r --2 # client TLSv1.2 and resume -v 3 -r --2 # server TLSv1.2 and resume -v d -r --2 # lcient TLSv1.3 downgrade and resume -v 3 -r --2 diff --git a/tests/test-tls13-ecc.conf b/tests/test-tls13-ecc.conf index 3bc261f6c..3496eab8c 100644 --- a/tests/test-tls13-ecc.conf +++ b/tests/test-tls13-ecc.conf @@ -3,65 +3,55 @@ -l TLS13-CHACHA20-POLY1305-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.3 TLS13-AES256-GCM-SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.3 TLS13-AES256-GCM-SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.3 TLS13-AES128-CCM-SHA256 -v 4 -l TLS13-AES128-CCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.3 TLS13-AES128-CCM-SHA256 -v 4 -l TLS13-AES128-CCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.3 TLS13-AES128-CCM-8-SHA256 -v 4 -l TLS13-AES128-CCM-8-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.3 TLS13-AES128-CCM-8-SHA256 -v 4 -l TLS13-AES128-CCM-8-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 @@ -69,14 +59,12 @@ -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -t --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem -t --2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 @@ -84,11 +72,9 @@ -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -Y --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem -y --2 diff --git a/tests/test-tls13-psk.conf b/tests/test-tls13-psk.conf index 90dec0e17..b8b7e2607 100644 --- a/tests/test-tls13-psk.conf +++ b/tests/test-tls13-psk.conf @@ -3,35 +3,29 @@ -s -l TLS13-AES128-GCM-SHA256 -d --2 # client TLSv1.3 PSK -v 4 -s -l TLS13-AES128-GCM-SHA256 --2 # server TLSv1.3 PSK -v 4 -j -l TLS13-AES128-GCM-SHA256 -d --2 # client TLSv1.3 PSK -v 4 -s -l TLS13-AES128-GCM-SHA256 --2 # server TLSv1.3 PSK -v 4 -j -l TLS13-AES128-GCM-SHA256 -d --2 # client TLSv1.3 not-PSK -v 4 -l TLS13-AES128-GCM-SHA256 --2 diff --git a/tests/test-tls13.conf b/tests/test-tls13.conf index 7445aa8ed..5e07ad3fe 100644 --- a/tests/test-tls13.conf +++ b/tests/test-tls13.conf @@ -1,237 +1,195 @@ # server TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 --2 # client TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 --2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # server TLSv1.3 TLS13-AES256-GCM-SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 --2 # client TLSv1.3 TLS13-AES256-GCM-SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 --2 # server TLSv1.3 TLS13-AES128-CCM-SHA256 -v 4 -l TLS13-AES128-CCM-SHA256 --2 # client TLSv1.3 TLS13-AES128-CCM-SHA256 -v 4 -l TLS13-AES128-CCM-SHA256 --2 # server TLSv1.3 TLS13-AES128-CCM-8-SHA256 -v 4 -l TLS13-AES128-CCM-8-SHA256 --2 # client TLSv1.3 TLS13-AES128-CCM-8-SHA256 -v 4 -l TLS13-AES128-CCM-8-SHA256 --2 # server TLSv1.3 resumption -v 4 -l TLS13-AES128-GCM-SHA256 -r --2 # client TLSv1.3 resumption -v 4 -l TLS13-AES128-GCM-SHA256 -r --2 # server TLSv1.3 resumption - SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 -r --2 # client TLSv1.3 resumption - SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 -r --2 # server TLSv1.3 PSK without (EC)DHE -v 4 -l TLS13-AES128-GCM-SHA256 -r --2 # client TLSv1.3 PSK without (EC)DHE -v 4 -l TLS13-AES128-GCM-SHA256 -r -K --2 # server TLSv1.3 accepting EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 --2 # client TLSv1.3 sending EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 --2 # server TLSv1.3 not accepting EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r --2 # client TLSv1.3 sending EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 --2 # server TLSv1.3 accepting EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 --2 # client TLSv1.3 not sending EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 Fragments -v 4 -l TLS13-AES128-GCM-SHA256 -F 1 --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 HelloRetryRequest to negotiate Key Exchange algorithm -v 4 -l TLS13-AES128-GCM-SHA256 -J --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 -J --2 # client TLSv1.3 HelloRetryRequest with cookie -v 4 -l TLS13-AES128-GCM-SHA256 -J --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 no client certificate -v 4 -l TLS13-AES128-GCM-SHA256 -x --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 DH key exchange -v 4 -l TLS13-AES128-GCM-SHA256 -y --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 ECC key exchange -v 4 -l TLS13-AES128-GCM-SHA256 -Y --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 ECC key exchange -v 4 -l TLS13-AES128-GCM-SHA256 -Y --2 # server TLSv1.3 multiple cipher suites -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 --2 # client TLSv1.3 -v 4 --2 # server TLSv1.3 KeyUpdate -v 4 -l TLS13-AES128-GCM-SHA256 -U --2 # client TLSv1.3 KeyUpdate -v 4 -l TLS13-AES128-GCM-SHA256 -I --2 # server TLSv1.3 Post-Handshake Authentication -v 4 -l TLS13-AES128-GCM-SHA256 -Q --2 # client TLSv1.3 Post-Handshake Authentication -v 4 -l TLS13-AES128-GCM-SHA256 -Q --2 diff --git a/tests/test-trustpeer.conf b/tests/test-trustpeer.conf new file mode 100644 index 000000000..c8df70416 --- /dev/null +++ b/tests/test-trustpeer.conf @@ -0,0 +1,99 @@ +# Both client and server use -E [path] for trusted peer +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Trusted Peer +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-E ./certs/intermediate/client-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Trusted Peer +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-E ./certs/intermediate/server-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Trusted Peer +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-E ./certs/intermediate/client-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Trusted Peer +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-E ./certs/intermediate/server-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Trusted Peer +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-E ./certs/intermediate/client-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Trusted Peer +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-E ./certs/intermediate/server-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Trusted Peer +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/intermediate/client-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Trusted Peer +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/intermediate/server-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Trusted Peer +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/intermediate/client-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Trusted Peer +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/intermediate/server-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# Test for ECC self signed certificate as trusted peer +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Trusted Peer (self signed) +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-E ./certs/client-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/server-ecc-self.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Trusted Peer (self signed) +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-E ./certs/server-ecc-self.pem +-k ./certs/ecc-client-key.pem +-c ./certs/client-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Trusted Peer (self signed) +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/client-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/server-ecc-self.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Trusted Peer (self signed) +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/server-ecc-self.pem +-k ./certs/ecc-client-key.pem +-c ./certs/client-ecc-cert.pem diff --git a/tests/test.conf b/tests/test.conf index b3ccf704d..faad62e6e 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -1,2562 +1,2082 @@ # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 PSK-CHACHA20-POLY1305 -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 PSK-CHACHA20-POLY1305 -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # client TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem --2 # server SSLv3 RC4-SHA -v 0 -l RC4-SHA --2 # client SSLv3 RC4-SHA -v 0 -l RC4-SHA --2 # server SSLv3 RC4-MD5 -v 0 -l RC4-MD5 --2 # client SSLv3 RC4-MD5 -v 0 -l RC4-MD5 --2 # server SSLv3 DES-CBC3-SHA -v 0 -l DES-CBC3-SHA --2 # client SSLv3 DES-CBC3-SHA -v 0 -l DES-CBC3-SHA --2 # server SSLv3 IDEA-CBC-SHA -v 0 -l IDEA-CBC-SHA --2 # client SSLv3 IDEA-CBC-SHA -v 0 -l IDEA-CBC-SHA --2 # server TLSv1 RC4-SHA -v 1 -l RC4-SHA --2 # client TLSv1 RC4-SHA -v 1 -l RC4-SHA --2 # server TLSv1 RC4-MD5 -v 1 -l RC4-MD5 --2 # client TLSv1 RC4-MD5 -v 1 -l RC4-MD5 --2 # server TLSv1 DES-CBC3-SHA -v 1 -l DES-CBC3-SHA --2 # client TLSv1 DES-CBC3-SHA -v 1 -l DES-CBC3-SHA --2 # server TLSv1 IDEA-CBC-SHA -v 1 -l IDEA-CBC-SHA --2 # client TLSv1 IDEA-CBC-SHA -v 1 -l IDEA-CBC-SHA --2 # server TLSv1 AES128-SHA -v 1 -l AES128-SHA --2 # client TLSv1 AES128-SHA -v 1 -l AES128-SHA --2 # server TLSv1 AES256-SHA -v 1 -l AES256-SHA --2 # client TLSv1 AES256-SHA -v 1 -l AES256-SHA --2 # server TLSv1 AES128-SHA256 -v 1 -l AES128-SHA256 --2 # client TLSv1 AES128-SHA256 -v 1 -l AES128-SHA256 --2 # server TLSv1 AES256-SHA256 -v 1 -l AES256-SHA256 --2 # client TLSv1 AES256-SHA256 -v 1 -l AES256-SHA256 --2 # server TLSv1.1 RC4-SHA -v 2 -l RC4-SHA --2 # client TLSv1.1 RC4-SHA -v 2 -l RC4-SHA --2 # server TLSv1.1 RC4-MD5 -v 2 -l RC4-MD5 --2 # client TLSv1.1 RC4-MD5 -v 2 -l RC4-MD5 --2 # server TLSv1.1 IDEA-CBC-SHA -v 2 -l IDEA-CBC-SHA --2 # client TLSv1.1 IDEA-CBC-SHA -v 2 -l IDEA-CBC-SHA --2 # server TLSv1.1 DES-CBC3-SHA -v 2 -l DES-CBC3-SHA --2 # client TLSv1.1 DES-CBC3-SHA -v 2 -l DES-CBC3-SHA --2 # server TLSv1.1 AES128-SHA -v 2 -l AES128-SHA --2 # client TLSv1.1 AES128-SHA -v 2 -l AES128-SHA --2 # server TLSv1.1 AES256-SHA -v 2 -l AES256-SHA --2 # client TLSv1.1 AES256-SHA -v 2 -l AES256-SHA --2 # server TLSv1.1 AES128-SHA256 -v 2 -l AES128-SHA256 --2 # client TLSv1.1 AES128-SHA256 -v 2 -l AES128-SHA256 --2 # server TLSv1.1 AES256-SHA256 -v 2 -l AES256-SHA256 --2 # client TLSv1.1 AES256-SHA256 -v 2 -l AES256-SHA256 --2 # server TLSv1.2 RC4-SHA -v 3 -l RC4-SHA --2 # client TLSv1.2 RC4-SHA -v 3 -l RC4-SHA --2 # server TLSv1.2 RC4-MD5 -v 3 -l RC4-MD5 --2 # client TLSv1.2 RC4-MD5 -v 3 -l RC4-MD5 --2 # server TLSv1.2 DES-CBC3-SHA -v 3 -l DES-CBC3-SHA --2 # client TLSv1.2 DES-CBC3-SHA -v 3 -l DES-CBC3-SHA --2 # server TLSv1.2 AES128-SHA -v 3 -l AES128-SHA --2 # client TLSv1.2 AES128-SHA -v 3 -l AES128-SHA --2 # server TLSv1.2 AES256-SHA -v 3 -l AES256-SHA --2 # client TLSv1.2 AES256-SHA -v 3 -l AES256-SHA --2 # server TLSv1.2 AES128-SHA256 -v 3 -l AES128-SHA256 --2 # client TLSv1.2 AES128-SHA256 -v 3 -l AES128-SHA256 --2 # server TLSv1.2 AES256-SHA256 -v 3 -l AES256-SHA256 --2 # client TLSv1.2 AES256-SHA256 -v 3 -l AES256-SHA256 --2 # server TLSv1 ECDHE-RSA-RC4 -v 1 -l ECDHE-RSA-RC4-SHA --2 # client TLSv1 ECDHE-RSA-RC4 -v 1 -l ECDHE-RSA-RC4-SHA --2 # server TLSv1 ECDHE-RSA-DES3 -v 1 -l ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1 ECDHE-RSA-DES3 -v 1 -l ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1 ECDHE-RSA-AES128 -v 1 -l ECDHE-RSA-AES128-SHA --2 # client TLSv1 ECDHE-RSA-AES128 -v 1 -l ECDHE-RSA-AES128-SHA --2 # server TLSv1 ECDHE-RSA-AES256 -v 1 -l ECDHE-RSA-AES256-SHA --2 # client TLSv1 ECDHE-RSA-AES256 -v 1 -l ECDHE-RSA-AES256-SHA --2 # server TLSv1.1 ECDHE-RSA-RC4 -v 2 -l ECDHE-RSA-RC4-SHA --2 # client TLSv1.1 ECDHE-RSA-RC4 -v 2 -l ECDHE-RSA-RC4-SHA --2 # server TLSv1.1 ECDHE-RSA-DES3 -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1.1 ECDHE-RSA-DES3 -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1.1 ECDHE-RSA-AES128 -v 2 -l ECDHE-RSA-AES128-SHA --2 # client TLSv1.1 ECDHE-RSA-AES128 -v 2 -l ECDHE-RSA-AES128-SHA --2 # server TLSv1.1 ECDHE-RSA-AES256 -v 2 -l ECDHE-RSA-AES256-SHA --2 # client TLSv1.1 ECDHE-RSA-AES256 -v 2 -l ECDHE-RSA-AES256-SHA --2 # server TLSv1.2 ECDHE-RSA-RC4 -v 3 -l ECDHE-RSA-RC4-SHA --2 # client TLSv1.2 ECDHE-RSA-RC4 -v 3 -l ECDHE-RSA-RC4-SHA --2 # server TLSv1.2 ECDHE-RSA-DES3 -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1.2 ECDHE-RSA-DES3 -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1.2 ECDHE-RSA-AES128 -v 3 -l ECDHE-RSA-AES128-SHA --2 # client TLSv1.2 ECDHE-RSA-AES128 -v 3 -l ECDHE-RSA-AES128-SHA --2 # server TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # client TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # server TLSv1.2 ECDHE-RSA-AES256 -v 3 -l ECDHE-RSA-AES256-SHA --2 # client TLSv1.2 ECDHE-RSA-AES256 -v 3 -l ECDHE-RSA-AES256-SHA --2 # server TLSv1 ECDHE-ECDSA-NULL-SHA -v 1 -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -v 1 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-NULL-SHA -v 2 -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -v 2 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-NULL-SHA -v 3 -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-NULL-SHA -v 3 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-RC4 -v 1 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-RC4 -v 1 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-DES3 -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-DES3 -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES256 -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES256 -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-EDCSA-RC4 -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-RC4 -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-RSA-RC4 -v 1 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-RC4 -v 1 -l ECDH-RSA-RC4-SHA --2 # server TLSv1 ECDH-RSA-DES3 -v 1 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-DES3 -v 1 -l ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1 ECDH-RSA-AES128 -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-AES128 -v 1 -l ECDH-RSA-AES128-SHA --2 # server TLSv1 ECDH-RSA-AES256 -v 1 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-AES256 -v 1 -l ECDH-RSA-AES256-SHA --2 # server TLSv1.1 ECDH-RSA-RC4 -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-RC4 -v 2 -l ECDH-RSA-RC4-SHA --2 # server TLSv1.1 ECDH-RSA-DES3 -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-DES3 -v 2 -l ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1.1 ECDH-RSA-AES128 -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-AES128 -v 2 -l ECDH-RSA-AES128-SHA --2 # server TLSv1.1 ECDH-RSA-AES256 -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-AES256 -v 2 -l ECDH-RSA-AES256-SHA --2 # server TLSv1.2 ECDH-RSA-RC4 -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-RC4 -v 3 -l ECDH-RSA-RC4-SHA --2 # server TLSv1.2 ECDH-RSA-DES3 -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-DES3 -v 3 -l ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1.2 ECDH-RSA-AES128 -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128 -v 3 -l ECDH-RSA-AES128-SHA --2 # server TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l ECDH-RSA-AES128-SHA256 --2 # server TLSv1.2 ECDH-RSA-AES256 -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256 -v 3 -l ECDH-RSA-AES256-SHA --2 # server TLSv1 ECDH-ECDSA-RC4 -v 1 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-RC4 -v 1 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-DES3 -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-DES3 -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-AES128 -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-AES128 -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-AES256 -v 1 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-AES256 -v 1 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-EDCSA-RC4 -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-RC4 -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-DES3 -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-DES3 -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-AES256 -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-AES256 -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-RC4 -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-DES3 -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-DES3 -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l ECDHE-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l ECDHE-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l ECDH-RSA-AES256-SHA384 --2 # server TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l ECDH-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l ECDH-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 HC128-SHA -v 1 -l HC128-SHA --2 # client TLSv1 HC128-SHA -v 1 -l HC128-SHA --2 # server TLSv1 HC128-MD5 -v 1 -l HC128-MD5 --2 # client TLSv1 HC128-MD5 -v 1 -l HC128-MD5 --2 # server TLSv1 HC128-B2B256 -v 1 -l HC128-B2B256 --2 # client TLSv1 HC128-B2B256 -v 1 -l HC128-B2B256 --2 # server TLSv1 AES128-B2B256 -v 1 -l AES128-B2B256 --2 # client TLSv1 AES128-B2B256 -v 1 -l AES128-B2B256 --2 # server TLSv1 AES256-B2B256 -v 1 -l AES256-B2B256 --2 # client TLSv1 AES256-B2B256 -v 1 -l AES256-B2B256 --2 # server TLSv1.1 HC128-SHA -v 2 -l HC128-SHA --2 # client TLSv1.1 HC128-SHA -v 2 -l HC128-SHA --2 # server TLSv1.1 HC128-MD5 -v 2 -l HC128-MD5 --2 # client TLSv1.1 HC128-MD5 -v 2 -l HC128-MD5 --2 # server TLSv1.1 HC128-B2B256 -v 2 -l HC128-B2B256 --2 # client TLSv1.1 HC128-B2B256 -v 2 -l HC128-B2B256 --2 # server TLSv1.1 AES128-B2B256 -v 2 -l AES128-B2B256 --2 # client TLSv1.1 AES128-B2B256 -v 2 -l AES128-B2B256 --2 # server TLSv1.1 AES256-B2B256 -v 2 -l AES256-B2B256 --2 # client TLSv1.1 AES256-B2B256 -v 2 -l AES256-B2B256 --2 # server TLSv1.2 HC128-SHA -v 3 -l HC128-SHA --2 # client TLSv1.2 HC128-SHA -v 3 -l HC128-SHA --2 # server TLSv1.2 HC128-MD5 -v 3 -l HC128-MD5 --2 # client TLSv1.2 HC128-MD5 -v 3 -l HC128-MD5 --2 # server TLSv1.2 HC128-B2B256 -v 3 -l HC128-B2B256 --2 # client TLSv1.2 HC128-B2B256 -v 3 -l HC128-B2B256 --2 # server TLSv1.2 AES128-B2B256 -v 3 -l AES128-B2B256 --2 # client TLSv1.2 AES128-B2B256 -v 3 -l AES128-B2B256 --2 # server TLSv1.2 AES256-B2B256 -v 3 -l AES256-B2B256 --2 # client TLSv1.2 AES256-B2B256 -v 3 -l AES256-B2B256 --2 # server TLSv1 RABBIT-SHA -v 1 -l RABBIT-SHA --2 # client TLSv1 RABBIT-SHA -v 1 -l RABBIT-SHA --2 # server TLSv1.1 RABBIT-SHA -v 2 -l RABBIT-SHA --2 # client TLSv1.1 RABBIT-SHA -v 2 -l RABBIT-SHA --2 # server TLSv1.2 RABBIT-SHA -v 3 -l RABBIT-SHA --2 # client TLSv1.2 RABBIT-SHA -v 3 -l RABBIT-SHA --2 # server TLSv1 DHE AES128 -v 1 -l DHE-RSA-AES128-SHA --2 # client TLSv1 DHE AES128 -v 1 -l DHE-RSA-AES128-SHA --2 # server TLSv1 DHE AES256 -v 1 -l DHE-RSA-AES256-SHA --2 # client TLSv1 DHE AES256 -v 1 -l DHE-RSA-AES256-SHA --2 # server TLSv1 DHE AES128-SHA256 -v 1 -l DHE-RSA-AES128-SHA256 --2 # client TLSv1 DHE AES128-SHA256 -v 1 -l DHE-RSA-AES128-SHA256 --2 # server TLSv1 DHE AES256-SHA256 -v 1 -l DHE-RSA-AES256-SHA256 --2 # client TLSv1 DHE AES256-SHA256 -v 1 -l DHE-RSA-AES256-SHA256 --2 # server TLSv1.1 DHE AES128 -v 2 -l DHE-RSA-AES128-SHA --2 # client TLSv1.1 DHE AES128 -v 2 -l DHE-RSA-AES128-SHA --2 # server TLSv1.1 DHE AES256 -v 2 -l DHE-RSA-AES256-SHA --2 # client TLSv1.1 DHE AES256 -v 2 -l DHE-RSA-AES256-SHA --2 # server TLSv1.1 DHE AES128-SHA256 -v 2 -l DHE-RSA-AES128-SHA256 --2 # client TLSv1.1 DHE AES128-SHA256 -v 2 -l DHE-RSA-AES128-SHA256 --2 # server TLSv1.1 DHE AES256-SHA256 -v 2 -l DHE-RSA-AES256-SHA256 --2 # client TLSv1.1 DHE AES256-SHA256 -v 2 -l DHE-RSA-AES256-SHA256 --2 # server TLSv1.1 DHE 3DES -v 2 -l EDH-RSA-DES-CBC3-SHA --2 # client TLSv1.1 DHE 3DES -v 2 -l EDH-RSA-DES-CBC3-SHA --2 # server TLSv1.2 DHE 3DES -v 3 -l EDH-RSA-DES-CBC3-SHA --2 # client TLSv1.2 DHE 3DES -v 3 -l EDH-RSA-DES-CBC3-SHA --2 - -# server TLSv1.2 DHE AES128 (DHE prime test) --v 3 --l DHE-RSA-AES128-SHA - -# client TLSv1.2 DHE AES128 (DHE prime test) --v 3 --l DHE-RSA-AES128-SHA # server TLSv1.2 DHE AES128 -v 3 -l DHE-RSA-AES128-SHA --2 # client TLSv1.2 DHE AES128 -v 3 -l DHE-RSA-AES128-SHA --2 # server TLSv1.2 DHE AES256 -v 3 -l DHE-RSA-AES256-SHA --2 # client TLSv1.2 DHE AES256 -v 3 -l DHE-RSA-AES256-SHA --2 # server TLSv1.2 DHE AES128-SHA256 -v 3 -l DHE-RSA-AES128-SHA256 --2 # client TLSv1.2 DHE AES128-SHA256 -v 3 -l DHE-RSA-AES128-SHA256 --2 - -# server TLSv1.2 DHE AES256-SHA256 (DHE prime test) --v 3 --l DHE-RSA-AES256-SHA256 - -# client TLSv1.2 DHE AES256-SHA256 (DHE prime test) --v 3 --l DHE-RSA-AES256-SHA256 # server TLSv1.2 DHE AES256-SHA256 -v 3 -l DHE-RSA-AES256-SHA256 --2 # client TLSv1.2 DHE AES256-SHA256 -v 3 -l DHE-RSA-AES256-SHA256 --2 # server TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1 PSK-AES128 -s -v 1 -l PSK-AES128-CBC-SHA --2 # client TLSv1 PSK-AES128 -s -v 1 -l PSK-AES128-CBC-SHA --2 # server TLSv1 PSK-AES256 -s -v 1 -l PSK-AES256-CBC-SHA --2 # client TLSv1 PSK-AES256 -s -v 1 -l PSK-AES256-CBC-SHA --2 # server TLSv1.1 PSK-AES128 -s -v 2 -l PSK-AES128-CBC-SHA --2 # client TLSv1.1 PSK-AES128 -s -v 2 -l PSK-AES128-CBC-SHA --2 # server TLSv1.1 PSK-AES256 -s -v 2 -l PSK-AES256-CBC-SHA --2 # client TLSv1.1 PSK-AES256 -s -v 2 -l PSK-AES256-CBC-SHA --2 # server TLSv1.2 PSK-AES128 -s -v 3 -l PSK-AES128-CBC-SHA --2 # client TLSv1.2 PSK-AES128 -s -v 3 -l PSK-AES128-CBC-SHA --2 # server TLSv1.2 PSK-AES256 -s -v 3 -l PSK-AES256-CBC-SHA --2 # client TLSv1.2 PSK-AES256 -s -v 3 -l PSK-AES256-CBC-SHA --2 # server TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l PSK-AES128-CBC-SHA256 --2 # client TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l PSK-AES128-CBC-SHA256 --2 # server TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l PSK-AES128-CBC-SHA256 --2 # client TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l PSK-AES128-CBC-SHA256 --2 # server TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l PSK-AES128-CBC-SHA256 --2 # client TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l PSK-AES128-CBC-SHA256 --2 # server TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l PSK-AES256-CBC-SHA384 --2 # client TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l PSK-AES256-CBC-SHA384 --2 # server TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l PSK-AES256-CBC-SHA384 --2 # client TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l PSK-AES256-CBC-SHA384 --2 # server TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l PSK-AES256-CBC-SHA384 --2 # client TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l PSK-AES256-CBC-SHA384 --2 # server TLSv1.0 PSK-NULL -s -v 1 -l PSK-NULL-SHA --2 # client TLSv1.0 PSK-NULL -s -v 1 -l PSK-NULL-SHA --2 # server TLSv1.1 PSK-NULL -s -v 2 -l PSK-NULL-SHA --2 # client TLSv1.1 PSK-NULL -s -v 2 -l PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL -s -v 3 -l PSK-NULL-SHA --2 # client TLSv1.2 PSK-NULL -s -v 3 -l PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l PSK-NULL-SHA256 --2 # client TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l PSK-NULL-SHA256 --2 # server TLSv1.2 PSK-NULL-SHA384 -s -v 3 -l PSK-NULL-SHA384 --2 # client TLSv1.2 PSK-NULL-SHA384 -s -v 3 -l PSK-NULL-SHA384 --2 # server TLSv1.2 PSK-NULL -s -v 3 -l PSK-NULL-SHA --2 # client TLSv1.2 PSK-NULL -s -v 3 -l PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l PSK-NULL-SHA256 --2 # client TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l PSK-NULL-SHA256 --2 # server TLSv1.0 RSA-NULL-SHA -v 1 -l NULL-SHA --2 # client TLSv1.0 RSA-NULL-SHA -v 1 -l NULL-SHA --2 # server TLSv1.1 RSA-NULL-SHA -v 2 -l NULL-SHA --2 # client TLSv1.1 RSA-NULL-SHA -v 2 -l NULL-SHA --2 # server TLSv1.2 RSA-NULL-SHA -v 3 -l NULL-SHA --2 # client TLSv1.2 RSA-NULL-SHA -v 3 -l NULL-SHA --2 # server TLSv1.0 RSA-NULL-SHA256 -v 1 -l NULL-SHA256 --2 # client TLSv1.0 RSA-NULL-SHA256 -v 1 -l NULL-SHA256 --2 # server TLSv1.1 RSA-NULL-SHA256 -v 2 -l NULL-SHA256 --2 # client TLSv1.1 RSA-NULL-SHA256 -v 2 -l NULL-SHA256 --2 # server TLSv1.2 RSA-NULL-SHA256 -v 3 -l NULL-SHA256 --2 # client TLSv1.2 RSA-NULL-SHA256 -v 3 -l NULL-SHA256 --2 # server TLSv1 CAMELLIA128-SHA -v 1 -l CAMELLIA128-SHA --2 # client TLSv1 CAMELLIA128-SHA -v 1 -l CAMELLIA128-SHA --2 # server TLSv1 CAMELLIA256-SHA -v 1 -l CAMELLIA256-SHA --2 # client TLSv1 CAMELLIA256-SHA -v 1 -l CAMELLIA256-SHA --2 # server TLSv1 CAMELLIA128-SHA256 -v 1 -l CAMELLIA128-SHA256 --2 # client TLSv1 CAMELLIA128-SHA256 -v 1 -l CAMELLIA128-SHA256 --2 # server TLSv1 CAMELLIA256-SHA256 -v 1 -l CAMELLIA256-SHA256 --2 # client TLSv1 CAMELLIA256-SHA256 -v 1 -l CAMELLIA256-SHA256 --2 # server TLSv1.1 CAMELLIA128-SHA -v 2 -l CAMELLIA128-SHA --2 # client TLSv1.1 CAMELLIA128-SHA -v 2 -l CAMELLIA128-SHA --2 # server TLSv1.1 CAMELLIA256-SHA -v 2 -l CAMELLIA256-SHA --2 # client TLSv1.1 CAMELLIA256-SHA -v 2 -l CAMELLIA256-SHA --2 # server TLSv1.1 CAMELLIA128-SHA256 -v 2 -l CAMELLIA128-SHA256 --2 # client TLSv1.1 CAMELLIA128-SHA256 -v 2 -l CAMELLIA128-SHA256 --2 # server TLSv1.1 CAMELLIA256-SHA256 -v 2 -l CAMELLIA256-SHA256 --2 # client TLSv1.1 CAMELLIA256-SHA256 -v 2 -l CAMELLIA256-SHA256 --2 # server TLSv1.2 CAMELLIA128-SHA -v 3 -l CAMELLIA128-SHA --2 # client TLSv1.2 CAMELLIA128-SHA -v 3 -l CAMELLIA128-SHA --2 # server TLSv1.2 CAMELLIA256-SHA -v 3 -l CAMELLIA256-SHA --2 # client TLSv1.2 CAMELLIA256-SHA -v 3 -l CAMELLIA256-SHA --2 # server TLSv1.2 CAMELLIA128-SHA256 -v 3 -l CAMELLIA128-SHA256 --2 # client TLSv1.2 CAMELLIA128-SHA256 -v 3 -l CAMELLIA128-SHA256 --2 # server TLSv1.2 CAMELLIA256-SHA256 -v 3 -l CAMELLIA256-SHA256 --2 # client TLSv1.2 CAMELLIA256-SHA256 -v 3 -l CAMELLIA256-SHA256 --2 # server TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 -l DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 -l DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 -l DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 -l DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 -l DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 -l DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 -l DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 -l DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 -l DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 -l DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 -l DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 -l DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 -l DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 -l DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 -l DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 -l DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 -l DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 -l DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 -l DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 -l DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 -l DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 -l DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 -l DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 -l DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l AES128-GCM-SHA256 --2 # client TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l AES128-GCM-SHA256 --2 # server TLSv1.2 RSA-AES256-GCM-SHA384 -v 3 -l AES256-GCM-SHA384 --2 # client TLSv1.2 RSA-AES256-GCM-SHA384 -v 3 -l AES256-GCM-SHA384 --2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDH-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l ECDH-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -v 3 -l ECDH-RSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -v 3 -l ECDH-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l DHE-RSA-AES128-GCM-SHA256 --2 # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l DHE-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # client TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # server TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # client TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # server TLSv1.2 AES128-CCM-8 -v 3 -l AES128-CCM-8 --2 # client TLSv1.2 AES128-CCM-8 -v 3 -l AES128-CCM-8 --2 # server TLSv1.2 AES256-CCM-8 -v 3 -l AES256-CCM-8 --2 # client TLSv1.2 AES256-CCM-8 -v 3 -l AES256-CCM-8 --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l ECDHE-ECDSA-AES128-CCM -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -v 3 -l ECDHE-ECDSA-AES256-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -v 3 -l ECDHE-ECDSA-AES256-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 PSK-AES128-CCM -s -v 3 -l PSK-AES128-CCM --2 # client TLSv1.2 PSK-AES128-CCM -s -v 3 -l PSK-AES128-CCM --2 # server TLSv1.2 PSK-AES256-CCM -s -v 3 -l PSK-AES256-CCM --2 # client TLSv1.2 PSK-AES256-CCM -s -v 3 -l PSK-AES256-CCM --2 # server TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l PSK-AES128-CCM-8 --2 # client TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l PSK-AES128-CCM-8 --2 # server TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l PSK-AES256-CCM-8 --2 # client TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l PSK-AES256-CCM-8 --2 # server TLSv1.0 DHE-PSK-AES128-CBC-SHA256 -s -v 1 -l DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.0 DHE-PSK-AES128-CBC-SHA256 -s -v 1 -l DHE-PSK-AES128-CBC-SHA256 --2 # server TLSv1.1 DHE-PSK-AES128-CBC-SHA256 -s -v 2 -l DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.1 DHE-PSK-AES128-CBC-SHA256 -s -v 2 -l DHE-PSK-AES128-CBC-SHA256 --2 - -# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) --s --v 3 --l DHE-PSK-AES128-CBC-SHA256 - -# client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) --s --v 3 --l DHE-PSK-AES128-CBC-SHA256 # server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 -s -v 3 -l DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 -s -v 3 -l DHE-PSK-AES128-CBC-SHA256 --2 # server TLSv1.0 DHE-PSK-AES256-CBC-SHA384 -s -v 1 -l DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.0 DHE-PSK-AES256-CBC-SHA384 -s -v 1 -l DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.1 DHE-PSK-AES256-CBC-SHA384 -s -v 2 -l DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.1 DHE-PSK-AES256-CBC-SHA384 -s -v 2 -l DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.2 DHE-PSK-AES256-CBC-SHA384 -s -v 3 -l DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.2 DHE-PSK-AES256-CBC-SHA384 -s -v 3 -l DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.0 DHE-PSK-NULL-SHA256 -s -v 1 -l DHE-PSK-NULL-SHA256 --2 # client TLSv1.0 DHE-PSK-NULL-SHA256 -s -v 1 -l DHE-PSK-NULL-SHA256 --2 # server TLSv1.1 DHE-PSK-NULL-SHA256 -s -v 2 -l DHE-PSK-NULL-SHA256 --2 # client TLSv1.1 DHE-PSK-NULL-SHA256 -s -v 2 -l DHE-PSK-NULL-SHA256 --2 # server TLSv1.2 DHE-PSK-NULL-SHA256 -s -v 3 -l DHE-PSK-NULL-SHA256 --2 # client TLSv1.2 DHE-PSK-NULL-SHA256 -s -v 3 -l DHE-PSK-NULL-SHA256 --2 # server TLSv1.0 DHE-PSK-NULL-SHA384 -s -v 1 -l DHE-PSK-NULL-SHA384 --2 # client TLSv1.0 DHE-PSK-NULL-SHA384 -s -v 1 -l DHE-PSK-NULL-SHA384 --2 # server TLSv1.1 DHE-PSK-NULL-SHA384 -s -v 2 -l DHE-PSK-NULL-SHA384 --2 # client TLSv1.1 DHE-PSK-NULL-SHA384 -s -v 2 -l DHE-PSK-NULL-SHA384 --2 # server TLSv1.2 DHE-PSK-NULL-SHA384 -s -v 3 -l DHE-PSK-NULL-SHA384 --2 # client TLSv1.2 DHE-PSK-NULL-SHA384 -s -v 3 -l DHE-PSK-NULL-SHA384 --2 # server TLSv1.2 DHE-PSK-AES128-GCM-SHA256 -s -v 3 -l DHE-PSK-AES128-GCM-SHA256 --2 # client TLSv1.2 DHE-PSK-AES128-GCM-SHA256 -s -v 3 -l DHE-PSK-AES128-GCM-SHA256 --2 # server TLSv1.2 DHE-PSK-AES256-GCM-SHA384 -s -v 3 -l DHE-PSK-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-PSK-AES256-GCM-SHA384 -s -v 3 -l DHE-PSK-AES256-GCM-SHA384 --2 # server TLSv1.2 DHE-PSK-AES128-CCM -s -v 3 -l DHE-PSK-AES128-CCM --2 # client TLSv1.2 DHE-PSK-AES128-CCM -s -v 3 -l DHE-PSK-AES128-CCM --2 # server TLSv1.2 DHE-PSK-AES256-CCM -s -v 3 -l DHE-PSK-AES256-CCM --2 # client TLSv1.2 DHE-PSK-AES256-CCM -s -v 3 -l DHE-PSK-AES256-CCM --2 # server TLSv1.2 ADH-AES128-SHA -a -v 3 -l ADH-AES128-SHA --2 # client TLSv1.2 ADH-AES128-SHA -a -v 3 -l ADH-AES128-SHA --2 # server TLSv1.1 ADH-AES128-SHA -a -v 2 -l ADH-AES128-SHA --2 # client TLSv1.1 ADH-AES128-SHA -a -v 2 -l ADH-AES128-SHA --2 # server TLSv1.0 ADH-AES128-SHA -a -v 1 -l ADH-AES128-SHA --2 # client TLSv1.0 ADH-AES128-SHA -a -v 1 -l ADH-AES128-SHA --2 # server TLSv1.2 ADH-AES256-GCM-SHA384 -a -v 3 -l ADH-AES256-GCM-SHA384 --2 # client TLSv1.2 ADH-AES256-GCM-SHA384 -a -v 3 -l ADH-AES256-GCM-SHA384 --2 # server TLSv1.1 ADH-AES256-GCM-SHA384 -a -v 2 -l ADH-AES256-GCM-SHA384 --2 # client TLSv1.1 ADH-AES256-GCM-SHA384 -a -v 2 -l ADH-AES256-GCM-SHA384 --2 # server TLSv1.0 ADH-AES256-GCM-SHA384 -a -v 1 -l ADH-AES256-GCM-SHA384 --2 # client TLSv1.0 ADH-AES256-GCM-SHA384 -a -v 1 -l ADH-AES256-GCM-SHA384 --2 # server TLSv1 NTRU_RC4 -v 1 @@ -2564,12 +2084,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_RC4 -v 1 -l NTRU-RC4-SHA --2 # server TLSv1 NTRU_DES3 -v 1 @@ -2577,12 +2095,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_DES3 -v 1 -l NTRU-DES-CBC3-SHA --2 # server TLSv1 NTRU_AES128 -v 1 @@ -2590,12 +2106,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_AES128 -v 1 -l NTRU-AES128-SHA --2 # server TLSv1 NTRU_AES256 -v 1 @@ -2603,12 +2117,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_AES256 -v 1 -l NTRU-AES256-SHA --2 # server TLSv1.1 NTRU_RC4 -v 2 @@ -2616,12 +2128,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_RC4 -v 2 -l NTRU-RC4-SHA --2 # server TLSv1.1 NTRU_DES3 -v 2 @@ -2629,12 +2139,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_DES3 -v 2 -l NTRU-DES-CBC3-SHA --2 # server TLSv1.1 NTRU_AES128 -v 2 @@ -2642,12 +2150,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_AES128 -v 2 -l NTRU-AES128-SHA --2 # server TLSv1.1 NTRU_AES256 -v 2 @@ -2655,12 +2161,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_AES256 -v 2 -l NTRU-AES256-SHA --2 # server TLSv1.2 NTRU_RC4 -v 3 @@ -2668,12 +2172,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_RC4 -v 3 -l NTRU-RC4-SHA --2 # server TLSv1.2 NTRU_DES3 -v 3 @@ -2681,12 +2183,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_DES3 -v 3 -l NTRU-DES-CBC3-SHA --2 # server TLSv1.2 NTRU_AES128 -v 3 @@ -2694,113 +2194,95 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_AES128 -v 3 -l NTRU-AES128-SHA --2 # error going into callback, return ok # server TLSv1.2 verify callback override -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-rsa-badsig.pem --2 # client TLSv1.2 verify callback override -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -j --2 # server TLSv1.2 verify callback override -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-ecc-badsig.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 verify callback override -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem -j --2 # no error going into callback, return ok # server TLSv1.2 verify callback override -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/server-cert.pem --2 # client TLSv1.2 verify callback override -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -j --2 # server TLSv1.2 verify callback override -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 verify callback override -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem -j --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem -t --2 # server TLSv1.2 private-only key -v 3 -c ./certs/ecc-privOnlyCert.pem -k ./certs/ecc-privOnlyKey.pem --2 # client TLSv1.2 private-only key on server -v 3 -d --2 # server TLSv1.2 with fragment -v 3 --2 # client TLSv1.2 with fragment -v 3 -F 1 --2 # server TLSv1.2 RSA 3072-bit DH 3072-bit -v 3 -D certs/dh3072.pem -A certs/client-cert-3072.pem --2 # client TLSv1.2 RSA 3072-bit DH 3072-bit -v 3 -D certs/dh3072.pem -c certs/client-cert-3072.pem -k certs/client-key-3072.pem --2 # server good certificate common name -v 3 @@ -2808,7 +2290,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-goodcn.pem -d --2 # client good certificate common name -v 3 @@ -2817,7 +2298,6 @@ -A ./certs/test/server-goodcn.pem -m -C --2 # server good certificate alt name -v 3 @@ -2825,7 +2305,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-goodalt.pem -d --2 # client good certificate alt name -v 3 @@ -2834,7 +2313,6 @@ -A ./certs/test/server-goodalt.pem -m -C --2 # server good certificate common name wild -v 3 @@ -2842,7 +2320,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-goodcnwild.pem -d --2 # client good certificate common name wild -v 3 @@ -2851,7 +2328,6 @@ -A ./certs/test/server-goodcnwild.pem -m -C --2 # server good certificate alt name wild -v 3 @@ -2859,7 +2335,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-goodaltwild.pem -d --2 # client good certificate alt name wild -v 3 @@ -2868,13 +2343,11 @@ -A ./certs/test/server-goodaltwild.pem -m -C --2 # server CN in alternate names list -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-localhost.pem --2 # client CN in alternate names list -v 3 @@ -2882,18 +2355,15 @@ -h localhost -A ./certs/test/server-localhost.pem -m --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 with user curve (384 or 256) -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -H useSupCurve --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 with P-384 Certs and CA -v 3 @@ -2901,7 +2371,6 @@ -c ./certs/server-ecc384-cert.pem -k ./certs/server-ecc384-key.pem -A ./certs/ca-ecc384-cert.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 with P-384 Certs and CA -v 3 @@ -2909,4 +2378,3 @@ -c ./certs/client-ecc384-cert.pem -k ./certs/client-ecc384-key.pem -A ./certs/ca-ecc384-cert.pem --2 diff --git a/tests/unit.c b/tests/unit.c index 7ac13bc53..f237d17b8 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -82,7 +82,7 @@ int unit_test(int argc, char** argv) #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) #ifndef SINGLE_THREADED - if ( (ret = SuiteTest()) != 0){ + if ( (ret = SuiteTest(argc, argv)) != 0){ printf("suite test failed with %d\n", ret); goto exit; } diff --git a/tests/unit.h b/tests/unit.h index d62e0ee16..b2ec7d1a1 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -91,7 +91,7 @@ void ApiTest(void); -int SuiteTest(void); +int SuiteTest(int argc, char** argv); int HashTest(void); void SrpTest(void);