From 59a3b4a11060b541e241b943ab5d07f1768b72d3 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 21 Dec 2018 09:33:54 -0800 Subject: [PATCH] New tests for cert chains, alternate cert chains, trusted peer certs and DH prime cleanup: * Added ECC and RSA intermediate CA's and server/client chain certificates for testing. * Enhanced suites test to support expected fail arg `-H exitWithRet` in any test .conf file. * Added new `test-altchains.conf` for testing with `WOLFSSL_ALT_CERT_CHAINS` defined. * Added new `test-chains` for testing chains. * Added new `test-dhprime.conf` for DH prime check tests. * Added new `test-trustedpeer.conf` for testing `WOLFSSL_TRUST_PEER_CERT`. * Refactor to add `-2` to disable DH prime check by default (except for new test-dhprime.conf). * Added ability to run a specific test.conf file using syntax like `./tests/unit.test tests/test-altchains.conf`. --- certs/crl/ca-int-ecc.pem | 10 + certs/crl/ca-int.pem | 14 + certs/crl/client-int-ecc.pem | 10 + certs/crl/client-int.pem | 14 + certs/crl/include.am | 9 + certs/crl/server-int-ecc.pem | 10 + certs/crl/server-int.pem | 14 + certs/include.am | 1 + certs/intermediate/ca-int-cert.der | Bin 0 -> 1051 bytes certs/intermediate/ca-int-cert.pem | 83 +++ certs/intermediate/ca-int-ecc-cert.der | Bin 0 -> 661 bytes certs/intermediate/ca-int-ecc-cert.pem | 52 ++ certs/intermediate/ca-int-ecc-key.der | Bin 0 -> 121 bytes certs/intermediate/ca-int-ecc-key.pem | 5 + certs/intermediate/ca-int-key.der | Bin 0 -> 1194 bytes certs/intermediate/ca-int-key.pem | 27 + certs/intermediate/client-chain-alt-ecc.pem | 55 ++ certs/intermediate/client-chain-alt.pem | 71 +++ certs/intermediate/client-chain-ecc.der | Bin 0 -> 1375 bytes certs/intermediate/client-chain-ecc.pem | 33 ++ certs/intermediate/client-chain.der | Bin 0 -> 2153 bytes certs/intermediate/client-chain.pem | 49 ++ certs/intermediate/client-int-cert.der | Bin 0 -> 1102 bytes certs/intermediate/client-int-cert.pem | 88 ++++ certs/intermediate/client-int-ecc-cert.der | Bin 0 -> 714 bytes certs/intermediate/client-int-ecc-cert.pem | 57 +++ certs/intermediate/genintcerts.sh | 293 +++++++++++ certs/intermediate/include.am | 34 ++ certs/intermediate/server-chain-alt-ecc.pem | 59 +++ certs/intermediate/server-chain-alt.pem | 75 +++ certs/intermediate/server-chain-ecc.der | Bin 0 -> 1533 bytes certs/intermediate/server-chain-ecc.pem | 37 ++ certs/intermediate/server-chain.der | Bin 0 -> 2309 bytes certs/intermediate/server-chain.pem | 53 ++ certs/intermediate/server-int-cert.der | Bin 0 -> 1258 bytes certs/intermediate/server-int-cert.pem | 94 ++++ certs/intermediate/server-int-ecc-cert.der | Bin 0 -> 872 bytes certs/intermediate/server-int-ecc-cert.pem | 63 +++ tests/include.am | 6 +- tests/suites.c | 210 +++++--- tests/test-altchains.conf | 212 ++++++++ tests/test-chains.conf | 223 ++++++++ tests/test-dhprime.conf | 25 + tests/test-dtls.conf | 164 ------ tests/test-ed25519.conf | 8 - tests/test-enckeys.conf | 10 - tests/test-fails.conf | 30 -- tests/test-maxfrag-dtls.conf | 36 -- tests/test-maxfrag.conf | 36 -- tests/test-psk-no-id.conf | 54 -- tests/test-psk.conf | 2 - tests/test-qsh.conf | 466 ----------------- tests/test-sctp.conf | 190 ------- tests/test-sig.conf | 40 -- tests/test-tls13-down.conf | 12 - tests/test-tls13-ecc.conf | 14 - tests/test-tls13-psk.conf | 6 - tests/test-tls13.conf | 42 -- tests/test-trustpeer.conf | 99 ++++ tests/test.conf | 532 -------------------- tests/unit.c | 2 +- tests/unit.h | 2 +- 62 files changed, 2018 insertions(+), 1713 deletions(-) create mode 100644 certs/crl/ca-int-ecc.pem create mode 100644 certs/crl/ca-int.pem create mode 100644 certs/crl/client-int-ecc.pem create mode 100644 certs/crl/client-int.pem create mode 100644 certs/crl/server-int-ecc.pem create mode 100644 certs/crl/server-int.pem create mode 100644 certs/intermediate/ca-int-cert.der create mode 100644 certs/intermediate/ca-int-cert.pem create mode 100644 certs/intermediate/ca-int-ecc-cert.der create mode 100644 certs/intermediate/ca-int-ecc-cert.pem create mode 100644 certs/intermediate/ca-int-ecc-key.der create mode 100644 certs/intermediate/ca-int-ecc-key.pem create mode 100644 certs/intermediate/ca-int-key.der create mode 100644 certs/intermediate/ca-int-key.pem create mode 100644 certs/intermediate/client-chain-alt-ecc.pem create mode 100644 certs/intermediate/client-chain-alt.pem create mode 100644 certs/intermediate/client-chain-ecc.der create mode 100644 certs/intermediate/client-chain-ecc.pem create mode 100644 certs/intermediate/client-chain.der create mode 100644 certs/intermediate/client-chain.pem create mode 100644 certs/intermediate/client-int-cert.der create mode 100644 certs/intermediate/client-int-cert.pem create mode 100644 certs/intermediate/client-int-ecc-cert.der create mode 100644 certs/intermediate/client-int-ecc-cert.pem create mode 100755 certs/intermediate/genintcerts.sh create mode 100644 certs/intermediate/include.am create mode 100644 certs/intermediate/server-chain-alt-ecc.pem create mode 100644 certs/intermediate/server-chain-alt.pem create mode 100644 certs/intermediate/server-chain-ecc.der create mode 100644 certs/intermediate/server-chain-ecc.pem create mode 100644 certs/intermediate/server-chain.der create mode 100644 certs/intermediate/server-chain.pem create mode 100644 certs/intermediate/server-int-cert.der create mode 100644 certs/intermediate/server-int-cert.pem create mode 100644 certs/intermediate/server-int-ecc-cert.der create mode 100644 certs/intermediate/server-int-ecc-cert.pem create mode 100644 tests/test-altchains.conf create mode 100644 tests/test-chains.conf create mode 100644 tests/test-dhprime.conf create mode 100644 tests/test-trustpeer.conf diff --git a/certs/crl/ca-int-ecc.pem b/certs/crl/ca-int-ecc.pem new file mode 100644 index 000000000..654cd30cb --- /dev/null +++ b/certs/crl/ca-int-ecc.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBYDCCAQUCAQEwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0x +ODEyMjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBSXHWDD +hyJZm2AfhLSZHIhNv9oebjALBgNVHRQEBAICIAMwCgYIKoZIzj0EAwIDSQAwRgIh +AMrFN7PEk0mtpHWZXJQSaXrc2K2BY/iZ6GlKnbM9G44MAiEA5K9dEKgOX/2VvGlR +YN8aMaQ+Ly9fyMNEnXLR2OOMrBA= +-----END X509 CRL----- diff --git a/certs/crl/ca-int.pem b/certs/crl/ca-int.pem new file mode 100644 index 000000000..d0dd6ce4a --- /dev/null +++ b/certs/crl/ca-int.pem @@ -0,0 +1,14 @@ +-----BEGIN X509 CRL----- +MIICHDCCAQQCAQEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVTMRMwEQYD +VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm +U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRl +cm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4 +MTIyMTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFO9p4PfV +HeaZ7Nxt0PfiuVxkcYM1MAsGA1UdFAQEAgIgADANBgkqhkiG9w0BAQsFAAOCAQEA +d++OmLaoou17s32sU/onSY1+Y9PoqYcKqkjK14srsvnrMe8AS3QDsuF721cg3Ekp +pghG2pmyrvsCB8uaZ5yGE0B7YZ2ZfKjq6IQAQmcMkZ9tVtchmJNGyuB0T8uL8fJE +JsCvI+eAyYTSjgePQC4x9GMunWwRfQ4DWjXIal8f9WNLnRRZl8MKaTk6fuMM+GBt +6QJ1qEEeWWwbTnCqAia4dJ/IJGn7bbxwMAs305zrBE8G17gzh4Q4aj/nt71+oM5e +Jf4XHs2GahUUz29OqiXwsfNfpF9/DHxjTf0UyHjRVV95hdq2QBQNuozVQ/wDiXSH +12py+paDtyfh1Vw3RapYMQ== +-----END X509 CRL----- diff --git a/certs/crl/client-int-ecc.pem b/certs/crl/client-int-ecc.pem new file mode 100644 index 000000000..91315dcbe --- /dev/null +++ b/certs/crl/client-int-ecc.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBXTCCAQICAQEwCgYIKoZIzj0EAwIwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNTTCBDbGllbnQg +Q2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODEy +MjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBTr1EtZa5Vh +P1FXtgRNiUGIRFyr8jALBgNVHRQEBAICIAUwCgYIKoZIzj0EAwIDSQAwRgIhAJn0 +klExhxOHZtOQi45DuNnraKRzWV+V0moXQOvQmP4+AiEAk7Oqvn3Ij3ZhB/V+7VT0 +iPE8ipSUmQbQcZzI7BhT86E= +-----END X509 CRL----- diff --git a/certs/crl/client-int.pem b/certs/crl/client-int.pem new file mode 100644 index 000000000..0acea6861 --- /dev/null +++ b/certs/crl/client-int.pem @@ -0,0 +1,14 @@ +-----BEGIN X509 CRL----- +MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZwxCzAJBgNVBAYTAlVTMRMwEQYD +VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm +U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29sZlNTTCBDbGll +bnQgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MTIy +MTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFDPYRWbXaIcY +flQNcCeRxybXhWXAMAsGA1UdFAQEAgIgAjANBgkqhkiG9w0BAQsFAAOCAQEAefil +VL8oAVmbbtUyF7v7cwZ+3Olt6VuCcevIPYMc8yP7huO21UpkjwrVhr0tru6SA5xO +2I1lUwcyuH49c2H/RVEmS7q75TErYyXl/D209+LidOqPAnVibNWBsNaqQUn11dEM +T+VBC6aiUuLxnslpzWUkmromjh0BI2f1AbYEtRDHlaqZakxiZ4FdXPpnopcO44+T +ZLS2Kj52L6ykB1j70I2HOpZ7C07+MTBLvCV8J0Au1+GNBN1TZSO0dOX8AXLSpS+6 +q3vxJ1nsNYk/P7KdJO8eGYth9pXffKYPzMz0urrnavNd9nO9bR4u89SLepzuedBK +vX+Acp5M8IcAnw4sEA== +-----END X509 CRL----- diff --git a/certs/crl/include.am b/certs/crl/include.am index c5d635df8..4b1034ac3 100644 --- a/certs/crl/include.am +++ b/certs/crl/include.am @@ -14,3 +14,12 @@ EXTRA_DIST += \ EXTRA_DIST += \ certs/crl/crl.revoked + +# Intermediate cert CRL's +EXTRA_DIST += \ + certs/crl/ca-int.pem \ + certs/crl/client-int.pem \ + certs/crl/server-int.pem \ + certs/crl/ca-int-ecc.pem \ + certs/crl/client-int-ecc.pem \ + certs/crl/server-int-ecc.pem diff --git a/certs/crl/server-int-ecc.pem b/certs/crl/server-int-ecc.pem new file mode 100644 index 000000000..c4bedeaa8 --- /dev/null +++ b/certs/crl/server-int-ecc.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBXDCCAQICAQEwCgYIKoZIzj0EAwIwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29sZlNTTCBTZXJ2ZXIg +Q2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0xODEy +MjExNzU0MDFaFw0yMTA5MTYxNzU0MDFaoDAwLjAfBgNVHSMEGDAWgBRdXSbvrH42 ++Zt2FStKJQIj77KJMDALBgNVHRQEBAICIAQwCgYIKoZIzj0EAwIDSAAwRQIgTKmg +a595JJuQ5U4Alhi7p8424/02UoN4WLg9tZiGtfICIQDKtdI2JZuVpTmCtRRo8gZH +H/s5EUrqsIpXoNMdsGO1+w== +-----END X509 CRL----- diff --git a/certs/crl/server-int.pem b/certs/crl/server-int.pem new file mode 100644 index 000000000..ccddf4b4f --- /dev/null +++ b/certs/crl/server-int.pem @@ -0,0 +1,14 @@ +-----BEGIN X509 CRL----- +MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZwxCzAJBgNVBAYTAlVTMRMwEQYD +VQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xm +U1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEdMBsGA1UEAwwUd29sZlNTTCBTZXJ2 +ZXIgQ2hhaW4xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTE4MTIy +MTE3NTQwMFoXDTIxMDkxNjE3NTQwMFqgMDAuMB8GA1UdIwQYMBaAFLMRMsmSmITi +yfjQO24DQsofDo48MAsGA1UdFAQEAgIgATANBgkqhkiG9w0BAQsFAAOCAQEAEhz6 +qLMqvX2s8/nsg2BjT+07Di3f3kkCZqxWtdvoSHg44lQof2F6UuTeKzlBWfTmFLE9 +qZJ8dj6xSMPEnZnRB1z9HvHRKZGDotuSNWCt4BElXP6ZZpQcIFaYUsWUZJ0Zb7LW +/06fuepQTeHrxvwNPD6SF5+dVX7doQ2l2ytkQvGHznrWsQNdB2H9K2tAZTIbkiQA +KcRP1pm1Dt2pZWPbwHws/AcXM4nCIJRUTlo1drHBClDbJB1n/AU8LjX1shX4AUds ++HthMwVmDUjofoXuqzRVyCtfdMH5tgwY//opif+FRXwXjZajx9K+vu68Qa8hI5+9 +sXu6NDs92L2KLfGNmg== +-----END X509 CRL----- diff --git a/certs/include.am b/certs/include.am index 86eb71755..53bcb581c 100644 --- a/certs/include.am +++ b/certs/include.am @@ -100,3 +100,4 @@ include certs/external/include.am include certs/ocsp/include.am include certs/test/include.am include certs/test-pathlen/include.am +include certs/intermediate/include.am diff --git a/certs/intermediate/ca-int-cert.der b/certs/intermediate/ca-int-cert.der new file mode 100644 index 0000000000000000000000000000000000000000..d7c9a71d676c3a0867c558771533eff16b1ae6fc GIT binary patch literal 1051 zcmXqLVi7lJV*0;;nTe5!iAjLLfR~L^tIebBJ1-+6H!Fid;}k<~15P&PP!={}rqEzR z0Ruh|hl7XRH$Sf=F)tA&!p_6)lwXyao0w-PXuuCr!^Oi9oLF9xpI?$;C~P1I65{6J za?Z~yF3l;)%u6?vFc1R?GV}14mzV36=jWsq7w70D=jR&A8_2?)!O18lkeQd3?|`Jh zKu(<3(8AEj$k5Q-)WpCbN}Si&!qCXj49YcVoR8{ksQnx~T;Yku8JT(MCHZ+sE)Pyk zEGfxJg^6(Su!AfM4)!q=F%SZ|k(-CxCABOyC%+&!HLt`_!9Wfq%FH7URj1&YSCU$k zo0^iDSdyyX>`2%LO^iy&Va>?Oz}&>h&tTBR$i>ve$jESbQE{wdlEOKwLW|{7cHeGi zk%^L?=gn((>c`UWyjgdYCn#lUMnmP<&uoEbpN`o2 zoxh!QO|x#Bm|qo%tW7O?+MOEetq|w_^M}>toSRl(k2AU%9mgJ%m?4E%08R<=1%T~?~iuIq!c!r8pwmBm02VV#2Q4@`_ctV4y(!9 zzco(YyyS+g!P6I4!4W7c%*gnkg~Nc2k?}thBLg@Q%kqQ7SeTg@+mK^|8ypji3~^@- z&Iz-vSge}cnz6sbIzuQcE?%iA(ChEUb(;>^EqqcuJ-=K&j%%4+m%?Np`;3G!6< zEsc0`!SzX1{Fw}8+v@wh#=X0^i|&5zldw}m&=D&&NW%_P|Nt00Q>EE#?1*I?$)UDW>0!Q;f(2KzsJ8$wTBwMsO~vr zD(RS2mXlL;A?u>=1>+kVW!YvLtz6! z5Ql?@D?G6{BQr0(BtOqkz<>`V$j-waoSIltl9LJ(;o@O0&(BE<4)!q=F%SZ&;pX9X zNi9pw$uG!F%_}jKFc1TYGV}14mzV2-)D{=#=q2ap8p<2UvT2n}{-Ms{W=29~M!Wj4)ISShc`UWyjgdYCn#lU zMnmP<&uoEbpN`o2oxh!QO|x#Bm|qo%tW7O?+MOEe ztq|w_^M}>toSRl(k2AU%9!-PW zmeXxA*b^@F>!D7kw{*B-sabnN{hTA3w|YAmZ`(9)Ilto9%OI2B@TEDAf9AY8_u(yH z@Uqs(x&t4MM>M4D$N-c`rJsir-TMA^NGDj$q9EyA~ZccUL#b*yJvnvSP`SMyAF_hL1mH?}&e3 zc65sfQ{37&&b+NF87d+lDp@M7NZFCJhh1vzxdj2&O5T5;8ZgQ8*VOGn0dLc%wO&`> zz*=%P^CZW=$@#K8k39cBJS%g!?4(7N?j56Y-A%$OG3Qpu%a|Ig)HatXCLYi~m+-Xe zk3|1ZGX{zDpl{nwoPEH*@77|E*qrv}gU+{wy5@{Q z2`%|==C8lV-ShF^uX%>nd>7KyK4ugxJr}m+fLWdX%t`tW?{tcBxCe#EKiXw4xN5og z{N2lArfiTg5olR-L3d$FcXU~Gd(-vze<~E0AD%3D%`n9_OI&xrQJ&Y%(*EidNdaC1b@AHvX!mxFWd*^_BAAD+A;+wnV{WI8D>wL!@JJC zS}zr+>vPF1Z_;O-OS7H1vus!Hm{H?CDN^jLj?kfnagM*)q(r|St`Cad;rnXBi)8y9 z4VUIA>e_SaUy@0k`I!52?+26F6G3iRnZYVh`i8mZXw<>yf!$H5&Q{-U-@h-dKebt| z*sgzyvf!m}&$bqRGkA0O&YCXwC%x8hzPev{S<2DRz1qE3u{DeF$-=I^rRHni|0z3r zYS5~ literal 0 HcmV?d00001 diff --git a/certs/intermediate/ca-int-key.pem b/certs/intermediate/ca-int-key.pem new file mode 100644 index 000000000..0b050b6b8 --- /dev/null +++ b/certs/intermediate/ca-int-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEAw6JzXSFiIM46cTinlLvbhwQcWhueSw0+yvil9w1q3COQImor +WGNKKGpIqOdzH6JV2E0CO+LLa+KDyVGPd/3cLV0jtyOafrYpaOgqTqn+MnAxnvDv +7viN4/zz1yjdeh2erSMr8aZ/NFIpZtLlZFVk1t1LQTtVg27AEQ5uIMIWc+sw/wlG +u+fMxgNEQRHGwWw2L0r5kVXKWF43uCgQMIlAlnfPcGakVftpC+fZsjNl23I6d7cr +Sfy2zVgQjauqy0BFdwI5GLOPMwFId1C+jnOn3jagSY4sFq+5+0ItNWrbNDfVFFl9 +ZXLli2VVSyBeR/n4OtNs2Tr1xwFGMcN5mhi+SQIDAQABAoIBAQCwoB1pyrcOiULI +b+8U4Jpthq+WRvMeLYIwvFcS+uEsiUsbVyF1NoeAf5zEKdqNiAHbPIO0z6j66VI0 +U1elbOP5bOrO8O0OU6aFWX7A8MdYgGS8bCkjZvKsEPeRnQqAsvdMt8F39etIsJlC +hUunz1UwjDDiXxBwjnAHtjCFkNW2pt6LscUgqSPr/dYIM6H5ZdSINvUYd9v6xvYz +KQhOZSyikO2sqs/d+tTl1/Onca3HWxynhT4HCe47RQnxaCk+6qa25nrXCIHS+cNh +Ro79iBqkSsG43nYtZ14ZRsPh4jeie0myP1CzYL94fTNuc9wRXJ/dOIjZu3uCHDxt +opSopKSBAoGBAPH4m7hf4DbFtBQCXq3sQw2FqQB4WeEiOSGoZLhivAcarc6gUNZ0 +7/eVUJJJ+pW3UlDtZ5aF1yewBXTNackI/pNvHQziSf/hzRzDdsk4ei3cMnctshMk +XM6oHxw1MyR9g3YhYcAvzmDlevwYj/k2ABhnUva2yM3gD77ao0hjwIyZAoGBAM76 +Gr3ZwT3hh/CzO8GDZuzwLPahLTcBUmCEb+yfr9ELjPH++p4xOw7QZybxaHKlzla0 +wDZ+L5mSL+HciRYIR1JUH+K6PxGqp0ufu6dclLAcNBCEotAtoWSLW3Z7h4LX7/x4 +IafDkxHWMWQxYJaLN5REbJArurY0lu1z5uBqpJ0xAoGBALI2NBpbIru0aKjEBg96 +jvgKlSoveaMCnalYaLYUof9petFP6bnJbmOeqTTVH6Xc2teXwk9uS8SDM8GO+HaE +FVto3rB6iZ3YJEUnAPm6iuHz54c3NIw8n83krOUNmZkqiAQdGe1+SDW9ThMV1BPr +3a4bi1MB1GsstuwOA2xxa4MhAoGBAIoPNDU9AfRH8shwlcRv5QDY9/UO770ICa3N +yWaZ4cncHYjyHrPUfONVyeilEJmg1bDqYmg25YNXis7qrxpeLUzSRm6S8yzSm0ML +aj2puJh8R5JZFs0sEsKhXkH7BhoV9cN/Ulu4TeqQ6GM/uIDSniEtPwkv0hxlmeML +843wNJuRAoGBAKloBRB17AOMxVrB51GLWmVDOvbb398bL5WDHnM+j5QjEdL25rVx +9jDsw9ysikfkjTvs9UfQ6XUIjwurR40hhWoB5KGKvXU3rO/8ds3Gu1EbGmk0h9dS +seC5knwR/3QrRKHerNP5hzDIeRYaPOnko4Zhoo+28UFAHZcItQGF3lF/ +-----END RSA PRIVATE KEY----- diff --git a/certs/intermediate/client-chain-alt-ecc.pem b/certs/intermediate/client-chain-alt-ecc.pem new file mode 100644 index 000000000..58bb755f0 --- /dev/null +++ b/certs/intermediate/client-chain-alt-ecc.pem @@ -0,0 +1,55 @@ +-----BEGIN CERTIFICATE----- +MIICxjCCAmygAwIBAgICEAUwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ +bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s +ZlNTTCBDbGllbnQgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVb/0D0RQmj3Om7fwxU31 +cHvU7CSOGYDsWkyiJANiLJva76I1EkOEdhbGVpUGzAGpvfZ1GkL3vamyNiJfx11/ +tKOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNVHQ4EFgQU +69RLWWuVYT9RV7YETYlBiERcq/IwHwYDVR0jBBgwFoAUlx1gw4ciWZtgH4S0mRyI +Tb/aHm4wDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEF +BQcDBDAKBggqhkjOPQQDAgNIADBFAiBe6My62YzVR/EAn/a2IjlFpCektOZbCnJ0 +wFB0KiilZQIhAKofLu9dYlzn5JMB77wMijSohui3fABOA7QX43L+ZYHf +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD +wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD +VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y +uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG +MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf +jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- diff --git a/certs/intermediate/client-chain-alt.pem b/certs/intermediate/client-chain-alt.pem new file mode 100644 index 000000000..6ace19174 --- /dev/null +++ b/certs/intermediate/client-chain-alt.pem @@ -0,0 +1,71 @@ +-----BEGIN CERTIFICATE----- +MIIESjCCAzKgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK +DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT +TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV +BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm +U1NMIENsaWVudCBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr +Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N ++e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA +nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G +wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz +2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh +utMCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV +HQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwHwYDVR0jBBgwFoAU72ng99Ud5pns +3G3Q9+K5XGRxgzUwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC +BggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAiIEheKwEinl+zaW6O/5SYeic +XSiRymhyMZnVFXiZ0QP/thNZI0iekpTMkQGT3Bk2aNdIU6uZ2CP8KJhD8+uf4i/E +TLMcSDWSbVNGXcEgIQdxJaE3iRqb7PXj0RWg/hAuzWfVPW7WufU4jToSyS754anI +b9YEBWbfPDpp16prXnEN41M4PYdKHseIeByHWiG9D4b0fIa9UX2cy/KypkF6+LsI +EWdqMZ9I9tEHojaHg3NoO8kRXquj0GGa341SuYp50vNdsD0Vae6jtcK+tD8RsAbT +uLQyRZX/dkjrYwsdeQ9VldZ8htRhIPkPooKkH7EQU9joyCezvZh7CsRbgtBszw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT +MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT +YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L +DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+ +tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD +bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV ++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW +r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj +ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn +jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB +/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i +glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z +jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo +4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim +l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU +4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- diff --git a/certs/intermediate/client-chain-ecc.der b/certs/intermediate/client-chain-ecc.der new file mode 100644 index 0000000000000000000000000000000000000000..b067fe290fe67213e5b538a7b3cf025e458a0905 GIT binary patch literal 1375 zcmXqLVmfBf#FVpunTe5!iAjLffQyYotIgw_EekV~LE~aWZUas>=1>+kVW!YvLtz6! z5Ql?@D?G6{BQr0(BtOqkz<>`V$j-waoSIltl9LJ(;o@O0&(BE<4)!q=F%SZ&;pX9X zNi9pw$uG!F%_}ifF;D`DGV@47)hT%9m82Hsrlw>jmZT~;J1V$3I~&Ry$g**2wRyCC z=Vjz%6cfnIOUrivX(%qv(M!(HHINhMHMB4^GBPwYH#IRZj1uQHvM@94FDa9X;t>3b^ae_f(FE|oqg;|&k7z_m2I1}1D7~6h0F*35SFf*|(Fpy?(n{c>YDROp#e9M-ZG9AAA zZ^`9>6M!r~BjbOtc@H4wsj`R}h_G>JvoW%=vNJQmSuDs&jM;<1z?DfM?!}p1H+!zS ze`J{dZJUy%>k{=PTb@O86_p$aDACebn#!ceuu5Lv4?Gz~}?h(Xc-e|dSi9w;3^6DK*T*BF#~ z&ETnbNaR7>33%##nN9N)R?04lUL7-gMH-vtvrRW1i!3{QaLZa>7YPNq*z~`mvbm}c z#Wxn7YGwX#X}x2bn_2EF$J72Nye=$A>{*;7K++ z*U-G5lh408{CTM&xb%?~1|?7q12#s+|4fVwsEL-b4LP|myE7QLFexbX?%l)D6{N6w z&xa{IHWqW{9gql~GNnG;R-ibnU`LYpJymwzy}g!=V1>{O)M$NNrj1U@vxWY=cEM(`xuHC2!Yga z^KiSQmZj$87v!eql^7}*$bm$edBmaW6g=}vQj2m^Q!*1vQWcyX4do4F;V$B26cfnI zOUrivDK0L~(M!(HHINhMHMB4^GBPwYH#IRZh!W>DvM@9h&tTBR$i>ve$jES*`J(ne%Oysx z*1;!Qw6$tVX6;?26~yj-ZJF67cB8%vyE3bf9d?;_rP1TBZpNbS^xX?fPnhX=U6TIZ zz3V*h&-ZUWHp*4cW_F*oKlMy~s!Hav7b2a}PfWfa-5@ggYkIX+RmDTbu&{~Cgq?aX z**MJcd4I9(zImWD&qC|39~XO>K6!X<+I{J|{eIIg2)tOqVbHi!0YSzZdSh z%*4#dz__?^fT z!!_-CM!Q5^2ycP<#N%q$TT>4h$b+PnStJa^8bsb_KKOoB_SwugcXBU$f3!0urLfr) zoQ7rj85#eB&3gbbPnAW?K!lA$n~jl`m7SRh&SF81G;VODF*0;CDpssv>8h+dyL6ZJ zzo5hyb7D0np2{dPoOxBWV&+BW|J#Hkl|AN7nsR0$+PHq5MZO%8Qso8J7KE5cr;Gclr+4QTndDnJ+wdl1HI;r>b z;mQ;F*H~E7?%P;pUSE|RSIGM~*uu8mOYV3_g-m;t;$Hr?FEwp@18e7;{ta2JP&sy!1JCgRN-hyTw}%?b~86xPk5R zjx9#6Q~#HFyiVqpt>h1#dab7IN}|F~{zXkoQK)m%rSn=a&>H)vuJ zH)vw|4=YU=&;rSzaSCc)gcckeJnX*tc_oQ?iLio$orm2izbZ91G0#xYfFG2>xOg~% z6U$5T^Gh;dg%CFnmveqzacNFTW?s6Xgn<}H9WxJqd3m`WC^JG!2*P;~vj{N;6(MHu zB4p4Pf&@#EMa8j-Nebtz3N4mT*?qg6MJ7smo;R=EsUJ(f^Jd*qo}iSa9g*y%k>#=C zd9nPW&>Ox?){jnSKWaW1*kAtlj&7{-cI8=h+cYy?X!))DXH;M~@5B3dKYAbk`FvgD zZk6o3waVHbm(`mDX{KFzni86F?XI_@b!cVgr z{oS~3(;>TsPl~7Km&?a-Ewk%VnCxSpk&?OM`Z~L%5l=3-KB zzdg^mIpM?I8g<_6N$)3|G2QI<_}8iSP{SA1J%>ys9ka@Ea;h$5UDRE%Y`Q~n&>S1* z<=!8+v#ft`(a2`a{pDVwzxBdy#Q4mdYx5y@fr9F^lPZ5&eD2(n)qHW~;r~-?`j&51 p?o|HNl3-YOsoUkX)|B5TnA&*j-ibnU`LYpJymwzy}g!=V1>{O)M$NNrj1U@vxWY=cEM(`xuHC2!Yga z^KiSQmZj$87v!eql^7}*$bm$edBmaW6g=}vQj2m^Q!*1vQWcyX4do4F;V$B26cfnI zOUrivDK0L~(M!(HHINhMHMB4^GBPwYH#IRZh!W>DvM@9h&tTBR$i>ve$jES*`J(ne%Oysx z*1;!Qw6$tVX6;?26~yj-ZJF67cB8%vyE3bf9d?;_rP1TBZpNbS^xX?fPnhX=U6TIZ zz3V*h&-ZUWHp*4cW_F*oKlMy~s!Hav7b2a}PfWfa-5@ggYkIX+RmDTbu&{~Cgq?aX z**MJcd4I9(zImWD&qC|39~XO>K6!X<+I{J|{eIIg2)tOqVbHi!0YSzZdSh z%*4#dz__?^fT z!!_-CM!Q5^2ycP<#N%q$TT>4h$b+PnStJa^8bsb_KKOoB_SwugcXBU$f3!0urLfr) zoQ7rj85#eB&3gbbPnAW?K!lA$n~jl`m7SRh&SF81G;VODF*0;CDpssv>8h+dyL6ZJ zzo5hyb7D0np2{dPoOxBWV&+BW|J#Hkl|AN7nsR0$+PHq5MZO%8Qso8J7KE5cr;Gclr+4QTndDnJ+wdl1HI;r>b z;mQ;F*H~E7?%P;pUSE|RSIGM~*uu8mOYV3_g-m;t;$Hr?FEwp@18e7;{ta2JP&sy!1JCgRN-hyTw}%?b~86xPk5R zjx9#6Q~#HFyiVqpt>h1#dab7IN}|F~{zXkoQK)m%rSn=a&>2LM`3 BimU(t literal 0 HcmV?d00001 diff --git a/certs/intermediate/client-int-cert.pem b/certs/intermediate/client-int-cert.pem new file mode 100644 index 000000000..105ba85bb --- /dev/null +++ b/certs/intermediate/client-int-cert.pem @@ -0,0 +1,88 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4098 (0x1002) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 21 17:54:00 2018 GMT + Not After : Dec 18 17:54:00 2028 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Client Chain/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b: + 2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07: + 32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d: + 68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b: + ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf: + 65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5: + b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6: + 13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b: + 0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e: + bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14: + c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83: + ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19: + cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d: + 3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9: + 54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71: + d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86: + 2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1: + ba:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Client, S/MIME + X509v3 Subject Key Identifier: + 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + X509v3 Authority Key Identifier: + keyid:EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35 + + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication, E-mail Protection + Signature Algorithm: sha256WithRSAEncryption + 88:81:21:78:ac:04:8a:79:7e:cd:a5:ba:3b:fe:52:61:e8:9c: + 5d:28:91:ca:68:72:31:99:d5:15:78:99:d1:03:ff:b6:13:59: + 23:48:9e:92:94:cc:91:01:93:dc:19:36:68:d7:48:53:ab:99: + d8:23:fc:28:98:43:f3:eb:9f:e2:2f:c4:4c:b3:1c:48:35:92: + 6d:53:46:5d:c1:20:21:07:71:25:a1:37:89:1a:9b:ec:f5:e3: + d1:15:a0:fe:10:2e:cd:67:d5:3d:6e:d6:b9:f5:38:8d:3a:12: + c9:2e:f9:e1:a9:c8:6f:d6:04:05:66:df:3c:3a:69:d7:aa:6b: + 5e:71:0d:e3:53:38:3d:87:4a:1e:c7:88:78:1c:87:5a:21:bd: + 0f:86:f4:7c:86:bd:51:7d:9c:cb:f2:b2:a6:41:7a:f8:bb:08: + 11:67:6a:31:9f:48:f6:d1:07:a2:36:87:83:73:68:3b:c9:11: + 5e:ab:a3:d0:61:9a:df:8d:52:b9:8a:79:d2:f3:5d:b0:3d:15: + 69:ee:a3:b5:c2:be:b4:3f:11:b0:06:d3:b8:b4:32:45:95:ff: + 76:48:eb:63:0b:1d:79:0f:55:95:d6:7c:86:d4:61:20:f9:0f: + a2:82:a4:1f:b1:10:53:d8:e8:c8:27:b3:bd:98:7b:0a:c4:5b: + 82:d0:6c:cf +-----BEGIN CERTIFICATE----- +MIIESjCCAzKgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK +DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT +TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV +BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm +U1NMIENsaWVudCBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQr +Knx0mr2qKlIHR9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N ++e/s8YEee5sDR5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxA +nEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42G +wohAmTaDuh5AciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz +2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuh +utMCAwEAAaOBkDCBjTAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIFoDAdBgNV +HQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwHwYDVR0jBBgwFoAU72ng99Ud5pns +3G3Q9+K5XGRxgzUwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMC +BggrBgEFBQcDBDANBgkqhkiG9w0BAQsFAAOCAQEAiIEheKwEinl+zaW6O/5SYeic +XSiRymhyMZnVFXiZ0QP/thNZI0iekpTMkQGT3Bk2aNdIU6uZ2CP8KJhD8+uf4i/E +TLMcSDWSbVNGXcEgIQdxJaE3iRqb7PXj0RWg/hAuzWfVPW7WufU4jToSyS754anI +b9YEBWbfPDpp16prXnEN41M4PYdKHseIeByHWiG9D4b0fIa9UX2cy/KypkF6+LsI +EWdqMZ9I9tEHojaHg3NoO8kRXquj0GGa341SuYp50vNdsD0Vae6jtcK+tD8RsAbT +uLQyRZX/dkjrYwsdeQ9VldZ8htRhIPkPooKkH7EQU9joyCezvZh7CsRbgtBszw== +-----END CERTIFICATE----- diff --git a/certs/intermediate/client-int-ecc-cert.der b/certs/intermediate/client-int-ecc-cert.der new file mode 100644 index 0000000000000000000000000000000000000000..6b806bbc554eaa764a37ff35458ff8d36d620fa8 GIT binary patch literal 714 zcmXqLVmfBf#FVpunTe5!iAjLffQyYotIgw_EekV~LE~aWZUas>=1>+kVW!YvLtz6! z5Ql?@D?G6{BQr0(BtOqkz<>`V$j-waoSIltl9LJ(;o@O0&(BE<4)!q=F%SZ&;pX9X zNi9pw$uG!F%_}ifF;D`DGV@47)hT%9m82Hsrlw>jmZT~;J1V$3I~&Ry$g**2wRyCC z=Vjz%6cfnIOUrivX(%qv(M!(HHINhMHMB4^GBPwYH#IRZj1uQHvM@94FDa9X;t>3b^ae_f(FE|oqg;|&k7z_m2I1}1D7~6h0F*35SFf*|(Fpy?(n{c>YDROp#e9M-ZG9AAA zZ^`9>6M!r~BjbOtc@H4wsj`R}h_G>JvoW%=vNJQmSuDs&jM;<1z?DfM?!}p1H+!zS ze`J{dZJUy%>k{=PTb@O86_p$aDACebn#!ceuu5L "$1" + echo "[ ca ]" >> "$1" + echo "default_ca = CA_default" >> "$1" + echo "" >> "$1" + echo "[ CA_default ]" >> "$1" + echo "certs = $dir/certs/intermediate" >> "$1" + echo "new_certs_dir = $dir/certs/intermediate/new_certs">> "$1" + echo "database = $dir/certs/intermediate/index.txt">> "$1" + echo "serial = $dir/certs/intermediate/serial" >> "$1" + echo "RANDFILE = $dir/private/.rand" >> "$1" + echo "" >> "$1" + echo "private_key = $dir/$2" >> "$1" + echo "certificate = $dir/$3" >> "$1" + echo "" >> "$1" + echo "crlnumber = $dir/certs/intermediate/crlnumber">> "$1" + echo "crl_extensions = crl_ext" >> "$1" + echo "default_crl_days = 1000" >> "$1" + echo "default_md = sha256" >> "$1" + echo "" >> "$1" + echo "name_opt = ca_default" >> "$1" + echo "cert_opt = ca_default" >> "$1" + echo "default_days = 3650" >> "$1" + echo "preserve = no" >> "$1" + echo "policy = policy_loose" >> "$1" + echo "" >> "$1" + echo "[ policy_strict ]" >> "$1" + echo "countryName = match" >> "$1" + echo "stateOrProvinceName = match" >> "$1" + echo "organizationName = match" >> "$1" + echo "organizationalUnitName = optional" >> "$1" + echo "commonName = supplied" >> "$1" + echo "emailAddress = optional" >> "$1" + echo "" >> "$1" + echo "[ policy_loose ]" >> "$1" + echo "countryName = optional" >> "$1" + echo "stateOrProvinceName = optional" >> "$1" + echo "localityName = optional" >> "$1" + echo "organizationName = optional" >> "$1" + echo "organizationalUnitName = optional" >> "$1" + echo "commonName = supplied" >> "$1" + echo "emailAddress = optional" >> "$1" + echo "" >> "$1" + echo "[ req ]" >> "$1" + echo "default_bits = 2048" >> "$1" + echo "distinguished_name = req_distinguished_name" >> "$1" + echo "string_mask = utf8only" >> "$1" + echo "default_md = sha256" >> "$1" + echo "x509_extensions = v3_ca" >> "$1" + echo "" >> "$1" + echo "[ req_distinguished_name ]" >> "$1" + echo "countryName = US" >> "$1" + echo "stateOrProvinceName = Washington" >> "$1" + echo "localityName = Seattle" >> "$1" + echo "organizationName = wolfSSL" >> "$1" + echo "organizationalUnitName = Development" >> "$1" + echo "commonName = www.wolfssl.com" >> "$1" + echo "emailAddress = info@wolfssl.com" >> "$1" + echo "" >> "$1" + echo "[ v3_ca ]" >> "$1" + echo "subjectKeyIdentifier = hash" >> "$1" + echo "authorityKeyIdentifier = keyid:always,issuer" >> "$1" + echo "basicConstraints = critical, CA:true" >> "$1" + echo "keyUsage = critical, digitalSignature, cRLSign, keyCertSign">> "$1" + echo "" >> "$1" + echo "[ v3_intermediate_ca ]" >> "$1" + echo "subjectKeyIdentifier = hash" >> "$1" + echo "authorityKeyIdentifier = keyid:always,issuer" >> "$1" + echo "basicConstraints = critical, CA:true, pathlen:0" >> "$1" + echo "keyUsage = critical, digitalSignature, cRLSign, keyCertSign">> "$1" + echo "" >> "$1" + echo "[ usr_cert ]" >> "$1" + echo "basicConstraints = CA:FALSE" >> "$1" + echo "nsCertType = client, email" >> "$1" + echo "subjectKeyIdentifier = hash" >> "$1" + echo "authorityKeyIdentifier = keyid,issuer" >> "$1" + echo "keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment">> "$1" + echo "extendedKeyUsage = clientAuth, emailProtection" >> "$1" + echo "" >> "$1" + echo "[ server_cert ]" >> "$1" + echo "basicConstraints = CA:FALSE" >> "$1" + echo "nsCertType = server" >> "$1" + echo "subjectKeyIdentifier = hash" >> "$1" + echo "authorityKeyIdentifier = keyid,issuer:always" >> "$1" + echo "keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement">> "$1" + echo "extendedKeyUsage = serverAuth" >> "$1" + echo "" >> "$1" + echo "[ crl_ext ]" >> "$1" + echo "authorityKeyIdentifier=keyid:always" >> "$1" +} + +# Args: 1=reqcnf, 2=signcnf, 3=keyfile, 4=certfile, 5=ext, 6=subj, 7=days +create_cert() { + openssl req -config ./certs/intermediate/$1.cnf -new -sha256 \ + -key $3 \ + -out ./certs/intermediate/tmp.csr \ + -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=$6/emailAddress=info@wolfssl.com" + check_result $? + openssl ca -config ./certs/intermediate/$2.cnf -extensions $5 -days $7 -notext -md sha256 \ + -in ./certs/intermediate/tmp.csr -out ./certs/intermediate/$4.pem -batch + check_result $? + rm ./certs/intermediate/tmp.csr + + # Convert Cert to DER + openssl x509 -in ./certs/intermediate/$4.pem -inform PEM -out ./certs/intermediate/$4.der -outform DER + check_result $? + + # Add text to cert PEM file + openssl x509 -in ./certs/intermediate/$4.pem -text > ./certs/intermediate/tmp.pem + check_result $? + mv ./certs/intermediate/tmp.pem ./certs/intermediate/$4.pem +} + +if [ "$1" == "clean" ]; then + echo "Cleaning temp files" + cleanup_files +fi +if [ "$1" == "cleanall" ]; then + echo "Cleaning all files" + rm -f ./certs/intermediate/*.pem + rm -f ./certs/intermediate/*.der + rm -f ./certs/intermediate/*.csr + cleanup_files +fi + +# Make sure required CA files exist and are populated +rm -f ./certs/intermediate/index.* +touch ./certs/intermediate/index.txt +if [ ! -f ./certs/intermediate/serial ]; then + echo 1000 > ./certs/intermediate/serial +fi +if [ ! -f ./certs/intermediate/crlnumber ]; then + echo 2000 > ./certs/intermediate/crlnumber +fi +if [ ! -d ./certs/intermediate/new_certs ]; then + mkdir ./certs/intermediate/new_certs +fi + + +# RSA +echo "Creating RSA CA configuration cnf files" +create_ca_config ./certs/intermediate/wolfssl_root.cnf certs/ca-key.pem certs/ca-cert.pem +create_ca_config ./certs/intermediate/wolfssl_int.cnf certs/intermediate/ca-int-key.pem certs/intermediate/ca-int-cert.pem + +if [ ! -f ./certs/intermediate/ca-int-key.pem ]; then + echo "Make Intermediate RSA CA Key" + openssl genrsa -out ./certs/intermediate/ca-int-key.pem 2048 + check_result $? + openssl rsa -in ./certs/intermediate/ca-int-key.pem -inform PEM -out ./certs/intermediate/ca-int-key.der -outform DER + check_result $? +fi + +echo "Create RSA Intermediate CA signed by root" +create_cert wolfssl_int wolfssl_root ./certs/intermediate/ca-int-key.pem ca-int-cert v3_intermediate_ca "wolfSSL Intermediate CA" 7300 + +echo "Create RSA Server Certificate signed by intermediate" +create_cert wolfssl_int wolfssl_int ./certs/server-key.pem server-int-cert server_cert "wolfSSL Server Chain" 3650 + +echo "Create RSA Client Certificate signed by intermediate" +create_cert wolfssl_int wolfssl_int ./certs/client-key.pem client-int-cert usr_cert "wolfSSL Client Chain" 3650 + +echo "Generate CRLs for new certificates" +openssl ca -config ./certs/intermediate/wolfssl_root.cnf -gencrl -crldays 1000 -out ./certs/crl/ca-int.pem -keyfile ./certs/intermediate/ca-int-key.pem -cert ./certs/intermediate/ca-int-cert.pem +check_result $? +openssl ca -config ./certs/intermediate/wolfssl_int.cnf -gencrl -crldays 1000 -out ./certs/crl/server-int.pem -keyfile ./certs/server-key.pem -cert ./certs/intermediate/server-int-cert.pem +check_result $? +openssl ca -config ./certs/intermediate/wolfssl_int.cnf -gencrl -crldays 1000 -out ./certs/crl/client-int.pem -keyfile ./certs/client-key.pem -cert ./certs/intermediate/client-int-cert.pem +check_result $? + +echo "Assemble test chains - peer first, then intermediate" +openssl x509 -in ./certs/intermediate/server-int-cert.pem > ./certs/intermediate/server-chain.pem +openssl x509 -in ./certs/intermediate/ca-int-cert.pem >> ./certs/intermediate/server-chain.pem +cat ./certs/intermediate/server-int-cert.der ./certs/intermediate/ca-int-cert.der > ./certs/intermediate/server-chain.der + +openssl x509 -in ./certs/intermediate/client-int-cert.pem > ./certs/intermediate/client-chain.pem +openssl x509 -in ./certs/intermediate/ca-int-cert.pem >> ./certs/intermediate/client-chain.pem +cat ./certs/intermediate/client-int-cert.der ./certs/intermediate/ca-int-cert.der > ./certs/intermediate/client-chain.der + +echo "Assemble cert chain with extra cert for testing alternate chains" +cp ./certs/intermediate/server-chain.pem ./certs/intermediate/server-chain-alt.pem +cp ./certs/intermediate/client-chain.pem ./certs/intermediate/client-chain-alt.pem +openssl x509 -in ./certs/external/ca-google-root.pem >> ./certs/intermediate/server-chain-alt.pem +openssl x509 -in ./certs/external/ca-google-root.pem >> ./certs/intermediate/client-chain-alt.pem + + +# ECC +echo "Creating ECC CA configuration cnf files" +create_ca_config ./certs/intermediate/wolfssl_root_ecc.cnf certs/ca-ecc-key.pem certs/ca-ecc-cert.pem +create_ca_config ./certs/intermediate/wolfssl_int_ecc.cnf certs/intermediate/ca-int-ecc-key.pem certs/intermediate/ca-int-ecc-cert.pem + +if [ ! -f ./certs/intermediate/ca-int-ecc-key.pem ]; then + echo "Make Intermediate ECC CA Key" + openssl ecparam -name prime256v1 -genkey -noout -out ./certs/intermediate/ca-int-ecc-key.pem + check_result $? + openssl ec -in ./certs/intermediate/ca-int-ecc-key.pem -inform PEM -out ./certs/intermediate/ca-int-ecc-key.der -outform DER + check_result $? +fi + +echo "Create ECC Intermediate CA signed by root" +create_cert wolfssl_int_ecc wolfssl_root_ecc ./certs/intermediate/ca-int-ecc-key.pem ca-int-ecc-cert v3_intermediate_ca "wolfSSL Intermediate CA ECC" 7300 + +echo "Create ECC Server Certificate signed by intermediate" +create_cert wolfssl_int_ecc wolfssl_int_ecc ./certs/ecc-key.pem server-int-ecc-cert server_cert "wolfSSL Server Chain ECC" 3650 + +echo "Create ECC Client Certificate signed by intermediate" +create_cert wolfssl_int_ecc wolfssl_int_ecc ./certs/ecc-client-key.pem client-int-ecc-cert usr_cert "wolfSSL Client Chain ECC" 3650 + +echo "Generate CRLs for new certificates" +openssl ca -config ./certs/intermediate/wolfssl_root_ecc.cnf -gencrl -crldays 1000 -out ./certs/crl/ca-int-ecc.pem -keyfile ./certs/intermediate/ca-int-ecc-key.pem -cert ./certs/intermediate/ca-int-ecc-cert.pem +check_result $? +openssl ca -config ./certs/intermediate/wolfssl_int_ecc.cnf -gencrl -crldays 1000 -out ./certs/crl/server-int-ecc.pem -keyfile ./certs/ecc-key.pem -cert ./certs/intermediate/server-int-ecc-cert.pem +check_result $? +openssl ca -config ./certs/intermediate/wolfssl_int_ecc.cnf -gencrl -crldays 1000 -out ./certs/crl/client-int-ecc.pem -keyfile ./certs/ecc-client-key.pem -cert ./certs/intermediate/client-int-ecc-cert.pem +check_result $? + +echo "Assemble test chains - peer first, then intermediate" +openssl x509 -in ./certs/intermediate/server-int-ecc-cert.pem > ./certs/intermediate/server-chain-ecc.pem +openssl x509 -in ./certs/intermediate/ca-int-ecc-cert.pem >> ./certs/intermediate/server-chain-ecc.pem +cat ./certs/intermediate/server-int-ecc-cert.der ./certs/intermediate/ca-int-ecc-cert.der > ./certs/intermediate/server-chain-ecc.der + +openssl x509 -in ./certs/intermediate/client-int-ecc-cert.pem > ./certs/intermediate/client-chain-ecc.pem +openssl x509 -in ./certs/intermediate/ca-int-ecc-cert.pem >> ./certs/intermediate/client-chain-ecc.pem +cat ./certs/intermediate/client-int-ecc-cert.der ./certs/intermediate/ca-int-ecc-cert.der > ./certs/intermediate/client-chain-ecc.der + +echo "Assemble cert chain with extra untrusted cert for testing alternate chains" +cp ./certs/intermediate/server-chain-ecc.pem ./certs/intermediate/server-chain-alt-ecc.pem +cp ./certs/intermediate/client-chain-ecc.pem ./certs/intermediate/client-chain-alt-ecc.pem +openssl x509 -in ./certs/external/ca-google-root.pem >> ./certs/intermediate/server-chain-alt-ecc.pem +openssl x509 -in ./certs/external/ca-google-root.pem >> ./certs/intermediate/client-chain-alt-ecc.pem diff --git a/certs/intermediate/include.am b/certs/intermediate/include.am new file mode 100644 index 000000000..183f96c33 --- /dev/null +++ b/certs/intermediate/include.am @@ -0,0 +1,34 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + certs/intermediate/genintcerts.sh \ + certs/intermediate/ca-int-cert.der \ + certs/intermediate/ca-int-cert.pem \ + certs/intermediate/ca-int-ecc-cert.der \ + certs/intermediate/ca-int-ecc-cert.pem \ + certs/intermediate/ca-int-ecc-key.der \ + certs/intermediate/ca-int-ecc-key.pem \ + certs/intermediate/ca-int-key.der \ + certs/intermediate/ca-int-key.pem \ + certs/intermediate/client-chain-alt-ecc.pem \ + certs/intermediate/client-chain-alt.pem \ + certs/intermediate/client-chain-ecc.der \ + certs/intermediate/client-chain-ecc.pem \ + certs/intermediate/client-chain.der \ + certs/intermediate/client-chain.pem \ + certs/intermediate/client-int-cert.der \ + certs/intermediate/client-int-cert.pem \ + certs/intermediate/client-int-ecc-cert.der \ + certs/intermediate/client-int-ecc-cert.pem \ + certs/intermediate/server-chain-alt-ecc.pem \ + certs/intermediate/server-chain-alt.pem \ + certs/intermediate/server-chain-ecc.der \ + certs/intermediate/server-chain-ecc.pem \ + certs/intermediate/server-chain.der \ + certs/intermediate/server-chain.pem \ + certs/intermediate/server-int-cert.der \ + certs/intermediate/server-int-cert.pem \ + certs/intermediate/server-int-ecc-cert.der \ + certs/intermediate/server-int-ecc-cert.pem diff --git a/certs/intermediate/server-chain-alt-ecc.pem b/certs/intermediate/server-chain-alt-ecc.pem new file mode 100644 index 000000000..6655c17f3 --- /dev/null +++ b/certs/intermediate/server-chain-alt-ecc.pem @@ -0,0 +1,59 @@ +-----BEGIN CERTIFICATE----- +MIIDZDCCAwugAwIBAgICEAQwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ +bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s +ZlNTTCBTZXJ2ZXIgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuzOsTCdQSsZKpQTDPN6f +NttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ +2KOCAS4wggEqMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0GA1UdDgQW +BBRdXSbvrH42+Zt2FStKJQIj77KJMDCBxQYDVR0jBIG9MIG6gBSXHWDDhyJZm2Af +hLSZHIhNv9oebqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp +bmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNV +BAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq +hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhADMA4GA1UdDwEB/wQEAwIDqDAT +BgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNHADBEAiB0XGkL2vHYzyG8 +gayx5cWzOHL5nPFQLTEmSVjD3svlfQIgeJ0/W+ISuxstPSXbK6j0dgKQeySoHUmW +RVZXi7tZVPo= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD +wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD +VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y +uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG +MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf +jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- diff --git a/certs/intermediate/server-chain-alt.pem b/certs/intermediate/server-chain-alt.pem new file mode 100644 index 000000000..73118091b --- /dev/null +++ b/certs/intermediate/server-chain-alt.pem @@ -0,0 +1,75 @@ +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK +DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT +TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV +BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm +U1NMIFNlcnZlciBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaOCASswggEnMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0G +A1UdDgQWBBSzETLJkpiE4sn40DtuA0LKHw6OPDCBwgYDVR0jBIG6MIG3gBTvaeD3 +1R3mmezcbdD34rlcZHGDNaGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMw +EQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd +BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhAAMA4GA1UdDwEB/wQEAwID +qDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAPbWNZn6F +oIfMU6THyWNr1MREx0XQce8vWJJgfcg37WTqsasAG1b+93d4dv1kY314/9SuWBvw +FOnnvUvsNm80y5GwQyVmi8BZ0ertJQ1ccoop3orId1G51cTlJlAMvdeh6/qT7D02 +j8/utmtcqE8bccZNLK/S2iDIifP824TCqfaXYqyqp2v7OyFRhXpzVTSCm/iZy5aJ +otM5X7MNX46eRkpVV6veEc+AHyXJ7G9I/c5b0gUHa078DRCgioL75Hc6J+AODPtD +ZF+QjiYSlNuXGOwZlBtWXLm7JpscFVwH39EtnUGWwCpaSp5fnmaajGz/bMqhfbYS +o9QzCwAeul09eg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT +MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT +YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L +DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+ +tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD +bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV ++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW +r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj +ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn +jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB +/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i +glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z +jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo +4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim +l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU +4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- diff --git a/certs/intermediate/server-chain-ecc.der b/certs/intermediate/server-chain-ecc.der new file mode 100644 index 0000000000000000000000000000000000000000..2e1c7742d58e0ac50fa5d5faae35f634498662bc GIT binary patch literal 1533 zcmXqLVoot=V&-1J%*4pV#3aCCz{SR))#h=|mW7$gpmDJww*e;`b0`a&FjHu-p|F7< zh{M6d6`oj}k(rlXlAmWNV890wWanWIPE9N+$w`HYaPhF0=jWsa2m2U`7zlyXaPx4x zq?V=TJ&WlN>Yn*Q&Tb%OHvh_9Ti-ioekv;WZ5{i+C196 z^D=TWiV0-qrR6(-G!z%-=q2ap8pw(B8d?|{85tUyo0=FHMv3zpSr{4_T0pr5jSFb% z3q=EYh%Y2SjtUO;Q3y^gDoZU=aL!1~%p=YVkp{wS?BHN$VuXf2Gb1~*69da`<263& z0ba+vma-hSxi{bJc9HJ6DX+ADomSwq)De4;$nZE=&p~F`3-AKHfO5xTkT=#-~R& zTNM4A^D#izP|Y*q@V(PdYnc=(=GsR;651`TYpZ%&d&QSBrU}(5D`Y*VxrT*z?~V-l zWzfVl(V&UR0+!F1k!=~gfrce-8H4hc89Z+di4p>L_L_QMX45={m9mSXSI5j=k;bO^ zY}1X$BFhdR+_Ki!MM6O?HvO-tY_94<@r{M2TA4pwTJMceeC`%2?`nktzT9PIej iXT8`p`^(Jpg=QHS-x`LPztA(kFwb+PdgVc8lK=qhudH?e literal 0 HcmV?d00001 diff --git a/certs/intermediate/server-chain-ecc.pem b/certs/intermediate/server-chain-ecc.pem new file mode 100644 index 000000000..379f945fa --- /dev/null +++ b/certs/intermediate/server-chain-ecc.pem @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIDZDCCAwugAwIBAgICEAQwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ +bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s +ZlNTTCBTZXJ2ZXIgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuzOsTCdQSsZKpQTDPN6f +NttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ +2KOCAS4wggEqMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0GA1UdDgQW +BBRdXSbvrH42+Zt2FStKJQIj77KJMDCBxQYDVR0jBIG9MIG6gBSXHWDDhyJZm2Af +hLSZHIhNv9oebqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp +bmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNV +BAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq +hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhADMA4GA1UdDwEB/wQEAwIDqDAT +BgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNHADBEAiB0XGkL2vHYzyG8 +gayx5cWzOHL5nPFQLTEmSVjD3svlfQIgeJ0/W+ISuxstPSXbK6j0dgKQeySoHUmW +RVZXi7tZVPo= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICkTCCAjigAwIBAgICEAMwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMVoXDTM4MTIxNjE3NTQwMVowgaMxCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMFkw +EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEld8csp4gqR2iW6tcm6hmBinmstjjFKbD +wbStTUQYIB5dZ/0VHW0l4RexccqFA/DSr0FmRjZt6kHLT8hK0KBhjKNmMGQwHQYD +VR0OBBYEFJcdYMOHIlmbYB+EtJkciE2/2h5uMB8GA1UdIwQYMBaAFFaOmsPwQt4Y +uUVVbvmTz+rD86UhMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGG +MAoGCCqGSM49BAMCA0cAMEQCICCNvbwIilIgq7zwlAw8OJyewBhTlJR/Vz0VjnVf +jIJ5AiBAPg8nmui6m/SZz3E2aNHtMVQ36C430J5JqSd5wQM0UA== +-----END CERTIFICATE----- diff --git a/certs/intermediate/server-chain.der b/certs/intermediate/server-chain.der new file mode 100644 index 0000000000000000000000000000000000000000..04c47848f78c52911ed11c5034c56cd5c040c19e GIT binary patch literal 2309 zcmXqLVtHoJ#C&c6GZP~d6O#a=0WTY;R+~rLcV0$DZdL|^#`%Wa2Apinp)72|OrgPs z!UlpM4hIiccw%uzW?p(pex9L#0Ut<^orgU*HL;{5Clw~b#lv2npOY3G>|-cmAOupw z&BN`IT9%rVUyz%cS7NAOAO{j<<`IXgQ}E0yNiE7vP036wNmX!mG?X`xg}aE8QA{8+ zFD>5zq`0^^M=v=)*Fa93*U-Yy$jH#p+|BO}9ssT>c(9X}Q3 zZolN}sLq&r%yr$TJt_t}rk>OHyY@|{V^7We-z(DV|HaG+EdAbfiv78%e*eS0)d%!z zR;R2G|8pv~de;NRr$u`CdTlqR7T;PU9lSH%{<7p(J`oleQ~_1PFS9svy_p7qcX1=+Td*S<| zoiQne&87<*XDw-*ZqPUdHO)X1I0p~AZ+>1$VqPLFfwS|lJLOlU<|gJD3L5Z(5&{wyvtG$j*ED@{xS4B(t5 z%g@O8ALM7|6$Zi}KdG|t7;v$1XtOc0va&OyXJTehIlY#x^fA8qVDsNYwRkuwu z#*7~20sH!jm)|p6;Mu1mwtnYtCtcI5 z+a~5$MIvici=K9;hI%W+x&QoObvfsz)z{;UZia^|XG!eygp_b;1}RA87q+s=KpvFU zm02VV#2Q4@`_ctV4y(!9zco(YyyS+g!P6I4!8NR`FsN+cFkoY3{LjRQR$ef+p{06o z(GYjm;G8hqip8qAtr`0}tTTkN;^LK>0=@ojT({|v-NGlu)AP&aq}w<>oke`-lEth?0h@>*-k?-NXIymj)a#}(M( PP6e#rTX>r7me79yZ(=kg literal 0 HcmV?d00001 diff --git a/certs/intermediate/server-chain.pem b/certs/intermediate/server-chain.pem new file mode 100644 index 000000000..bf66d2bf8 --- /dev/null +++ b/certs/intermediate/server-chain.pem @@ -0,0 +1,53 @@ +-----BEGIN CERTIFICATE----- +MIIE5jCCA86gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT +MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK +DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT +TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j +b20wHhcNMTgxMjIxMTc1NDAwWhcNMjgxMjE4MTc1NDAwWjCBnDELMAkGA1UEBhMC +VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV +BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MR0wGwYDVQQDDBR3b2xm +U1NMIFNlcnZlciBDaGFpbjEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaOCASswggEnMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0G +A1UdDgQWBBSzETLJkpiE4sn40DtuA0LKHw6OPDCBwgYDVR0jBIG6MIG3gBTvaeD3 +1R3mmezcbdD34rlcZHGDNaGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMw +EQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAd +BgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhAAMA4GA1UdDwEB/wQEAwID +qDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAPbWNZn6F +oIfMU6THyWNr1MREx0XQce8vWJJgfcg37WTqsasAG1b+93d4dv1kY314/9SuWBvw +FOnnvUvsNm80y5GwQyVmi8BZ0ertJQ1ccoop3orId1G51cTlJlAMvdeh6/qT7D02 +j8/utmtcqE8bccZNLK/S2iDIifP824TCqfaXYqyqp2v7OyFRhXpzVTSCm/iZy5aJ +otM5X7MNX46eRkpVV6veEc+AHyXJ7G9I/c5b0gUHa078DRCgioL75Hc6J+AODPtD +ZF+QjiYSlNuXGOwZlBtWXLm7JpscFVwH39EtnUGWwCpaSp5fnmaajGz/bMqhfbYS +o9QzCwAeul09eg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFzCCAv+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT +MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT +YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MTIy +MTE3NTQwMFoXDTM4MTIxNjE3NTQwMFowgZ8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI +DApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNTTCBJbnRlcm1l +ZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDonNdIWIgzjpxOKeUu9uHBBxaG55L +DT7K+KX3DWrcI5AiaitYY0ooakio53MfolXYTQI74str4oPJUY93/dwtXSO3I5p+ +tilo6CpOqf4ycDGe8O/u+I3j/PPXKN16HZ6tIyvxpn80Uilm0uVkVWTW3UtBO1WD +bsARDm4gwhZz6zD/CUa758zGA0RBEcbBbDYvSvmRVcpYXje4KBAwiUCWd89wZqRV ++2kL59myM2Xbcjp3tytJ/LbNWBCNq6rLQEV3AjkYs48zAUh3UL6Oc6feNqBJjiwW +r7n7Qi01ats0N9UUWX1lcuWLZVVLIF5H+fg602zZOvXHAUYxw3maGL5JAgMBAAGj +ZjBkMB0GA1UdDgQWBBTvaeD31R3mmezcbdD34rlcZHGDNTAfBgNVHSMEGDAWgBQn +jmcRdMMmHT/tM2OzpNgdMOXo1TASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB +/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAXs0wzhMGqKMlbYVov4g7aBJqXl8i +glFK/bGussI+oeRzl293H14Kpj6KIJNMP2hkaajXrj6lWOTQReR6X8xoIz17340z +jboLc92XQZkaJn8Xh8R2uzu1FSSwgk8uCsP+q3XJTVl0Gscz508URVv008OpnTSo +4Soz6hAH254zg2Dw3XwnDWuS75DMNbNO4/rKh1Ux6HuMwjUZQWp2bGx60GrRLaim +l0BzUpw8Q6dL8bcEr+DRMjys36dKFfsuVthcTJmdPPBtoCAllskk/IRM3N4dKejU +4f/KBi857STcefkqGACu0otE6yqU+8gChg1+H2XHIAZeylCvvXHLBtoS/w== +-----END CERTIFICATE----- diff --git a/certs/intermediate/server-int-cert.der b/certs/intermediate/server-int-cert.der new file mode 100644 index 0000000000000000000000000000000000000000..3af5f5a1ec774d3c5bbfbfc6443a548c13f6d119 GIT binary patch literal 1258 zcmXqLVtHoJ#C&c6GZP~d6O#a=0WTY;R+~rLcV0$DZdL|^#`%Wa2Apinp)72|OrgPs z!UlpM4hIiccw%uzW?p(pex9L#0Ut<^orgU*HL;{5Clw~b#lv2npOY3G>|-cmAOupw z&BN`IT9%rVUyz%cS7NAOAO{j<<`IXgQ}E0yNiE7vP036wNmX!mG?X`xg}aE8QA{8+ zFD>5zq`0^^M=v=)*Fa93*U-Yy$jH#p+|BO}9ssT>c(9X}Q3 zZolN}sLq&r%yr$TJt_t}rk>OHyY@|{V^7We-z(DV|HaG+EdAbfiv78%e*eS0)d%!z zR;R2G|8pv~de;NRr$u`CdTlqR7T;PU9lSH%{<7p(J`oleQ~_1PFS9svy_p7qcX1=+Td*S<| zoiQne&87<*XDw-*ZqPUdHO)X1I0p~AZ+>1$VqPLFfwS|lJLOlU<|gJD3L5Z(5&{wyvtG$j*ED@{xS4B(t5 z%g@O8ALM7|6$Zi}KdG|t7;v$1XtOc0va&OyXJTehIJ&WlN>Yn*Q&Tb%OHvh_9Ti-ioekv;WZ5{i+C196 z^D=TWiV0-qrR6(-G!z%-=q2ap8pw(B8d?|{85tUyo0=FHMv3zpSr{4_T0pr5jSFb% z3q=EYh%Y2SjtUO;Q3y^gDoZU=aL!1~%p=YVkp{wS?BHN$VuXf2Gb1~*69da`<263& z0ba+vma-hSxi{bJc9HJ6DX+ADomSwq)De4;$nZE=&p~F`3-AKHfO5xTkT=#-~R& zTNM4A^D#izP|Y*q@V(PdYnc=(=GsR;651`TYpZ%&d&QSBrU}(5D`Y*VxrT*z?~V-l F1po*G?lk}a literal 0 HcmV?d00001 diff --git a/certs/intermediate/server-int-ecc-cert.pem b/certs/intermediate/server-int-ecc-cert.pem new file mode 100644 index 000000000..8b19fcd0e --- /dev/null +++ b/certs/intermediate/server-int-ecc-cert.pem @@ -0,0 +1,63 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4100 (0x1004) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Intermediate CA ECC/emailAddress=info@wolfssl.com + Validity + Not Before: Dec 21 17:54:01 2018 GMT + Not After : Dec 18 17:54:01 2028 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=wolfSSL Server Chain ECC/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de: + 9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c: + 16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92: + 21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33: + 0b:80:34:89:d8 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Cert Type: + SSL Server + X509v3 Subject Key Identifier: + 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 + X509v3 Authority Key Identifier: + keyid:97:1D:60:C3:87:22:59:9B:60:1F:84:B4:99:1C:88:4D:BF:DA:1E:6E + DirName:/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:10:03 + + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Key Agreement + X509v3 Extended Key Usage: + TLS Web Server Authentication + Signature Algorithm: ecdsa-with-SHA256 + 30:44:02:20:74:5c:69:0b:da:f1:d8:cf:21:bc:81:ac:b1:e5: + c5:b3:38:72:f9:9c:f1:50:2d:31:26:49:58:c3:de:cb:e5:7d: + 02:20:78:9d:3f:5b:e2:12:bb:1b:2d:3d:25:db:2b:a8:f4:76: + 02:90:7b:24:a8:1d:49:96:45:56:57:8b:bb:59:54:fa +-----BEGIN CERTIFICATE----- +MIIDZDCCAwugAwIBAgICEAQwCgYIKoZIzj0EAwIwgaMxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEkMCIGA1UEAwwbd29sZlNTTCBJ +bnRlcm1lZGlhdGUgQ0EgRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTE4MTIyMTE3NTQwMVoXDTI4MTIxODE3NTQwMVowgaAxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEhMB8GA1UEAwwYd29s +ZlNTTCBTZXJ2ZXIgQ2hhaW4gRUNDMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZz +c2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuzOsTCdQSsZKpQTDPN6f +NttyLc6U6iv6yyAJOSwW6GEC6a9N0wKTmjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ +2KOCAS4wggEqMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMB0GA1UdDgQW +BBRdXSbvrH42+Zt2FStKJQIj77KJMDCBxQYDVR0jBIG9MIG6gBSXHWDDhyJZm2Af +hLSZHIhNv9oebqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp +bmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDASBgNV +BAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq +hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CAhADMA4GA1UdDwEB/wQEAwIDqDAT +BgNVHSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNHADBEAiB0XGkL2vHYzyG8 +gayx5cWzOHL5nPFQLTEmSVjD3svlfQIgeJ0/W+ISuxstPSXbK6j0dgKQeySoHUmW +RVZXi7tZVPo= +-----END CERTIFICATE----- diff --git a/tests/include.am b/tests/include.am index 2b6baf558..f5efa3ed3 100644 --- a/tests/include.am +++ b/tests/include.am @@ -34,5 +34,9 @@ EXTRA_DIST += tests/test.conf \ tests/test-enckeys.conf \ tests/test-maxfrag.conf \ tests/test-maxfrag-dtls.conf \ - tests/test-fails.conf + tests/test-fails.conf \ + tests/test-chains.conf \ + tests/test-altchains.conf \ + tests/test-trustedpeer.conf \ + tests/test-dhprime.conf DISTCLEANFILES+= tests/.libs/unit.test diff --git a/tests/suites.c b/tests/suites.c index d41c3e274..7f37a0b8b 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -59,8 +59,10 @@ static char flagSep[] = " "; static char portFlag[] = "-p"; static char svrPort[] = "0"; #endif -static char forceDefCipherListFlag[] = "-HdefCipherList"; -static char exitWithRetFlag[] = "-HexitWithRet"; +static char intTestFlag[] = "-H"; +static char forceDefCipherListFlag[] = "defCipherList"; +static char exitWithRetFlag[] = "exitWithRet"; +static char disableDHPrimeTest[] = "-2"; #ifdef WOLFSSL_ASYNC_CRYPT static int devId = INVALID_DEVID; @@ -192,10 +194,10 @@ static int IsValidCert(const char* line) } static int execute_test_case(int svr_argc, char** svr_argv, - int cli_argc, char** cli_argv, - int addNoVerify, int addNonBlocking, - int addDisableEMS, int forceSrvDefCipherList, - int forceCliDefCipherList, int testShouldFail) + int cli_argc, char** cli_argv, + int addNoVerify, int addNonBlocking, + int addDisableEMS, int forceSrvDefCipherList, + int forceCliDefCipherList) { #ifdef WOLFSSL_TIRTOS func_args cliArgs = {0}; @@ -219,6 +221,7 @@ static int execute_test_case(int svr_argc, char** svr_argv, #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) char portNumber[8]; #endif + int cliTestShouldFail = 0, svrTestShouldFail = 0; /* Is Valid Cipher and Version Checks */ /* build command list for the Is checks below */ @@ -296,17 +299,17 @@ static int execute_test_case(int svr_argc, char** svr_argv, } #endif if (forceSrvDefCipherList) { - if (svrArgs.argc >= MAX_ARGS) + if (svrArgs.argc + 2 > MAX_ARGS) printf("cannot add the force def cipher list flag to server\n"); - else + else { + svr_argv[svrArgs.argc++] = intTestFlag; svr_argv[svrArgs.argc++] = forceDefCipherListFlag; + } } #ifdef TEST_PK_PRIVKEY svr_argv[svrArgs.argc++] = (char*)"-P"; #endif - if (testShouldFail) { - svr_argv[svrArgs.argc++] = exitWithRetFlag; - } + /* update server flags list */ commandLine[0] = '\0'; @@ -324,6 +327,11 @@ static int execute_test_case(int svr_argc, char** svr_argv, tests++; /* test count */ + /* determine based on args if this test is expected to fail */ + if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) { + svrTestShouldFail = 1; + } + InitTcpReady(&ready); #ifdef WOLFSSL_TIRTOS @@ -362,17 +370,16 @@ static int execute_test_case(int svr_argc, char** svr_argv, } #endif if (forceCliDefCipherList) { - if (cliArgs.argc >= MAX_ARGS) + if (cliArgs.argc + 2 > MAX_ARGS) printf("cannot add the force def cipher list flag to client\n"); - else + else { + cli_argv[cliArgs.argc++] = intTestFlag; cli_argv[cliArgs.argc++] = forceDefCipherListFlag; + } } #ifdef TEST_PK_PRIVKEY cli_argv[cliArgs.argc++] = (char*)"-P"; #endif - if (testShouldFail) { - cli_argv[cliArgs.argc++] = exitWithRetFlag; - } commandLine[0] = '\0'; added = 0; @@ -387,19 +394,24 @@ static int execute_test_case(int svr_argc, char** svr_argv, } printf("trying client command line[%d]: %s\n", tests, commandLine); + /* determine based on args if this test is expected to fail */ + if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) { + cliTestShouldFail = 1; + } + /* start client */ client_test(&cliArgs); /* verify results */ - if ((cliArgs.return_code != 0 && testShouldFail == 0) || - (cliArgs.return_code == 0 && testShouldFail != 0)) { + if ((cliArgs.return_code != 0 && cliTestShouldFail == 0) || + (cliArgs.return_code == 0 && cliTestShouldFail != 0)) { printf("client_test failed\n"); XEXIT(EXIT_FAILURE); } join_thread(serverThread); - if ((svrArgs.return_code != 0 && testShouldFail == 0) || - (svrArgs.return_code == 0 && testShouldFail != 0)) { + if ((svrArgs.return_code != 0 && svrTestShouldFail == 0) || + (svrArgs.return_code == 0 && svrTestShouldFail != 0)) { printf("server_test failed\n"); XEXIT(EXIT_FAILURE); } @@ -409,8 +421,10 @@ static int execute_test_case(int svr_argc, char** svr_argv, #endif FreeTcpReady(&ready); - /* only run the first test for failure cases */ - if (testShouldFail) { + /* only run the first test for expected failure cases */ + /* the example server/client are not designed to handle expected failure in + all cases, such as non-blocking, etc... */ + if (svrTestShouldFail || cliTestShouldFail) { return NOT_BUILT_IN; } @@ -432,12 +446,15 @@ static void test_harness(void* vargs) char* cursor; char* comment; const char* fname = "tests/test.conf"; - int testShouldFail = 0; + const char* addArgs = NULL; if (args->argc == 1) { printf("notice: using default file %s\n", fname); } - else if(args->argc > 3) { + else if (args->argc == 3) { + addArgs = args->argv[2]; + } + else if (args->argc > 3) { printf("usage: harness [FILE] [ARG]\n"); args->return_code = 1; return; @@ -446,9 +463,6 @@ static void test_harness(void* vargs) if (args->argc >= 2) { fname = args->argv[1]; } - if (args->argc == 3) { - testShouldFail = 1; - } file = fopen(fname, "rb"); if (file == NULL) { @@ -468,7 +482,7 @@ static void test_harness(void* vargs) script = (char*)malloc(sz+1); if (script == 0) { - fprintf(stderr, "unable to allocte script buffer\n"); + fprintf(stderr, "unable to allocate script buffer\n"); fclose(file); args->return_code = 1; return; @@ -501,38 +515,29 @@ static void test_harness(void* vargs) to client mode if we don't have the client command yet */ if (cliMode == 0) cliMode = 1; /* switch to client mode processing */ + /* skip extra newlines */ else do_it = 1; /* Do It, we have server and client */ cursor++; break; case '#': - /* Ignore lines that start with a #. */ + /* Ignore lines that start with a # */ comment = XSTRSEP(&cursor, "\n"); -#ifdef DEBUG_SUITE_TESTS + #ifdef DEBUG_SUITE_TESTS printf("%s\n", comment); -#else + #else (void)comment; -#endif + #endif break; case '-': + default: /* Parameters start with a -. They end in either a newline * or a space. Capture until either, save in Args list. */ if (cliMode) cliArgs[cliArgsSz++] = XSTRSEP(&cursor, " \n"); else svrArgs[svrArgsSz++] = XSTRSEP(&cursor, " \n"); - if (*cursor == 0) /* eof */ - do_it = 1; - break; - default: - /* Anything from cursor until end of line that isn't the above - * is data for a paramter. Just up until the next newline in - * the Args list. */ - if (cliMode) - cliArgs[cliArgsSz++] = XSTRSEP(&cursor, "\n"); - else - svrArgs[svrArgsSz++] = XSTRSEP(&cursor, "\n"); - if (*cursor == 0) /* eof */ + if (*cursor == '\0') /* eof */ do_it = 1; break; } @@ -543,42 +548,48 @@ static void test_harness(void* vargs) } if (do_it) { + /* additional arguments processing */ + if (cliArgsSz+2 < MAX_ARGS && svrArgsSz+2 < MAX_ARGS) { + if (addArgs == NULL || XSTRSTR(addArgs, "doDH") == NULL) { + /* The `-2` disable DH prime check is added to all tests by default */ + cliArgs[cliArgsSz++] = disableDHPrimeTest; + svrArgs[svrArgsSz++] = disableDHPrimeTest; + } + if (addArgs && XSTRSTR(addArgs, "expFail")) { + /* Tests should expect to fail */ + cliArgs[cliArgsSz++] = intTestFlag; + cliArgs[cliArgsSz++] = exitWithRetFlag; + svrArgs[svrArgsSz++] = intTestFlag; + svrArgs[svrArgsSz++] = exitWithRetFlag; + } + } + ret = execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 0, 0, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 0, 0, 0, 0, 0); /* don't repeat if not supported in build */ if (ret == 0) { /* test with default cipher list on server side */ execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 0, 0, 1, 0, - testShouldFail); + cliArgsSz, cliArgs, 0, 0, 0, 1, 0); /* test with default cipher list on client side */ execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 0, 0, 0, 1, - testShouldFail); + cliArgsSz, cliArgs, 0, 0, 0, 0, 1); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 1, 0, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 0, 1, 0, 0, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 1, 0, 0, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 1, 0, 0, 0, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 1, 1, 0, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 1, 1, 0, 0, 0); #ifdef HAVE_EXTENDED_MASTER execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 0, 1, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 0, 0, 1, 0, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 0, 1, 1, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 0, 1, 1, 0, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 1, 0, 1, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 1, 0, 1, 0, 0); execute_test_case(svrArgsSz, svrArgs, - cliArgsSz, cliArgs, 1, 1, 1, 0, 0, - testShouldFail); + cliArgsSz, cliArgs, 1, 1, 1, 0, 0); #endif } svrArgsSz = 1; @@ -593,7 +604,7 @@ static void test_harness(void* vargs) #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ -int SuiteTest(void) +int SuiteTest(int argc, char** argv) { #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) func_args args; @@ -613,8 +624,6 @@ int SuiteTest(void) byte memory[200000]; #endif - (void)test_harness; - cipherSuiteCtx = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (cipherSuiteCtx == NULL) { printf("can't get cipher suite ctx\n"); @@ -642,6 +651,23 @@ int SuiteTest(void) wolfSSL_CTX_UseAsync(cipherSuiteCtx, devId); #endif /* WOLFSSL_ASYNC_CRYPT */ + /* support for custom command line tests */ + if (argc > 1) { + /* Examples: + ./tests/unit.test tests/test-altchains.conf + ./tests/unit.test tests/test-fails.conf expFail + ./tests/unit.test tests/test-dhprime.conf doDH + */ + args.argc = argc; + args.argv = argv; + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + } + goto exit; + } + /* default case */ args.argc = 1; printf("starting default cipher suite tests\n"); @@ -806,10 +832,56 @@ int SuiteTest(void) #endif #endif +#ifdef WOLFSSL_ALT_CERT_CHAINS + /* tests for alt chains */ + strcpy(argv0[1], "tests/test-altchains.conf"); + printf("starting certificate alternate chain cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#else + /* tests for chains */ + strcpy(argv0[1], "tests/test-chains.conf"); + printf("starting certificate chain cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif + +#ifdef WOLFSSL_TRUST_PEER_CERT + /* tests for trusted peer cert */ + strcpy(argv0[1], "tests/test-trustpeer.conf"); + printf("starting trusted peer certificate cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif + + /* tests for dh prime */ + args.argc = 3; + strcpy(argv0[1], "tests/test-dhprime.conf"); + strcpy(argv0[2], "doDH"); /* add DH prime flag */ + printf("starting tests that expect failure\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + /* failure tests */ args.argc = 3; strcpy(argv0[1], "tests/test-fails.conf"); - strcpy(argv0[2], "-f"); + strcpy(argv0[2], "expFail"); /* tests are expected to fail */ printf("starting tests that expect failure\n"); test_harness(&args); if (args.return_code != 0) { @@ -832,4 +904,6 @@ exit: #else return NOT_COMPILED_IN; #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ + (void)argc; + (void)argv; } diff --git a/tests/test-altchains.conf b/tests/test-altchains.conf new file mode 100644 index 000000000..cf1ef4a11 --- /dev/null +++ b/tests/test-altchains.conf @@ -0,0 +1,212 @@ +# Tests will use complete chain with intermediate CA for testing +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-ecc.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-ecc.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-ecc.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-ecc.pem + +# Test will load intermediate CA as trusted and only present the peer cert (partial chain) +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# Test will use alternate chain where chain contains extra cert +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-alt-ecc.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-alt-ecc.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-alt-ecc.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-alt-ecc.pem diff --git a/tests/test-chains.conf b/tests/test-chains.conf new file mode 100644 index 000000000..b1f5c1b2f --- /dev/null +++ b/tests/test-chains.conf @@ -0,0 +1,223 @@ +# Tests will use complete chain with intermediate CA for testing +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-ecc.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-ecc.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-ecc.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-ecc.pem + +# Test will load intermediate CA as trusted and only present the peer cert (partial chain) +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# Test will use alternate chain where chain contains extra cert +# These tests should fail +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem +-H exitWithRet + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem +-H exitWithRet + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem +-H exitWithRet + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem +-H exitWithRet + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain Fail +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-alt-ecc.pem +-H exitWithRet + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain Fail +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-alt-ecc.pem +-H exitWithRet + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem +-H exitWithRet + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem +-H exitWithRet + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain Fail +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-alt-ecc.pem +-H exitWithRet + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain Fail +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-alt-ecc.pem +-H exitWithRet diff --git a/tests/test-dhprime.conf b/tests/test-dhprime.conf new file mode 100644 index 000000000..dc180f618 --- /dev/null +++ b/tests/test-dhprime.conf @@ -0,0 +1,25 @@ +# server TLSv1.2 DHE AES128 (DHE prime test) +-v 3 +-l DHE-RSA-AES128-SHA + +# client TLSv1.2 DHE AES128 (DHE prime test) +-v 3 +-l DHE-RSA-AES128-SHA + + # server TLSv1.2 DHE AES256-SHA256 (DHE prime test) +-v 3 +-l DHE-RSA-AES256-SHA256 + +# client TLSv1.2 DHE AES256-SHA256 (DHE prime test) +-v 3 +-l DHE-RSA-AES256-SHA256 + +# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) + -s +-v 3 +-l DHE-PSK-AES128-CBC-SHA256 + +# client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) +-s +-v 3 +-l DHE-PSK-AES128-CBC-SHA256 diff --git a/tests/test-dtls.conf b/tests/test-dtls.conf index fed6448ba..1ace19d5f 100644 --- a/tests/test-dtls.conf +++ b/tests/test-dtls.conf @@ -2,25 +2,21 @@ -u -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 -u -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -u -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -u -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -u @@ -28,80 +24,68 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -u -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -u -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -u -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -u -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -u -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 PSK-CHACHA20-POLY1305 -u -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 PSK-CHACHA20-POLY1305 -u -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -u -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD -u @@ -109,230 +93,192 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD -u -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1 IDEA-CBC-SHA -u -v 2 -l IDEA-CBC-SHA --2 # client DTLSv1 IDEA-CBC-SHA -u -v 2 -l IDEA-CBC-SHA --2 # server DTLSv1 DES-CBC3-SHA -u -v 2 -l DES-CBC3-SHA --2 # client DTLSv1 DES-CBC3-SHA -u -v 2 -l DES-CBC3-SHA --2 # server DTLSv1.2 DES-CBC3-SHA -u -v 3 -l DES-CBC3-SHA --2 # client DTLSv1.2 DES-CBC3-SHA -u -v 3 -l DES-CBC3-SHA --2 # server DTLSv1 AES128-SHA -u -v 2 -l AES128-SHA --2 # client DTLSv1 AES128-SHA -u -v 2 -l AES128-SHA --2 # server DTLSv1.2 AES128-SHA -u -v 3 -l AES128-SHA --2 # client DTLSv1.2 AES128-SHA -u -v 3 -l AES128-SHA --2 # server DTLSv1 AES256-SHA -u -v 2 -l AES256-SHA --2 # client DTLSv1 AES256-SHA -u -v 2 -l AES256-SHA --2 # server DTLSv1.2 AES256-SHA -u -v 3 -l AES256-SHA --2 # client DTLSv1.2 AES256-SHA -u -v 3 -l AES256-SHA --2 # server DTLSv1 AES128-SHA256 -u -v 2 -l AES128-SHA256 --2 # client DTLSv1 AES128-SHA256 -u -v 2 -l AES128-SHA256 --2 # server DTLSv1.2 AES128-SHA256 -u -v 3 -l AES128-SHA256 --2 # client DTLSv1.2 AES128-SHA256 -u -v 3 -l AES128-SHA256 --2 # server DTLSv1 AES256-SHA256 -u -v 2 -l AES256-SHA256 --2 # client DTLSv1 AES256-SHA256 -u -v 2 -l AES256-SHA256 --2 # server DTLSv1.2 AES256-SHA256 -u -v 3 -l AES256-SHA256 --2 # client DTLSv1.2 AES256-SHA256 -u -v 3 -l AES256-SHA256 --2 # server DTLSv1.1 ECDHE-RSA-DES3 -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # client DTLSv1.1 ECDHE-RSA-DES3 -u -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # server DTLSv1.1 ECDHE-RSA-AES128 -u -v 2 -l ECDHE-RSA-AES128-SHA --2 # client DTLSv1.1 ECDHE-RSA-AES128 -u -v 2 -l ECDHE-RSA-AES128-SHA --2 # server DTLSv1.1 ECDHE-RSA-AES256 -u -v 2 -l ECDHE-RSA-AES256-SHA --2 # client DTLSv1.1 ECDHE-RSA-AES256 -u -v 2 -l ECDHE-RSA-AES256-SHA --2 # server DTLSv1.2 ECDHE-RSA-DES3 -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # client DTLSv1.2 ECDHE-RSA-DES3 -u -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # server DTLSv1.2 ECDHE-RSA-AES128 -u -v 3 -l ECDHE-RSA-AES128-SHA --2 # client DTLSv1.2 ECDHE-RSA-AES128 -u -v 3 -l ECDHE-RSA-AES128-SHA --2 # server DTLSv1.2 ECDHE-RSA-AES128-SHA256 -u -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # client DTLSv1.2 ECDHE-RSA-AES128-SHA256 -u -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # server DTLSv1.2 ECDHE-RSA-AES256 -u -v 3 -l ECDHE-RSA-AES256-SHA --2 # client DTLSv1.2 ECDHE-RSA-AES256 -u -v 3 -l ECDHE-RSA-AES256-SHA --2 # server TLSv1 ECDHE-ECDSA-NULL-SHA -u @@ -340,14 +286,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -u -v 1 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-NULL-SHA -u @@ -355,14 +299,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -u -v 2 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-NULL-SHA -u @@ -370,14 +312,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-NULL-SHA -u -v 3 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-DES3 -u @@ -385,14 +325,12 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-DES3 -u -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-AES128 -u @@ -400,14 +338,12 @@ -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-AES128 -u -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-AES256 -u @@ -415,14 +351,12 @@ -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-AES256 -u -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-DES3 -u @@ -430,14 +364,12 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-DES3 -u -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128 -u @@ -445,14 +377,12 @@ -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128 -u -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 -u @@ -460,14 +390,12 @@ -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 -u -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256 -u @@ -475,14 +403,12 @@ -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256 -u -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-RSA-DES3 -u @@ -490,13 +416,11 @@ -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-DES3 -u -v 2 -l ECDH-RSA-DES-CBC3-SHA --2 # server DTLSv1.1 ECDH-RSA-AES128 -u @@ -504,13 +428,11 @@ -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-AES128 -u -v 2 -l ECDH-RSA-AES128-SHA --2 # server DTLSv1.1 ECDH-RSA-AES256 -u @@ -518,13 +440,11 @@ -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-AES256 -u -v 2 -l ECDH-RSA-AES256-SHA --2 # server DTLSv1.2 ECDH-RSA-DES3 -u @@ -532,13 +452,11 @@ -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-DES3 -u -v 3 -l ECDH-RSA-DES-CBC3-SHA --2 # server DTLSv1.2 ECDH-RSA-AES128 -u @@ -546,13 +464,11 @@ -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128 -u -v 3 -l ECDH-RSA-AES128-SHA --2 # server DTLSv1.2 ECDH-RSA-AES128-SHA256 -u @@ -560,13 +476,11 @@ -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128-SHA256 -u -v 3 -l ECDH-RSA-AES128-SHA256 --2 # server DTLSv1.2 ECDH-RSA-AES256 -u @@ -574,13 +488,11 @@ -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256 -u -v 3 -l ECDH-RSA-AES256-SHA --2 # server DTLSv1.1 ECDH-ECDSA-DES3 -u @@ -588,14 +500,12 @@ -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-DES3 -u -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-ECDSA-AES128 -u @@ -603,14 +513,12 @@ -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-AES128 -u -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-ECDSA-AES256 -u @@ -618,14 +526,12 @@ -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-AES256 -u -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-DES3 -u @@ -633,14 +539,12 @@ -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-DES3 -u -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128 -u @@ -648,14 +552,12 @@ -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128 -u -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -u @@ -663,14 +565,12 @@ -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -u -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES256 -u @@ -678,26 +578,22 @@ -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256 -u -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-RSA-AES256-SHA384 -u -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-SHA384 -u -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 -u @@ -705,14 +601,12 @@ -l ECDHE-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 -u -v 3 -l ECDHE-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-RSA-AES256-SHA384 -u @@ -720,13 +614,11 @@ -l ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256-SHA384 -u -v 3 -l ECDH-RSA-AES256-SHA384 --2 # server DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -u @@ -734,182 +626,156 @@ -l ECDH-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -u -v 3 -l ECDH-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-PSK-AES128-SHA256 -s -u -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1 ECDHE-PSK-AES128-SHA256 -s -u -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -u -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -u -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -u -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -u -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1 ECDHE-PSK-NULL-SHA256 -s -u -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1 ECDHE-PSK-NULL-SHA256 -s -u -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -u -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -u -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -u -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -u -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # server DTLSv1 PSK-AES128 -s -u -v 2 -l PSK-AES128-CBC-SHA --2 # client DTLSv1 PSK-AES128 -s -u -v 2 -l PSK-AES128-CBC-SHA --2 # server DTLSv1 PSK-AES256 -s -u -v 2 -l PSK-AES256-CBC-SHA --2 # client DTLSv1 PSK-AES256 -s -u -v 2 -l PSK-AES256-CBC-SHA --2 # server DTLSv1.2 PSK-AES128 -s -u -v 3 -l PSK-AES128-CBC-SHA --2 # client DTLSv1.2 PSK-AES128 -s -u -v 3 -l PSK-AES128-CBC-SHA --2 # server DTLSv1.2 PSK-AES256 -s -u -v 3 -l PSK-AES256-CBC-SHA --2 # client DTLSv1.2 PSK-AES256 -s -u -v 3 -l PSK-AES256-CBC-SHA --2 # server DTLSv1.2 PSK-AES128-SHA256 -s -u -v 3 -l PSK-AES128-CBC-SHA256 --2 # client DTLSv1.2 PSK-AES128-SHA256 -s -u -v 3 -l PSK-AES128-CBC-SHA256 --2 # server DTLSv1.2 PSK-AES256-SHA384 -s -u -v 3 -l PSK-AES256-CBC-SHA384 --2 # client DTLSv1.2 PSK-AES256-SHA384 -s -u -v 3 -l PSK-AES256-CBC-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -u @@ -917,14 +783,12 @@ -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -u -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -932,14 +796,12 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -u @@ -947,14 +809,12 @@ -l ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -u -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -u @@ -962,38 +822,32 @@ -l ECDH-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -u -v 3 -l ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -u -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -u -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -u @@ -1001,13 +855,11 @@ -l ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -u -v 3 -l ECDH-RSA-AES128-GCM-SHA256 --2 # server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -u @@ -1015,41 +867,35 @@ -l ECDH-RSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDH-RSA-AES256-GCM-SHA384 --2 # server DTLSv1.2 PSK-AES128-GCM-SHA256 -u -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # client DTLSv1.2 PSK-AES128-GCM-SHA256 -u -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # server DTLSv1.2 PSK-AES256-GCM-SHA384 -u -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # client DTLSv1.2 PSK-AES256-GCM-SHA384 -u -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM -u @@ -1057,14 +903,12 @@ -l ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-CCM -u -v 3 -l ECDHE-ECDSA-AES128-CCM -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -u @@ -1072,14 +916,12 @@ -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -u -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -u @@ -1087,39 +929,33 @@ -l ECDHE-ECDSA-AES256-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -u -v 3 -l ECDHE-ECDSA-AES256-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ADH-AES128-SHA -u -a -v 3 -l ADH-AES128-SHA --2 # client DTLSv1.2 ADH-AES128-SHA -u -a -v 3 -l ADH-AES128-SHA --2 # server DTLSv1.0 ADH-AES128-SHA -u -a -v 2 -l ADH-AES128-SHA --2 # client DTLSv1.0 ADH-AES128-SHA -u -a -v 2 -l ADH-AES128-SHA --2 diff --git a/tests/test-ed25519.conf b/tests/test-ed25519.conf index 8c73e2e22..e13c67b18 100644 --- a/tests/test-ed25519.conf +++ b/tests/test-ed25519.conf @@ -3,14 +3,12 @@ -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ed25519/root-ed25519.pem -C --2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 @@ -20,7 +18,6 @@ -A ./certs/ed25519/client-ed25519.pem -V # Remove -V when CRL for ED25519 certificates available. --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 @@ -29,21 +26,18 @@ -k ./certs/ed25519/client-ed25519-key.pem -A ./certs/ed25519/root-ed25519.pem -C --2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ed25519/server-ed25519.pem -k ./certs/ed25519/server-ed25519-key.pem --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -A ./certs/ed25519/root-ed25519.pem -C --2 # Enable when CRL for ED25519 certificates available. # server TLSv1.3 TLS13-AES128-GCM-SHA256 @@ -54,7 +48,6 @@ -A ./certs/ed25519/client-ed25519.pem -V # Remove -V when CRL for ED25519 certificates available. --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 @@ -63,5 +56,4 @@ -k ./certs/ed25519/client-ed25519-key.pem -A ./certs/ed25519/root-ed25519.pem -C --2 diff --git a/tests/test-enckeys.conf b/tests/test-enckeys.conf index 929dca03b..9e371c239 100644 --- a/tests/test-enckeys.conf +++ b/tests/test-enckeys.conf @@ -1,52 +1,42 @@ # server RSA encrypted key -v 3 -k ./certs/server-keyEnc.pem --2 # client RSA encrypted key -v 3 -k ./certs/client-keyEnc.pem --2 # server RSA encrypted key PKCS8 -v 3 -k ./certs/server-keyPkcs8Enc.pem --2 # client RSA encrypted key -v 3 -k ./certs/client-keyEnc.pem --2 # server RSA encrypted key PKCS8 2 -v 3 -k ./certs/server-keyPkcs8Enc2.pem --2 # client RSA encrypted key -v 3 -k ./certs/client-keyEnc.pem --2 # server RSA encrypted key PKCS8 12 -v 3 -k ./certs/server-keyPkcs8Enc12.pem --2 # client RSA encrypted key -v 3 -k ./certs/client-keyEnc.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 PKCS8 encrypted key -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-keyPkcs8Enc.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 diff --git a/tests/test-fails.conf b/tests/test-fails.conf index 223b163bf..d976b307b 100644 --- a/tests/test-fails.conf +++ b/tests/test-fails.conf @@ -5,7 +5,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-badcnnull.pem -d --2 # client bad certificate common name has null -v 3 @@ -14,7 +13,6 @@ -A ./certs/test/server-badcnnull.pem -m -x --2 # server bad certificate alternate name has null -v 3 @@ -22,7 +20,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-badaltnull.pem -d --2 # client bad certificate alternate name has null -v 3 @@ -31,7 +28,6 @@ -A ./certs/test/server-badaltnull.pem -m -x --2 # server nomatch common name -v 3 @@ -39,7 +35,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-badcn.pem -d --2 # client nomatch common name -v 3 @@ -48,7 +43,6 @@ -A ./certs/test/server-badcn.pem -m -x --2 # server nomatch alternate name -v 3 @@ -56,7 +50,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-badaltname.pem -d --2 # client nomatch alternate name -v 3 @@ -65,57 +58,47 @@ -A ./certs/test/server-badaltname.pem -m -x --2 # server RSA no signer error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # client RSA no signer error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -A ./certs/client-cert.pem --2 # server ECC no signer error -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 --2 # client ECC no signer error -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/client-ecc-cert.pem --2 # server RSA bad sig error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-rsa-badsig.pem --2 # client RSA bad sig error -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # server ECC bad sig error -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-ecc-badsig.pem --2 # client ECC bad sig error -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 --2 # server missing CN from alternate names list -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-garbage.pem --2 # client missing CN from alternate names list -v 3 @@ -123,53 +106,44 @@ -h localhost -A ./certs/test/server-garbage.pem -m --2 # Verify Callback Failure Tests # no error going into callback, return error # server -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # client verify should fail -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -H verifyFail --2 # server verify should fail -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -H verifyFail --2 # client -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # server -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 --2 # client verify should fail -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -H verifyFail --2 # server verify should fail -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -H verifyFail --2 # client -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 --2 # error going into callback, return error # server @@ -177,23 +151,19 @@ -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-rsa-badsig.pem -k ./certs/server-key.pem --2 # client verify should fail -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -H verifyFail --2 # server -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-ecc-badsig.pem -k ./certs/ecc-key.pem --2 # client verify should fail -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -H verifyFail --2 diff --git a/tests/test-maxfrag-dtls.conf b/tests/test-maxfrag-dtls.conf index 988ad4d7d..67aef1776 100644 --- a/tests/test-maxfrag-dtls.conf +++ b/tests/test-maxfrag-dtls.conf @@ -4,7 +4,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -12,33 +11,28 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 1 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 1 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 1 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -46,7 +40,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -54,33 +47,28 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 2 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 2 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 2 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -88,7 +76,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -96,33 +83,28 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 3 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 3 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 3 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -130,7 +112,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -138,33 +119,28 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 4 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 4 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 4 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -172,7 +148,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -180,33 +155,28 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 5 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 5 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 5 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -214,7 +184,6 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -u @@ -222,30 +191,25 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 6 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -u -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 6 --2 # server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 -u -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 6 --2 diff --git a/tests/test-maxfrag.conf b/tests/test-maxfrag.conf index ac109a28b..2ca6cc8dd 100644 --- a/tests/test-maxfrag.conf +++ b/tests/test-maxfrag.conf @@ -3,213 +3,177 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 1 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 1 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 1 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 2 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 2 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 2 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 3 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 3 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 3 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 4 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 4 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 4 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 5 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 5 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 5 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem -F 6 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 6 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 -F 6 --2 diff --git a/tests/test-psk-no-id.conf b/tests/test-psk-no-id.conf index bc36456de..d6247b1e4 100644 --- a/tests/test-psk-no-id.conf +++ b/tests/test-psk-no-id.conf @@ -3,311 +3,263 @@ -I -v 3 -l PSK-CHACHA20-POLY1305 --2 # No Hint client TLSv1.2 PSK-CHACHA20-POLY1305 -s -v 3 -l PSK-CHACHA20-POLY1305 --2 # No Hint server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -s -I -v 3 -l DHE-PSK-CHACHA20-POLY1305 --2 # No Hint client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -s -v 3 -l DHE-PSK-CHACHA20-POLY1305 --2 # No Hint server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -s -I -v 3 -l ECDHE-PSK-CHACHA20-POLY1305 --2 # No Hint client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -s -v 3 -l ECDHE-PSK-CHACHA20-POLY1305 --2 # No Hint server TLSv1 ECDHE-PSK-AES128-SHA256 -s -I -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint client TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -I -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -I -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # No Hint server TLSv1 ECDHE-PSK-NULL-SHA256 -s -I -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint client TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -I -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -I -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # No Hint server TLSv1 PSK-AES128 -s -I -v 1 -l PSK-AES128-CBC-SHA --2 # No Hint client TLSv1 PSK-AES128 -s -v 1 -l PSK-AES128-CBC-SHA --2 # No Hint server TLSv1 PSK-AES256 -s -I -v 1 -l PSK-AES256-CBC-SHA --2 # No Hint client TLSv1 PSK-AES256 -s -v 1 -l PSK-AES256-CBC-SHA --2 # No Hint server TLSv1.1 PSK-AES128 -s -I -v 2 -l PSK-AES128-CBC-SHA --2 # No Hint client TLSv1.1 PSK-AES128 -s -v 2 -l PSK-AES128-CBC-SHA --2 # No Hint server TLSv1.1 PSK-AES256 -s -I -v 2 -l PSK-AES256-CBC-SHA --2 # No Hint client TLSv1.1 PSK-AES256 -s -v 2 -l PSK-AES256-CBC-SHA --2 # No Hint server TLSv1.2 PSK-AES128 -s -I -v 3 -l PSK-AES128-CBC-SHA --2 # No Hint client TLSv1.2 PSK-AES128 -s -v 3 -l PSK-AES128-CBC-SHA --2 # No Hint server TLSv1.2 PSK-AES256 -s -I -v 3 -l PSK-AES256-CBC-SHA --2 # No Hint client TLSv1.2 PSK-AES256 -s -v 3 -l PSK-AES256-CBC-SHA --2 # No Hint server TLSv1.0 PSK-AES128-SHA256 -s -I -v 1 -l PSK-AES128-CBC-SHA256 --2 # No Hint client TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l PSK-AES128-CBC-SHA256 --2 # No Hint server TLSv1.1 PSK-AES128-SHA256 -s -I -v 2 -l PSK-AES128-CBC-SHA256 --2 # No Hint client TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l PSK-AES128-CBC-SHA256 --2 # No Hint server TLSv1.2 PSK-AES128-SHA256 -s -I -v 3 -l PSK-AES128-CBC-SHA256 --2 # No Hint client TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l PSK-AES128-CBC-SHA256 --2 # No Hint server TLSv1.0 PSK-AES256-SHA384 -s -I -v 1 -l PSK-AES256-CBC-SHA384 --2 # No Hint client TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l PSK-AES256-CBC-SHA384 --2 # No Hint server TLSv1.1 PSK-AES256-SHA384 -s -I -v 2 -l PSK-AES256-CBC-SHA384 --2 # No Hint client TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l PSK-AES256-CBC-SHA384 --2 # No Hint server TLSv1.2 PSK-AES256-SHA384 -s -I -v 3 -l PSK-AES256-CBC-SHA384 --2 # No Hint client TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l PSK-AES256-CBC-SHA384 --2 # server TLSv1.2 PSK-AES128-GCM-SHA256 -s -I -v 3 -l PSK-AES128-GCM-SHA256 --2 # client TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # server TLSv1.2 PSK-AES256-GCM-SHA384 -s -I -v 3 -l PSK-AES256-GCM-SHA384 --2 # client TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # server TLSv1.3 AES128-GCM-SHA256 -s -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 AES128-GCM-SHA256 -s -v 4 -l TLS13-AES128-GCM-SHA256 --2 # server TLSv1.3 accepting EarlyData using PSK -v 4 @@ -315,7 +267,6 @@ -r -s -0 --2 # client TLSv1.3 sending EarlyData using PSK -v 4 @@ -323,14 +274,12 @@ -r -s -0 --2 # server TLSv1.3 not accepting EarlyData using PSK -v 4 -l TLS13-AES128-GCM-SHA256 -r -s --2 # client TLSv1.3 sending EarlyData using PSK -v 4 @@ -338,7 +287,6 @@ -r -s -0 --2 # server TLSv1.3 accepting EarlyData using PSK -v 4 @@ -346,11 +294,9 @@ -r -s -0 --2 # client TLSv1.3 not sending EarlyData using PSK -v 4 -l TLS13-AES128-GCM-SHA256 -r -s --2 diff --git a/tests/test-psk.conf b/tests/test-psk.conf index e726ac9cf..f4f11b298 100644 --- a/tests/test-psk.conf +++ b/tests/test-psk.conf @@ -1,9 +1,7 @@ # server - PSK plus certificates -j -l PSK-CHACHA20-POLY1305 --2 # client- standard PSK -s -l PSK-CHACHA20-POLY1305 --2 diff --git a/tests/test-qsh.conf b/tests/test-qsh.conf index 9704987db..357467465 100644 --- a/tests/test-qsh.conf +++ b/tests/test-qsh.conf @@ -2,2479 +2,2035 @@ -v 3 -s -l QSH:DHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:DHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:ECDHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:ECDHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 PSK-CHACHA20-POLY1305 -v 3 -s -l QSH:PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:DHE-RSA-CHACHA20-POLY1305-OLD --2 # client TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:DHE-RSA-CHACHA20-POLY1305-OLD --2 # server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:ECDHE-ECDSA-CHACHA20-POLY1305-OLD -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD -v 3 -l QSH:ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l QSH:DHE-RSA-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l QSH:DHE-RSA-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -v 3 -l QSH:ECDHE-RSA-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -v 3 -l QSH:ECDHE-RSA-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -v 3 -l QSH:ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -v 3 -l QSH:ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem --2 # server SSLv3 RC4-SHA -v 0 -l QSH:RC4-SHA --2 # client SSLv3 RC4-SHA -v 0 -l QSH:RC4-SHA --2 # server SSLv3 RC4-MD5 -v 0 -l QSH:RC4-MD5 --2 # client SSLv3 RC4-MD5 -v 0 -l QSH:RC4-MD5 --2 # server SSLv3 DES-CBC3-SHA -v 0 -l QSH:DES-CBC3-SHA --2 # client SSLv3 DES-CBC3-SHA -v 0 -l QSH:DES-CBC3-SHA --2 # server SSLv3 IDEA-CBC-SHA -v 0 -l QSH:IDEA-CBC-SHA --2 # client SSLv3 IDEA-CBC-SHA -v 0 -l QSH:IDEA-CBC-SHA --2 # server TLSv1 RC4-SHA -v 1 -l QSH:RC4-SHA --2 # client TLSv1 RC4-SHA -v 1 -l QSH:RC4-SHA --2 # server TLSv1 RC4-MD5 -v 1 -l QSH:RC4-MD5 --2 # client TLSv1 RC4-MD5 -v 1 -l QSH:RC4-MD5 --2 # server TLSv1 DES-CBC3-SHA -v 1 -l QSH:DES-CBC3-SHA --2 # client TLSv1 DES-CBC3-SHA -v 1 -l QSH:DES-CBC3-SHA --2 # server TLSv1 IDEA-CBC-SHA -v 1 -l QSH:IDEA-CBC-SHA --2 # client TLSv1 IDEA-CBC-SHA -v 1 -l QSH:IDEA-CBC-SHA --2 # server TLSv1 AES128-SHA -v 1 -l QSH:AES128-SHA --2 # client TLSv1 AES128-SHA -v 1 -l QSH:AES128-SHA --2 # server TLSv1 AES256-SHA -v 1 -l QSH:AES256-SHA --2 # client TLSv1 AES256-SHA -v 1 -l QSH:AES256-SHA --2 # server TLSv1 AES128-SHA256 -v 1 -l QSH:AES128-SHA256 --2 # client TLSv1 AES128-SHA256 -v 1 -l QSH:AES128-SHA256 --2 # server TLSv1 AES256-SHA256 -v 1 -l QSH:AES256-SHA256 --2 # client TLSv1 AES256-SHA256 -v 1 -l QSH:AES256-SHA256 --2 # server TLSv1.1 RC4-SHA -v 2 -l QSH:RC4-SHA --2 # client TLSv1.1 RC4-SHA -v 2 -l QSH:RC4-SHA --2 # server TLSv1.1 RC4-MD5 -v 2 -l QSH:RC4-MD5 --2 # client TLSv1.1 RC4-MD5 -v 2 -l QSH:RC4-MD5 --2 # server TLSv1.1 IDEA-CBC-SHA -v 2 -l QSH:IDEA-CBC-SHA --2 # client TLSv1.1 IDEA-CBC-SHA -v 2 -l QSH:IDEA-CBC-SHA --2 # server TLSv1.1 DES-CBC3-SHA -v 2 -l QSH:DES-CBC3-SHA --2 # client TLSv1.1 DES-CBC3-SHA -v 2 -l QSH:DES-CBC3-SHA --2 # server TLSv1.1 AES128-SHA -v 2 -l QSH:AES128-SHA --2 # client TLSv1.1 AES128-SHA -v 2 -l QSH:AES128-SHA --2 # server TLSv1.1 AES256-SHA -v 2 -l QSH:AES256-SHA --2 # client TLSv1.1 AES256-SHA -v 2 -l QSH:AES256-SHA --2 # server TLSv1.1 AES128-SHA256 -v 2 -l QSH:AES128-SHA256 --2 # client TLSv1.1 AES128-SHA256 -v 2 -l QSH:AES128-SHA256 --2 # server TLSv1.1 AES256-SHA256 -v 2 -l QSH:AES256-SHA256 --2 # client TLSv1.1 AES256-SHA256 -v 2 -l QSH:AES256-SHA256 --2 # server TLSv1.2 RC4-SHA -v 3 -l QSH:RC4-SHA --2 # client TLSv1.2 RC4-SHA -v 3 -l QSH:RC4-SHA --2 # server TLSv1.2 RC4-MD5 -v 3 -l QSH:RC4-MD5 --2 # client TLSv1.2 RC4-MD5 -v 3 -l QSH:RC4-MD5 --2 # server TLSv1.2 DES-CBC3-SHA -v 3 -l QSH:DES-CBC3-SHA --2 # client TLSv1.2 DES-CBC3-SHA -v 3 -l QSH:DES-CBC3-SHA --2 # server TLSv1.2 AES128-SHA -v 3 -l QSH:AES128-SHA --2 # client TLSv1.2 AES128-SHA -v 3 -l QSH:AES128-SHA --2 # server TLSv1.2 AES256-SHA -v 3 -l QSH:AES256-SHA --2 # client TLSv1.2 AES256-SHA -v 3 -l QSH:AES256-SHA --2 # server TLSv1.2 AES128-SHA256 -v 3 -l QSH:AES128-SHA256 --2 # client TLSv1.2 AES128-SHA256 -v 3 -l QSH:AES128-SHA256 --2 # server TLSv1.2 AES256-SHA256 -v 3 -l QSH:AES256-SHA256 --2 # client TLSv1.2 AES256-SHA256 -v 3 -l QSH:AES256-SHA256 --2 # server TLSv1 ECDHE-RSA-RC4 -v 1 -l QSH:ECDHE-RSA-RC4-SHA --2 # client TLSv1 ECDHE-RSA-RC4 -v 1 -l QSH:ECDHE-RSA-RC4-SHA --2 # server TLSv1 ECDHE-RSA-DES3 -v 1 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1 ECDHE-RSA-DES3 -v 1 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1 ECDHE-RSA-AES128 -v 1 -l QSH:ECDHE-RSA-AES128-SHA --2 # client TLSv1 ECDHE-RSA-AES128 -v 1 -l QSH:ECDHE-RSA-AES128-SHA --2 # server TLSv1 ECDHE-RSA-AES256 -v 1 -l QSH:ECDHE-RSA-AES256-SHA --2 # client TLSv1 ECDHE-RSA-AES256 -v 1 -l QSH:ECDHE-RSA-AES256-SHA --2 # server TLSv1 ECDHE-ECDSA-NULL-SHA -v 1 -l QSH:ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -v 1 -l QSH:ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-NULL-SHA -v 2 -l QSH:ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -v 2 -l QSH:ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-NULL-SHA -v 3 -l QSH:ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-NULL-SHA -v 3 -l QSH:ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-RSA-RC4 -v 2 -l QSH:ECDHE-RSA-RC4-SHA --2 # client TLSv1.1 ECDHE-RSA-RC4 -v 2 -l QSH:ECDHE-RSA-RC4-SHA --2 # server TLSv1.1 ECDHE-RSA-DES3 -v 2 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1.1 ECDHE-RSA-DES3 -v 2 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1.1 ECDHE-RSA-AES128 -v 2 -l QSH:ECDHE-RSA-AES128-SHA --2 # client TLSv1.1 ECDHE-RSA-AES128 -v 2 -l QSH:ECDHE-RSA-AES128-SHA --2 # server TLSv1.1 ECDHE-RSA-AES256 -v 2 -l QSH:ECDHE-RSA-AES256-SHA --2 # client TLSv1.1 ECDHE-RSA-AES256 -v 2 -l QSH:ECDHE-RSA-AES256-SHA --2 # server TLSv1.2 ECDHE-RSA-RC4 -v 3 -l QSH:ECDHE-RSA-RC4-SHA --2 # client TLSv1.2 ECDHE-RSA-RC4 -v 3 -l QSH:ECDHE-RSA-RC4-SHA --2 # server TLSv1.2 ECDHE-RSA-DES3 -v 3 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1.2 ECDHE-RSA-DES3 -v 3 -l QSH:ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1.2 ECDHE-RSA-AES128 -v 3 -l QSH:ECDHE-RSA-AES128-SHA --2 # client TLSv1.2 ECDHE-RSA-AES128 -v 3 -l QSH:ECDHE-RSA-AES128-SHA --2 # server TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l QSH:ECDHE-RSA-AES128-SHA256 --2 # client TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l QSH:ECDHE-RSA-AES128-SHA256 --2 # server TLSv1.2 ECDHE-RSA-AES256 -v 3 -l QSH:ECDHE-RSA-AES256-SHA --2 # client TLSv1.2 ECDHE-RSA-AES256 -v 3 -l QSH:ECDHE-RSA-AES256-SHA --2 # server TLSv1 ECDHE-ECDSA-RC4 -v 1 -l QSH:ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-RC4 -v 1 -l QSH:ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-DES3 -v 1 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-DES3 -v 1 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l QSH:ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l QSH:ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES256 -v 1 -l QSH:ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES256 -v 1 -l QSH:ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-EDCSA-RC4 -v 2 -l QSH:ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-RC4 -v 2 -l QSH:ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l QSH:ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l QSH:ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l QSH:ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l QSH:ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l QSH:ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l QSH:ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l QSH:ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l QSH:ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l QSH:ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l QSH:ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l QSH:ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l QSH:ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l QSH:ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-RSA-RC4 -v 1 -l QSH:ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-RC4 -v 1 -l QSH:ECDH-RSA-RC4-SHA --2 # server TLSv1 ECDH-RSA-DES3 -v 1 -l QSH:ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-DES3 -v 1 -l QSH:ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1 ECDH-RSA-AES128 -v 1 -l QSH:ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-AES128 -v 1 -l QSH:ECDH-RSA-AES128-SHA --2 # server TLSv1 ECDH-RSA-AES256 -v 1 -l QSH:ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-AES256 -v 1 -l QSH:ECDH-RSA-AES256-SHA --2 # server TLSv1.1 ECDH-RSA-RC4 -v 2 -l QSH:ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-RC4 -v 2 -l QSH:ECDH-RSA-RC4-SHA --2 # server TLSv1.1 ECDH-RSA-DES3 -v 2 -l QSH:ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-DES3 -v 2 -l QSH:ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1.1 ECDH-RSA-AES128 -v 2 -l QSH:ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-AES128 -v 2 -l QSH:ECDH-RSA-AES128-SHA --2 # server TLSv1.1 ECDH-RSA-AES256 -v 2 -l QSH:ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-AES256 -v 2 -l QSH:ECDH-RSA-AES256-SHA --2 # server TLSv1.2 ECDH-RSA-RC4 -v 3 -l QSH:ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-RC4 -v 3 -l QSH:ECDH-RSA-RC4-SHA --2 # server TLSv1.2 ECDH-RSA-DES3 -v 3 -l QSH:ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-DES3 -v 3 -l QSH:ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1.2 ECDH-RSA-AES128 -v 3 -l QSH:ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128 -v 3 -l QSH:ECDH-RSA-AES128-SHA --2 # server TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l QSH:ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l QSH:ECDH-RSA-AES128-SHA256 --2 # server TLSv1.2 ECDH-RSA-AES256 -v 3 -l QSH:ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256 -v 3 -l QSH:ECDH-RSA-AES256-SHA --2 # server TLSv1 ECDH-ECDSA-RC4 -v 1 -l QSH:ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-RC4 -v 1 -l QSH:ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-DES3 -v 1 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-DES3 -v 1 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-AES128 -v 1 -l QSH:ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-AES128 -v 1 -l QSH:ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-AES256 -v 1 -l QSH:ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-AES256 -v 1 -l QSH:ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-EDCSA-RC4 -v 2 -l QSH:ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-RC4 -v 2 -l QSH:ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-DES3 -v 2 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-DES3 -v 2 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l QSH:ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l QSH:ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-AES256 -v 2 -l QSH:ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-AES256 -v 2 -l QSH:ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l QSH:ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-RC4 -v 3 -l QSH:ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-DES3 -v 3 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-DES3 -v 3 -l QSH:ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l QSH:ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l QSH:ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l QSH:ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l QSH:ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l QSH:ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l QSH:ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l QSH:ECDHE-RSA-AES256-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l QSH:ECDHE-RSA-AES256-SHA384 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l QSH:ECDHE-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l QSH:ECDHE-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l QSH:ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l QSH:ECDH-RSA-AES256-SHA384 --2 # server TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l QSH:ECDH-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l QSH:ECDH-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 HC128-SHA -v 1 -l QSH:HC128-SHA --2 # client TLSv1 HC128-SHA -v 1 -l QSH:HC128-SHA --2 # server TLSv1 HC128-MD5 -v 1 -l QSH:HC128-MD5 --2 # client TLSv1 HC128-MD5 -v 1 -l QSH:HC128-MD5 --2 # server TLSv1 HC128-B2B256 -v 1 -l QSH:HC128-B2B256 --2 # client TLSv1 HC128-B2B256 -v 1 -l QSH:HC128-B2B256 --2 # server TLSv1 AES128-B2B256 -v 1 -l QSH:AES128-B2B256 --2 # client TLSv1 AES128-B2B256 -v 1 -l QSH:AES128-B2B256 --2 # server TLSv1 AES256-B2B256 -v 1 -l QSH:AES256-B2B256 --2 # client TLSv1 AES256-B2B256 -v 1 -l QSH:AES256-B2B256 --2 # server TLSv1.1 HC128-SHA -v 2 -l QSH:HC128-SHA --2 # client TLSv1.1 HC128-SHA -v 2 -l QSH:HC128-SHA --2 # server TLSv1.1 HC128-MD5 -v 2 -l QSH:HC128-MD5 --2 # client TLSv1.1 HC128-MD5 -v 2 -l QSH:HC128-MD5 --2 # server TLSv1.1 HC128-B2B256 -v 2 -l QSH:HC128-B2B256 --2 # client TLSv1.1 HC128-B2B256 -v 2 -l QSH:HC128-B2B256 --2 # server TLSv1.1 AES128-B2B256 -v 2 -l QSH:AES128-B2B256 --2 # client TLSv1.1 AES128-B2B256 -v 2 -l QSH:AES128-B2B256 --2 # server TLSv1.1 AES256-B2B256 -v 2 -l QSH:AES256-B2B256 --2 # client TLSv1.1 AES256-B2B256 -v 2 -l QSH:AES256-B2B256 --2 # server TLSv1.2 HC128-SHA -v 3 -l QSH:HC128-SHA --2 # client TLSv1.2 HC128-SHA -v 3 -l QSH:HC128-SHA --2 # server TLSv1.2 HC128-MD5 -v 3 -l QSH:HC128-MD5 --2 # client TLSv1.2 HC128-MD5 -v 3 -l QSH:HC128-MD5 --2 # server TLSv1.2 HC128-B2B256 -v 3 -l QSH:HC128-B2B256 --2 # client TLSv1.2 HC128-B2B256 -v 3 -l QSH:HC128-B2B256 --2 # server TLSv1.2 AES128-B2B256 -v 3 -l QSH:AES128-B2B256 --2 # client TLSv1.2 AES128-B2B256 -v 3 -l QSH:AES128-B2B256 --2 # server TLSv1.2 AES256-B2B256 -v 3 -l QSH:AES256-B2B256 --2 # client TLSv1.2 AES256-B2B256 -v 3 -l QSH:AES256-B2B256 --2 # server TLSv1 RABBIT-SHA -v 1 -l QSH:RABBIT-SHA --2 # client TLSv1 RABBIT-SHA -v 1 -l QSH:RABBIT-SHA --2 # server TLSv1.1 RABBIT-SHA -v 2 -l QSH:RABBIT-SHA --2 # client TLSv1.1 RABBIT-SHA -v 2 -l QSH:RABBIT-SHA --2 # server TLSv1.2 RABBIT-SHA -v 3 -l QSH:RABBIT-SHA --2 # client TLSv1.2 RABBIT-SHA -v 3 -l QSH:RABBIT-SHA --2 # server TLSv1 DHE AES128 -v 1 -l QSH:DHE-RSA-AES128-SHA --2 # client TLSv1 DHE AES128 -v 1 -l QSH:DHE-RSA-AES128-SHA --2 # server TLSv1 DHE AES256 -v 1 -l QSH:DHE-RSA-AES256-SHA --2 # client TLSv1 DHE AES256 -v 1 -l QSH:DHE-RSA-AES256-SHA --2 # server TLSv1 DHE AES128-SHA256 -v 1 -l QSH:DHE-RSA-AES128-SHA256 --2 # client TLSv1 DHE AES128-SHA256 -v 1 -l QSH:DHE-RSA-AES128-SHA256 --2 # server TLSv1 DHE AES256-SHA256 -v 1 -l QSH:DHE-RSA-AES256-SHA256 --2 # client TLSv1 DHE AES256-SHA256 -v 1 -l QSH:DHE-RSA-AES256-SHA256 --2 # server TLSv1.1 DHE AES128 -v 2 -l QSH:DHE-RSA-AES128-SHA --2 # client TLSv1.1 DHE AES128 -v 2 -l QSH:DHE-RSA-AES128-SHA --2 # server TLSv1.1 DHE AES256 -v 2 -l QSH:DHE-RSA-AES256-SHA --2 # client TLSv1.1 DHE AES256 -v 2 -l QSH:DHE-RSA-AES256-SHA --2 # server TLSv1.1 DHE AES128-SHA256 -v 2 -l QSH:DHE-RSA-AES128-SHA256 --2 # client TLSv1.1 DHE AES128-SHA256 -v 2 -l QSH:DHE-RSA-AES128-SHA256 --2 # server TLSv1.1 DHE AES256-SHA256 -v 2 -l QSH:DHE-RSA-AES256-SHA256 --2 # client TLSv1.1 DHE AES256-SHA256 -v 2 -l QSH:DHE-RSA-AES256-SHA256 --2 # server TLSv1.2 DHE AES128 -v 3 -l QSH:DHE-RSA-AES128-SHA --2 # client TLSv1.2 DHE AES128 -v 3 -l QSH:DHE-RSA-AES128-SHA --2 # server TLSv1.2 DHE AES256 -v 3 -l QSH:DHE-RSA-AES256-SHA --2 # client TLSv1.2 DHE AES256 -v 3 -l QSH:DHE-RSA-AES256-SHA --2 # server TLSv1.2 DHE AES128-SHA256 -v 3 -l QSH:DHE-RSA-AES128-SHA256 --2 # client TLSv1.2 DHE AES128-SHA256 -v 3 -l QSH:DHE-RSA-AES128-SHA256 --2 # server TLSv1.2 DHE AES256-SHA256 -v 3 -l QSH:DHE-RSA-AES256-SHA256 --2 # client TLSv1.2 DHE AES256-SHA256 -v 3 -l QSH:DHE-RSA-AES256-SHA256 --2 # server TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # client TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l QSH:ECDHE-PSK-AES128-SHA256 --2 # server TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # client TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l QSH:ECDHE-PSK-NULL-SHA256 --2 # server TLSv1 PSK-AES128 -s -v 1 -l QSH:PSK-AES128-CBC-SHA --2 # client TLSv1 PSK-AES128 -s -v 1 -l QSH:PSK-AES128-CBC-SHA --2 # server TLSv1 PSK-AES256 -s -v 1 -l QSH:PSK-AES256-CBC-SHA --2 # client TLSv1 PSK-AES256 -s -v 1 -l QSH:PSK-AES256-CBC-SHA --2 # server TLSv1.1 PSK-AES128 -s -v 2 -l QSH:PSK-AES128-CBC-SHA --2 # client TLSv1.1 PSK-AES128 -s -v 2 -l QSH:PSK-AES128-CBC-SHA --2 # server TLSv1.1 PSK-AES256 -s -v 2 -l QSH:PSK-AES256-CBC-SHA --2 # client TLSv1.1 PSK-AES256 -s -v 2 -l QSH:PSK-AES256-CBC-SHA --2 # server TLSv1.2 PSK-AES128 -s -v 3 -l QSH:PSK-AES128-CBC-SHA --2 # client TLSv1.2 PSK-AES128 -s -v 3 -l QSH:PSK-AES128-CBC-SHA --2 # server TLSv1.2 PSK-AES256 -s -v 3 -l QSH:PSK-AES256-CBC-SHA --2 # client TLSv1.2 PSK-AES256 -s -v 3 -l QSH:PSK-AES256-CBC-SHA --2 # server TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l QSH:PSK-AES128-CBC-SHA256 --2 # client TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l QSH:PSK-AES128-CBC-SHA256 --2 # server TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l QSH:PSK-AES128-CBC-SHA256 --2 # client TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l QSH:PSK-AES128-CBC-SHA256 --2 # server TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l QSH:PSK-AES128-CBC-SHA256 --2 # client TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l QSH:PSK-AES128-CBC-SHA256 --2 # server TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l QSH:PSK-AES256-CBC-SHA384 --2 # client TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l QSH:PSK-AES256-CBC-SHA384 --2 # server TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l QSH:PSK-AES256-CBC-SHA384 --2 # client TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l QSH:PSK-AES256-CBC-SHA384 --2 # server TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l QSH:PSK-AES256-CBC-SHA384 --2 # client TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l QSH:PSK-AES256-CBC-SHA384 --2 # server TLSv1.0 PSK-NULL -s -v 1 -l QSH:PSK-NULL-SHA --2 # client TLSv1.0 PSK-NULL -s -v 1 -l QSH:PSK-NULL-SHA --2 # server TLSv1.1 PSK-NULL -s -v 2 -l QSH:PSK-NULL-SHA --2 # client TLSv1.1 PSK-NULL -s -v 2 -l QSH:PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL -s -v 3 -l QSH:PSK-NULL-SHA --2 # client TLSv1.2 PSK-NULL -s -v 3 -l QSH:PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l QSH:PSK-NULL-SHA256 --2 # client TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l QSH:PSK-NULL-SHA256 --2 # server TLSv1.2 PSK-NULL-SHA384 -s -v 3 -l QSH:PSK-NULL-SHA384 --2 # client TLSv1.2 PSK-NULL-SHA384 -s -v 3 -l QSH:PSK-NULL-SHA384 --2 # server TLSv1.2 PSK-NULL -s -v 3 -l QSH:PSK-NULL-SHA --2 # client TLSv1.2 PSK-NULL -s -v 3 -l QSH:PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l QSH:PSK-NULL-SHA256 --2 # client TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l QSH:PSK-NULL-SHA256 --2 # server TLSv1.0 RSA-NULL-SHA -v 1 -l QSH:NULL-SHA --2 # client TLSv1.0 RSA-NULL-SHA -v 1 -l QSH:NULL-SHA --2 # server TLSv1.1 RSA-NULL-SHA -v 2 -l QSH:NULL-SHA --2 # client TLSv1.1 RSA-NULL-SHA -v 2 -l QSH:NULL-SHA --2 # server TLSv1.2 RSA-NULL-SHA -v 3 -l QSH:NULL-SHA --2 # client TLSv1.2 RSA-NULL-SHA -v 3 -l QSH:NULL-SHA --2 # server TLSv1.0 RSA-NULL-SHA256 -v 1 -l QSH:NULL-SHA256 --2 # client TLSv1.0 RSA-NULL-SHA256 -v 1 -l QSH:NULL-SHA256 --2 # server TLSv1.1 RSA-NULL-SHA256 -v 2 -l QSH:NULL-SHA256 --2 # client TLSv1.1 RSA-NULL-SHA256 -v 2 -l QSH:NULL-SHA256 --2 # server TLSv1.2 RSA-NULL-SHA256 -v 3 -l QSH:NULL-SHA256 --2 # client TLSv1.2 RSA-NULL-SHA256 -v 3 -l QSH:NULL-SHA256 --2 # server TLSv1 CAMELLIA128-SHA -v 1 -l QSH:CAMELLIA128-SHA --2 # client TLSv1 CAMELLIA128-SHA -v 1 -l QSH:CAMELLIA128-SHA --2 # server TLSv1 CAMELLIA256-SHA -v 1 -l QSH:CAMELLIA256-SHA --2 # client TLSv1 CAMELLIA256-SHA -v 1 -l QSH:CAMELLIA256-SHA --2 # server TLSv1 CAMELLIA128-SHA256 -v 1 -l QSH:CAMELLIA128-SHA256 --2 # client TLSv1 CAMELLIA128-SHA256 -v 1 -l QSH:CAMELLIA128-SHA256 --2 # server TLSv1 CAMELLIA256-SHA256 -v 1 -l QSH:CAMELLIA256-SHA256 --2 # client TLSv1 CAMELLIA256-SHA256 -v 1 -l QSH:CAMELLIA256-SHA256 --2 # server TLSv1.1 CAMELLIA128-SHA -v 2 -l QSH:CAMELLIA128-SHA --2 # client TLSv1.1 CAMELLIA128-SHA -v 2 -l QSH:CAMELLIA128-SHA --2 # server TLSv1.1 CAMELLIA256-SHA -v 2 -l QSH:CAMELLIA256-SHA --2 # client TLSv1.1 CAMELLIA256-SHA -v 2 -l QSH:CAMELLIA256-SHA --2 # server TLSv1.1 CAMELLIA128-SHA256 -v 2 -l QSH:CAMELLIA128-SHA256 --2 # client TLSv1.1 CAMELLIA128-SHA256 -v 2 -l QSH:CAMELLIA128-SHA256 --2 # server TLSv1.1 CAMELLIA256-SHA256 -v 2 -l QSH:CAMELLIA256-SHA256 --2 # client TLSv1.1 CAMELLIA256-SHA256 -v 2 -l QSH:CAMELLIA256-SHA256 --2 # server TLSv1.2 CAMELLIA128-SHA -v 3 -l QSH:CAMELLIA128-SHA --2 # client TLSv1.2 CAMELLIA128-SHA -v 3 -l QSH:CAMELLIA128-SHA --2 # server TLSv1.2 CAMELLIA256-SHA -v 3 -l QSH:CAMELLIA256-SHA --2 # client TLSv1.2 CAMELLIA256-SHA -v 3 -l QSH:CAMELLIA256-SHA --2 # server TLSv1.2 CAMELLIA128-SHA256 -v 3 -l QSH:CAMELLIA128-SHA256 --2 # client TLSv1.2 CAMELLIA128-SHA256 -v 3 -l QSH:CAMELLIA128-SHA256 --2 # server TLSv1.2 CAMELLIA256-SHA256 -v 3 -l QSH:CAMELLIA256-SHA256 --2 # client TLSv1.2 CAMELLIA256-SHA256 -v 3 -l QSH:CAMELLIA256-SHA256 --2 # server TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 -l QSH:DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 -l QSH:DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 -l QSH:DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 -l QSH:DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l QSH:AES128-GCM-SHA256 --2 # client TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l QSH:AES128-GCM-SHA256 --2 # server TLSv1.2 RSA-AES256-GCM-SHA384 -v 3 -l QSH:AES256-GCM-SHA384 --2 # client TLSv1.2 RSA-AES256-GCM-SHA384 -v 3 -l QSH:AES256-GCM-SHA384 --2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDH-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDHE-RSA-AES128-GCM-SHA256 --2 # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDHE-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDHE-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l QSH:ECDH-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDH-RSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -v 3 -l QSH:ECDH-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l QSH:DHE-RSA-AES128-GCM-SHA256 --2 # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l QSH:DHE-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l QSH:DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l QSH:DHE-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l QSH:PSK-AES128-GCM-SHA256 --2 # client TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l QSH:PSK-AES128-GCM-SHA256 --2 # server TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l QSH:PSK-AES256-GCM-SHA384 --2 # client TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l QSH:PSK-AES256-GCM-SHA384 --2 # server TLSv1.2 AES128-CCM-8 -v 3 -l QSH:AES128-CCM-8 --2 # client TLSv1.2 AES128-CCM-8 -v 3 -l QSH:AES128-CCM-8 --2 # server TLSv1.2 AES256-CCM-8 -v 3 -l QSH:AES256-CCM-8 --2 # client TLSv1.2 AES256-CCM-8 -v 3 -l QSH:AES256-CCM-8 --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l QSH:ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l QSH:ECDHE-ECDSA-AES128-CCM -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l QSH:ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l QSH:ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -v 3 -l QSH:ECDHE-ECDSA-AES256-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -v 3 -l QSH:ECDHE-ECDSA-AES256-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 PSK-AES128-CCM -s -v 3 -l QSH:PSK-AES128-CCM --2 # client TLSv1.2 PSK-AES128-CCM -s -v 3 -l QSH:PSK-AES128-CCM --2 # server TLSv1.2 PSK-AES256-CCM -s -v 3 -l QSH:PSK-AES256-CCM --2 # client TLSv1.2 PSK-AES256-CCM -s -v 3 -l QSH:PSK-AES256-CCM --2 # server TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l QSH:PSK-AES128-CCM-8 --2 # client TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l QSH:PSK-AES128-CCM-8 --2 # server TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l QSH:PSK-AES256-CCM-8 --2 # client TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l QSH:PSK-AES256-CCM-8 --2 # server TLSv1.0 DHE-PSK-AES128-CBC-SHA256 -s -v 1 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.0 DHE-PSK-AES128-CBC-SHA256 -s -v 1 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # server TLSv1.1 DHE-PSK-AES128-CBC-SHA256 -s -v 2 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.1 DHE-PSK-AES128-CBC-SHA256 -s -v 2 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 -s -v 3 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 -s -v 3 -l QSH:DHE-PSK-AES128-CBC-SHA256 --2 # server TLSv1.0 DHE-PSK-AES256-CBC-SHA384 -s -v 1 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.0 DHE-PSK-AES256-CBC-SHA384 -s -v 1 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.1 DHE-PSK-AES256-CBC-SHA384 -s -v 2 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.1 DHE-PSK-AES256-CBC-SHA384 -s -v 2 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.2 DHE-PSK-AES256-CBC-SHA384 -s -v 3 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.2 DHE-PSK-AES256-CBC-SHA384 -s -v 3 -l QSH:DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.0 DHE-PSK-NULL-SHA256 -s -v 1 -l QSH:DHE-PSK-NULL-SHA256 --2 # client TLSv1.0 DHE-PSK-NULL-SHA256 -s -v 1 -l QSH:DHE-PSK-NULL-SHA256 --2 # server TLSv1.1 DHE-PSK-NULL-SHA256 -s -v 2 -l QSH:DHE-PSK-NULL-SHA256 --2 # client TLSv1.1 DHE-PSK-NULL-SHA256 -s -v 2 -l QSH:DHE-PSK-NULL-SHA256 --2 # server TLSv1.2 DHE-PSK-NULL-SHA256 -s -v 3 -l QSH:DHE-PSK-NULL-SHA256 --2 # client TLSv1.2 DHE-PSK-NULL-SHA256 -s -v 3 -l QSH:DHE-PSK-NULL-SHA256 --2 # server TLSv1.0 DHE-PSK-NULL-SHA384 -s -v 1 -l QSH:DHE-PSK-NULL-SHA384 --2 # client TLSv1.0 DHE-PSK-NULL-SHA384 -s -v 1 -l QSH:DHE-PSK-NULL-SHA384 --2 # server TLSv1.1 DHE-PSK-NULL-SHA384 -s -v 2 -l QSH:DHE-PSK-NULL-SHA384 --2 # client TLSv1.1 DHE-PSK-NULL-SHA384 -s -v 2 -l QSH:DHE-PSK-NULL-SHA384 --2 # server TLSv1.2 DHE-PSK-NULL-SHA384 -s -v 3 -l QSH:DHE-PSK-NULL-SHA384 --2 # client TLSv1.2 DHE-PSK-NULL-SHA384 -s -v 3 -l QSH:DHE-PSK-NULL-SHA384 --2 # server TLSv1.2 DHE-PSK-AES128-GCM-SHA256 -s -v 3 -l QSH:DHE-PSK-AES128-GCM-SHA256 --2 # client TLSv1.2 DHE-PSK-AES128-GCM-SHA256 -s -v 3 -l QSH:DHE-PSK-AES128-GCM-SHA256 --2 # server TLSv1.2 DHE-PSK-AES256-GCM-SHA384 -s -v 3 -l QSH:DHE-PSK-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-PSK-AES256-GCM-SHA384 -s -v 3 -l QSH:DHE-PSK-AES256-GCM-SHA384 --2 # server TLSv1.2 DHE-PSK-AES128-CCM -s -v 3 -l QSH:DHE-PSK-AES128-CCM --2 # client TLSv1.2 DHE-PSK-AES128-CCM -s -v 3 -l QSH:DHE-PSK-AES128-CCM --2 # server TLSv1.2 DHE-PSK-AES256-CCM -s -v 3 -l QSH:DHE-PSK-AES256-CCM --2 # client TLSv1.2 DHE-PSK-AES256-CCM -s -v 3 -l QSH:DHE-PSK-AES256-CCM --2 # server TLSv1.2 ADH-AES128-SHA -a -v 3 -l QSH:ADH-AES128-SHA --2 # client TLSv1.2 ADH-AES128-SHA -a -v 3 -l QSH:ADH-AES128-SHA --2 # server TLSv1.1 ADH-AES128-SHA -a -v 2 -l QSH:ADH-AES128-SHA --2 # client TLSv1.1 ADH-AES128-SHA -a -v 2 -l QSH:ADH-AES128-SHA --2 # server TLSv1.0 ADH-AES128-SHA -a -v 1 -l QSH:ADH-AES128-SHA --2 # client TLSv1.0 ADH-AES128-SHA -a -v 1 -l QSH:ADH-AES128-SHA --2 # server TLSv1 NTRU_RC4 -v 1 @@ -2482,12 +2038,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_RC4 -v 1 -l QSH:NTRU-RC4-SHA --2 # server TLSv1 NTRU_DES3 -v 1 @@ -2495,12 +2049,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_DES3 -v 1 -l QSH:NTRU-DES-CBC3-SHA --2 # server TLSv1 NTRU_AES128 -v 1 @@ -2508,12 +2060,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_AES128 -v 1 -l QSH:NTRU-AES128-SHA --2 # server TLSv1 NTRU_AES256 -v 1 @@ -2521,12 +2071,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_AES256 -v 1 -l QSH:NTRU-AES256-SHA --2 # server TLSv1.1 NTRU_RC4 -v 2 @@ -2534,12 +2082,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_RC4 -v 2 -l QSH:NTRU-RC4-SHA --2 # server TLSv1.1 NTRU_DES3 -v 2 @@ -2547,12 +2093,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_DES3 -v 2 -l QSH:NTRU-DES-CBC3-SHA --2 # server TLSv1.1 NTRU_AES128 -v 2 @@ -2560,12 +2104,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_AES128 -v 2 -l QSH:NTRU-AES128-SHA --2 # server TLSv1.1 NTRU_AES256 -v 2 @@ -2573,12 +2115,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_AES256 -v 2 -l QSH:NTRU-AES256-SHA --2 # server TLSv1.2 NTRU_RC4 -v 3 @@ -2586,12 +2126,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_RC4 -v 3 -l QSH:NTRU-RC4-SHA --2 # server TLSv1.2 NTRU_DES3 -v 3 @@ -2599,12 +2137,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_DES3 -v 3 -l QSH:NTRU-DES-CBC3-SHA --2 # server TLSv1.2 NTRU_AES128 -v 3 @@ -2612,9 +2148,7 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_AES128 -v 3 -l QSH:NTRU-AES128-SHA --2 diff --git a/tests/test-sctp.conf b/tests/test-sctp.conf index 79727512d..1f6a303fc 100644 --- a/tests/test-sctp.conf +++ b/tests/test-sctp.conf @@ -2,25 +2,21 @@ -G -v 2 -l DHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1 DHE-RSA-CHACHA20-POLY1305 -G -v 2 -l DHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1 ECDHE-RSA-CHACHA20-POLY1305 -G -v 2 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1 ECDHE-RSA-CHACHA20-POLY1305 -G -v 2 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1 ECDHE-EDCSA-CHACHA20-POLY1305 -G @@ -28,38 +24,32 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1 ECDHE-ECDSA-CHACHA20-POLY1305 -G -v 2 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 -G -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 -G -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -G -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -G -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -G @@ -67,80 +57,68 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -G -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -G -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -G -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -G -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -G -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 PSK-CHACHA20-POLY1305 -G -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 PSK-CHACHA20-POLY1305 -G -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -G -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -G -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # server DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -G -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # client DTLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -G -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # server DTLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD -G @@ -148,278 +126,232 @@ -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD -G -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1 RC4-SHA -G -v 2 -l RC4-SHA --2 # client DTLSv1 RC4-SHA -G -v 2 -l RC4-SHA --2 # server DTLSv1.2 RC4-SHA -G -v 3 -l RC4-SHA --2 # client DTLSv1.2 RC4-SHA -G -v 3 -l RC4-SHA --2 # server DTLSv1 IDEA-CBC-SHA -G -v 2 -l IDEA-CBC-SHA --2 # client DTLSv1 IDEA-CBC-SHA -G -v 2 -l IDEA-CBC-SHA --2 # server DTLSv1 DES-CBC3-SHA -G -v 2 -l DES-CBC3-SHA --2 # client DTLSv1 DES-CBC3-SHA -G -v 2 -l DES-CBC3-SHA --2 # server DTLSv1.2 DES-CBC3-SHA -G -v 3 -l DES-CBC3-SHA --2 # client DTLSv1.2 DES-CBC3-SHA -G -v 3 -l DES-CBC3-SHA --2 # server DTLSv1 AES128-SHA -G -v 2 -l AES128-SHA --2 # client DTLSv1 AES128-SHA -G -v 2 -l AES128-SHA --2 # server DTLSv1.2 AES128-SHA -G -v 3 -l AES128-SHA --2 # client DTLSv1.2 AES128-SHA -G -v 3 -l AES128-SHA --2 # server DTLSv1 AES256-SHA -G -v 2 -l AES256-SHA --2 # client DTLSv1 AES256-SHA -G -v 2 -l AES256-SHA --2 # server DTLSv1.2 AES256-SHA -G -v 3 -l AES256-SHA --2 # client DTLSv1.2 AES256-SHA -G -v 3 -l AES256-SHA --2 # server DTLSv1 AES128-SHA256 -G -v 2 -l AES128-SHA256 --2 # client DTLSv1 AES128-SHA256 -G -v 2 -l AES128-SHA256 --2 # server DTLSv1.2 AES128-SHA256 -G -v 3 -l AES128-SHA256 --2 # client DTLSv1.2 AES128-SHA256 -G -v 3 -l AES128-SHA256 --2 # server DTLSv1 AES256-SHA256 -G -v 2 -l AES256-SHA256 --2 # client DTLSv1 AES256-SHA256 -G -v 2 -l AES256-SHA256 --2 # server DTLSv1.2 AES256-SHA256 -G -v 3 -l AES256-SHA256 --2 # client DTLSv1.2 AES256-SHA256 -G -v 3 -l AES256-SHA256 --2 # server DTLSv1 ECDHE-RSA-RC4 -G -v 2 -l ECDHE-RSA-RC4-SHA --2 # client DTLSv1 ECDHE-RSA-RC4 -G -v 2 -l ECDHE-RSA-RC4-SHA --2 # server DTLSv1.1 ECDHE-RSA-DES3 -G -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # client DTLSv1.1 ECDHE-RSA-DES3 -G -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # server DTLSv1.1 ECDHE-RSA-AES128 -G -v 2 -l ECDHE-RSA-AES128-SHA --2 # client DTLSv1.1 ECDHE-RSA-AES128 -G -v 2 -l ECDHE-RSA-AES128-SHA --2 # server DTLSv1.1 ECDHE-RSA-AES256 -G -v 2 -l ECDHE-RSA-AES256-SHA --2 # client DTLSv1.1 ECDHE-RSA-AES256 -G -v 2 -l ECDHE-RSA-AES256-SHA --2 # server DTLSv1.2 ECDHE-RSA-RC4 -G -v 3 -l ECDHE-RSA-RC4-SHA --2 # client DTLSv1.2 ECDHE-RSA-RC4 -G -v 3 -l ECDHE-RSA-RC4-SHA --2 # server DTLSv1.2 ECDHE-RSA-DES3 -G -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # client DTLSv1.2 ECDHE-RSA-DES3 -G -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # server DTLSv1.2 ECDHE-RSA-AES128 -G -v 3 -l ECDHE-RSA-AES128-SHA --2 # client DTLSv1.2 ECDHE-RSA-AES128 -G -v 3 -l ECDHE-RSA-AES128-SHA --2 # server DTLSv1.2 ECDHE-RSA-AES128-SHA256 -G -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # client DTLSv1.2 ECDHE-RSA-AES128-SHA256 -G -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # server DTLSv1.2 ECDHE-RSA-AES256 -G -v 3 -l ECDHE-RSA-AES256-SHA --2 # client DTLSv1.2 ECDHE-RSA-AES256 -G -v 3 -l ECDHE-RSA-AES256-SHA --2 # server TLSv1 ECDHE-ECDSA-NULL-SHA -G @@ -427,14 +359,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -G -v 1 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-NULL-SHA -G @@ -442,14 +372,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -G -v 2 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-NULL-SHA -G @@ -457,14 +385,12 @@ -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-NULL-SHA -G -v 3 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-EDCSA-RC4 -G @@ -472,14 +398,12 @@ -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-RC4 -G -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-DES3 -G @@ -487,14 +411,12 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-DES3 -G -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-AES128 -G @@ -502,14 +424,12 @@ -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-AES128 -G -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDHE-ECDSA-AES256 -G @@ -517,14 +437,12 @@ -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDHE-ECDSA-AES256 -G -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-RC4 -G @@ -532,14 +450,12 @@ -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-RC4 -G -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-DES3 -G @@ -547,14 +463,12 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-DES3 -G -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128 -G @@ -562,14 +476,12 @@ -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128 -G -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 -G @@ -577,14 +489,12 @@ -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 -G -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256 -G @@ -592,14 +502,12 @@ -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256 -G -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-RSA-RC4 -G @@ -607,13 +515,11 @@ -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-RC4 -G -v 2 -l ECDH-RSA-RC4-SHA --2 # server DTLSv1.1 ECDH-RSA-DES3 -G @@ -621,13 +527,11 @@ -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-DES3 -G -v 2 -l ECDH-RSA-DES-CBC3-SHA --2 # server DTLSv1.1 ECDH-RSA-AES128 -G @@ -635,13 +539,11 @@ -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-AES128 -G -v 2 -l ECDH-RSA-AES128-SHA --2 # server DTLSv1.1 ECDH-RSA-AES256 -G @@ -649,13 +551,11 @@ -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-RSA-AES256 -G -v 2 -l ECDH-RSA-AES256-SHA --2 # server DTLSv1.2 ECDH-RSA-RC4 -G @@ -663,13 +563,11 @@ -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-RC4 -G -v 3 -l ECDH-RSA-RC4-SHA --2 # server DTLSv1.2 ECDH-RSA-DES3 -G @@ -677,13 +575,11 @@ -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-DES3 -G -v 3 -l ECDH-RSA-DES-CBC3-SHA --2 # server DTLSv1.2 ECDH-RSA-AES128 -G @@ -691,13 +587,11 @@ -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128 -G -v 3 -l ECDH-RSA-AES128-SHA --2 # server DTLSv1.2 ECDH-RSA-AES128-SHA256 -G @@ -705,13 +599,11 @@ -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128-SHA256 -G -v 3 -l ECDH-RSA-AES128-SHA256 --2 # server DTLSv1.2 ECDH-RSA-AES256 -G @@ -719,13 +611,11 @@ -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256 -G -v 3 -l ECDH-RSA-AES256-SHA --2 # server DTLSv1.1 ECDH-EDCSA-RC4 -G @@ -733,14 +623,12 @@ -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-RC4 -G -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-ECDSA-DES3 -G @@ -748,14 +636,12 @@ -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-DES3 -G -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-ECDSA-AES128 -G @@ -763,14 +649,12 @@ -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-AES128 -G -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.1 ECDH-ECDSA-AES256 -G @@ -778,14 +662,12 @@ -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.1 ECDH-ECDSA-AES256 -G -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-RC4 -G @@ -793,14 +675,12 @@ -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-RC4 -G -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-DES3 -G @@ -808,14 +688,12 @@ -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-DES3 -G -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128 -G @@ -823,14 +701,12 @@ -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128 -G -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -G @@ -838,14 +714,12 @@ -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 -G -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES256 -G @@ -853,26 +727,22 @@ -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256 -G -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-RSA-AES256-SHA384 -G -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-SHA384 -G -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 -G @@ -880,14 +750,12 @@ -l ECDHE-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 -G -v 3 -l ECDHE-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-RSA-AES256-SHA384 -G @@ -895,13 +763,11 @@ -l ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256-SHA384 -G -v 3 -l ECDH-RSA-AES256-SHA384 --2 # server DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -G @@ -909,182 +775,156 @@ -l ECDH-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 -G -v 3 -l ECDH-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-PSK-AES128-SHA256 -s -G -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1 ECDHE-PSK-AES128-SHA256 -s -G -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -G -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -G -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -G -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -G -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1 ECDHE-PSK-NULL-SHA256 -s -G -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1 ECDHE-PSK-NULL-SHA256 -s -G -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -G -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -G -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -G -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -G -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # server DTLSv1 PSK-AES128 -s -G -v 2 -l PSK-AES128-CBC-SHA --2 # client DTLSv1 PSK-AES128 -s -G -v 2 -l PSK-AES128-CBC-SHA --2 # server DTLSv1 PSK-AES256 -s -G -v 2 -l PSK-AES256-CBC-SHA --2 # client DTLSv1 PSK-AES256 -s -G -v 2 -l PSK-AES256-CBC-SHA --2 # server DTLSv1.2 PSK-AES128 -s -G -v 3 -l PSK-AES128-CBC-SHA --2 # client DTLSv1.2 PSK-AES128 -s -G -v 3 -l PSK-AES128-CBC-SHA --2 # server DTLSv1.2 PSK-AES256 -s -G -v 3 -l PSK-AES256-CBC-SHA --2 # client DTLSv1.2 PSK-AES256 -s -G -v 3 -l PSK-AES256-CBC-SHA --2 # server DTLSv1.2 PSK-AES128-SHA256 -s -G -v 3 -l PSK-AES128-CBC-SHA256 --2 # client DTLSv1.2 PSK-AES128-SHA256 -s -G -v 3 -l PSK-AES128-CBC-SHA256 --2 # server DTLSv1.2 PSK-AES256-SHA384 -s -G -v 3 -l PSK-AES256-CBC-SHA384 --2 # client DTLSv1.2 PSK-AES256-SHA384 -s -G -v 3 -l PSK-AES256-CBC-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -G @@ -1092,14 +932,12 @@ -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -G -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -G @@ -1107,14 +945,12 @@ -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -G -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -G @@ -1122,14 +958,12 @@ -l ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -G -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -G @@ -1137,38 +971,32 @@ -l ECDH-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -G -v 3 -l ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -G -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -G -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -G -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -G -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -G @@ -1176,13 +1004,11 @@ -l ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -G -v 3 -l ECDH-RSA-AES128-GCM-SHA256 --2 # server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -G @@ -1190,41 +1016,35 @@ -l ECDH-RSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -G -v 3 -l ECDH-RSA-AES256-GCM-SHA384 --2 # server DTLSv1.2 PSK-AES128-GCM-SHA256 -G -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # client DTLSv1.2 PSK-AES128-GCM-SHA256 -G -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # server DTLSv1.2 PSK-AES256-GCM-SHA384 -G -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # client DTLSv1.2 PSK-AES256-GCM-SHA384 -G -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM -G @@ -1232,14 +1052,12 @@ -l ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-CCM -G -v 3 -l ECDHE-ECDSA-AES128-CCM -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -G @@ -1247,14 +1065,12 @@ -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -G -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -G @@ -1262,39 +1078,33 @@ -l ECDHE-ECDSA-AES256-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -G -v 3 -l ECDHE-ECDSA-AES256-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server DTLSv1.2 ADH-AES128-SHA -G -a -v 3 -l ADH-AES128-SHA --2 # client DTLSv1.2 ADH-AES128-SHA -G -a -v 3 -l ADH-AES128-SHA --2 # server DTLSv1.0 ADH-AES128-SHA -G -a -v 2 -l ADH-AES128-SHA --2 # client DTLSv1.0 ADH-AES128-SHA -G -a -v 2 -l ADH-AES128-SHA --2 diff --git a/tests/test-sig.conf b/tests/test-sig.conf index 044ce2bf5..680eb3506 100644 --- a/tests/test-sig.conf +++ b/tests/test-sig.conf @@ -3,257 +3,217 @@ -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-DES3 -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES256 -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES256 -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-privkey.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l ECDHE-ECDSA-AES128-CCM -A ./certs/ca-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-cert.pem --2 diff --git a/tests/test-tls13-down.conf b/tests/test-tls13-down.conf index f018cc2fe..181b286eb 100644 --- a/tests/test-tls13-down.conf +++ b/tests/test-tls13-down.conf @@ -2,55 +2,43 @@ # server TLSv1.3 downgrade #-v d #-l TLS13-CHACHA20-POLY1305-SHA256 --2 # client TLSv1.2 #-v 3 --2 # server TLSv1.2 -v 3 --2 # client TLSv1.3 downgrade -v d --2 # server TLSv1.3 downgrade -v d --2 # client TLSv1.3 downgrade -v d --2 # server TLSv1.3 downgrade but don't and resume -v d -r --2 # client TLSv1.3 downgrade but don't and resume -v d -r --2 # server TLSv1.3 downgrade and resume -v d -r --2 # client TLSv1.2 and resume -v 3 -r --2 # server TLSv1.2 and resume -v d -r --2 # lcient TLSv1.3 downgrade and resume -v 3 -r --2 diff --git a/tests/test-tls13-ecc.conf b/tests/test-tls13-ecc.conf index 3bc261f6c..3496eab8c 100644 --- a/tests/test-tls13-ecc.conf +++ b/tests/test-tls13-ecc.conf @@ -3,65 +3,55 @@ -l TLS13-CHACHA20-POLY1305-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.3 TLS13-AES256-GCM-SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.3 TLS13-AES256-GCM-SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.3 TLS13-AES128-CCM-SHA256 -v 4 -l TLS13-AES128-CCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.3 TLS13-AES128-CCM-SHA256 -v 4 -l TLS13-AES128-CCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.3 TLS13-AES128-CCM-8-SHA256 -v 4 -l TLS13-AES128-CCM-8-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.3 TLS13-AES128-CCM-8-SHA256 -v 4 -l TLS13-AES128-CCM-8-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 @@ -69,14 +59,12 @@ -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -t --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem -t --2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 @@ -84,11 +72,9 @@ -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -Y --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem -y --2 diff --git a/tests/test-tls13-psk.conf b/tests/test-tls13-psk.conf index 90dec0e17..b8b7e2607 100644 --- a/tests/test-tls13-psk.conf +++ b/tests/test-tls13-psk.conf @@ -3,35 +3,29 @@ -s -l TLS13-AES128-GCM-SHA256 -d --2 # client TLSv1.3 PSK -v 4 -s -l TLS13-AES128-GCM-SHA256 --2 # server TLSv1.3 PSK -v 4 -j -l TLS13-AES128-GCM-SHA256 -d --2 # client TLSv1.3 PSK -v 4 -s -l TLS13-AES128-GCM-SHA256 --2 # server TLSv1.3 PSK -v 4 -j -l TLS13-AES128-GCM-SHA256 -d --2 # client TLSv1.3 not-PSK -v 4 -l TLS13-AES128-GCM-SHA256 --2 diff --git a/tests/test-tls13.conf b/tests/test-tls13.conf index 7445aa8ed..5e07ad3fe 100644 --- a/tests/test-tls13.conf +++ b/tests/test-tls13.conf @@ -1,237 +1,195 @@ # server TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 --2 # client TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 -v 4 -l TLS13-CHACHA20-POLY1305-SHA256 --2 # server TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 TLS13-AES128-GCM-SHA256 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # server TLSv1.3 TLS13-AES256-GCM-SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 --2 # client TLSv1.3 TLS13-AES256-GCM-SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 --2 # server TLSv1.3 TLS13-AES128-CCM-SHA256 -v 4 -l TLS13-AES128-CCM-SHA256 --2 # client TLSv1.3 TLS13-AES128-CCM-SHA256 -v 4 -l TLS13-AES128-CCM-SHA256 --2 # server TLSv1.3 TLS13-AES128-CCM-8-SHA256 -v 4 -l TLS13-AES128-CCM-8-SHA256 --2 # client TLSv1.3 TLS13-AES128-CCM-8-SHA256 -v 4 -l TLS13-AES128-CCM-8-SHA256 --2 # server TLSv1.3 resumption -v 4 -l TLS13-AES128-GCM-SHA256 -r --2 # client TLSv1.3 resumption -v 4 -l TLS13-AES128-GCM-SHA256 -r --2 # server TLSv1.3 resumption - SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 -r --2 # client TLSv1.3 resumption - SHA384 -v 4 -l TLS13-AES256-GCM-SHA384 -r --2 # server TLSv1.3 PSK without (EC)DHE -v 4 -l TLS13-AES128-GCM-SHA256 -r --2 # client TLSv1.3 PSK without (EC)DHE -v 4 -l TLS13-AES128-GCM-SHA256 -r -K --2 # server TLSv1.3 accepting EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 --2 # client TLSv1.3 sending EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 --2 # server TLSv1.3 not accepting EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r --2 # client TLSv1.3 sending EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 --2 # server TLSv1.3 accepting EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r -0 --2 # client TLSv1.3 not sending EarlyData -v 4 -l TLS13-AES128-GCM-SHA256 -r --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 Fragments -v 4 -l TLS13-AES128-GCM-SHA256 -F 1 --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 HelloRetryRequest to negotiate Key Exchange algorithm -v 4 -l TLS13-AES128-GCM-SHA256 -J --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 -J --2 # client TLSv1.3 HelloRetryRequest with cookie -v 4 -l TLS13-AES128-GCM-SHA256 -J --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 no client certificate -v 4 -l TLS13-AES128-GCM-SHA256 -x --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 DH key exchange -v 4 -l TLS13-AES128-GCM-SHA256 -y --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 ECC key exchange -v 4 -l TLS13-AES128-GCM-SHA256 -Y --2 # server TLSv1.3 -v 4 -l TLS13-AES128-GCM-SHA256 --2 # client TLSv1.3 ECC key exchange -v 4 -l TLS13-AES128-GCM-SHA256 -Y --2 # server TLSv1.3 multiple cipher suites -v 4 -l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 --2 # client TLSv1.3 -v 4 --2 # server TLSv1.3 KeyUpdate -v 4 -l TLS13-AES128-GCM-SHA256 -U --2 # client TLSv1.3 KeyUpdate -v 4 -l TLS13-AES128-GCM-SHA256 -I --2 # server TLSv1.3 Post-Handshake Authentication -v 4 -l TLS13-AES128-GCM-SHA256 -Q --2 # client TLSv1.3 Post-Handshake Authentication -v 4 -l TLS13-AES128-GCM-SHA256 -Q --2 diff --git a/tests/test-trustpeer.conf b/tests/test-trustpeer.conf new file mode 100644 index 000000000..c8df70416 --- /dev/null +++ b/tests/test-trustpeer.conf @@ -0,0 +1,99 @@ +# Both client and server use -E [path] for trusted peer +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Trusted Peer +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-E ./certs/intermediate/client-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Trusted Peer +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-E ./certs/intermediate/server-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Trusted Peer +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-E ./certs/intermediate/client-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Trusted Peer +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-E ./certs/intermediate/server-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Trusted Peer +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-E ./certs/intermediate/client-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Trusted Peer +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-E ./certs/intermediate/server-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Trusted Peer +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/intermediate/client-int-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Trusted Peer +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/intermediate/server-int-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Trusted Peer +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/intermediate/client-int-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Trusted Peer +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/intermediate/server-int-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem + +# Test for ECC self signed certificate as trusted peer +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Trusted Peer (self signed) +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-E ./certs/client-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/server-ecc-self.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Trusted Peer (self signed) +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-E ./certs/server-ecc-self.pem +-k ./certs/ecc-client-key.pem +-c ./certs/client-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Trusted Peer (self signed) +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/client-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/server-ecc-self.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Trusted Peer (self signed) +-v 4 +-l TLS13-AES128-GCM-SHA256 +-E ./certs/server-ecc-self.pem +-k ./certs/ecc-client-key.pem +-c ./certs/client-ecc-cert.pem diff --git a/tests/test.conf b/tests/test.conf index b3ccf704d..faad62e6e 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -1,2562 +1,2082 @@ # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-RSA-CHACHA20-POLY1305 -v 3 -l DHE-RSA-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 -v 3 -l ECDHE-RSA-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 -v 3 -s -l DHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 -v 3 -s -l ECDHE-PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 PSK-CHACHA20-POLY1305 -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # client TLSv1.2 PSK-CHACHA20-POLY1305 -v 3 -s -l PSK-CHACHA20-POLY1305 --2 # server TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # client TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l DHE-RSA-CHACHA20-POLY1305-OLD --2 # server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD -v 3 -l ECDHE-RSA-CHACHA20-POLY1305-OLD --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305-OLD -A ./certs/ca-ecc-cert.pem --2 # server SSLv3 RC4-SHA -v 0 -l RC4-SHA --2 # client SSLv3 RC4-SHA -v 0 -l RC4-SHA --2 # server SSLv3 RC4-MD5 -v 0 -l RC4-MD5 --2 # client SSLv3 RC4-MD5 -v 0 -l RC4-MD5 --2 # server SSLv3 DES-CBC3-SHA -v 0 -l DES-CBC3-SHA --2 # client SSLv3 DES-CBC3-SHA -v 0 -l DES-CBC3-SHA --2 # server SSLv3 IDEA-CBC-SHA -v 0 -l IDEA-CBC-SHA --2 # client SSLv3 IDEA-CBC-SHA -v 0 -l IDEA-CBC-SHA --2 # server TLSv1 RC4-SHA -v 1 -l RC4-SHA --2 # client TLSv1 RC4-SHA -v 1 -l RC4-SHA --2 # server TLSv1 RC4-MD5 -v 1 -l RC4-MD5 --2 # client TLSv1 RC4-MD5 -v 1 -l RC4-MD5 --2 # server TLSv1 DES-CBC3-SHA -v 1 -l DES-CBC3-SHA --2 # client TLSv1 DES-CBC3-SHA -v 1 -l DES-CBC3-SHA --2 # server TLSv1 IDEA-CBC-SHA -v 1 -l IDEA-CBC-SHA --2 # client TLSv1 IDEA-CBC-SHA -v 1 -l IDEA-CBC-SHA --2 # server TLSv1 AES128-SHA -v 1 -l AES128-SHA --2 # client TLSv1 AES128-SHA -v 1 -l AES128-SHA --2 # server TLSv1 AES256-SHA -v 1 -l AES256-SHA --2 # client TLSv1 AES256-SHA -v 1 -l AES256-SHA --2 # server TLSv1 AES128-SHA256 -v 1 -l AES128-SHA256 --2 # client TLSv1 AES128-SHA256 -v 1 -l AES128-SHA256 --2 # server TLSv1 AES256-SHA256 -v 1 -l AES256-SHA256 --2 # client TLSv1 AES256-SHA256 -v 1 -l AES256-SHA256 --2 # server TLSv1.1 RC4-SHA -v 2 -l RC4-SHA --2 # client TLSv1.1 RC4-SHA -v 2 -l RC4-SHA --2 # server TLSv1.1 RC4-MD5 -v 2 -l RC4-MD5 --2 # client TLSv1.1 RC4-MD5 -v 2 -l RC4-MD5 --2 # server TLSv1.1 IDEA-CBC-SHA -v 2 -l IDEA-CBC-SHA --2 # client TLSv1.1 IDEA-CBC-SHA -v 2 -l IDEA-CBC-SHA --2 # server TLSv1.1 DES-CBC3-SHA -v 2 -l DES-CBC3-SHA --2 # client TLSv1.1 DES-CBC3-SHA -v 2 -l DES-CBC3-SHA --2 # server TLSv1.1 AES128-SHA -v 2 -l AES128-SHA --2 # client TLSv1.1 AES128-SHA -v 2 -l AES128-SHA --2 # server TLSv1.1 AES256-SHA -v 2 -l AES256-SHA --2 # client TLSv1.1 AES256-SHA -v 2 -l AES256-SHA --2 # server TLSv1.1 AES128-SHA256 -v 2 -l AES128-SHA256 --2 # client TLSv1.1 AES128-SHA256 -v 2 -l AES128-SHA256 --2 # server TLSv1.1 AES256-SHA256 -v 2 -l AES256-SHA256 --2 # client TLSv1.1 AES256-SHA256 -v 2 -l AES256-SHA256 --2 # server TLSv1.2 RC4-SHA -v 3 -l RC4-SHA --2 # client TLSv1.2 RC4-SHA -v 3 -l RC4-SHA --2 # server TLSv1.2 RC4-MD5 -v 3 -l RC4-MD5 --2 # client TLSv1.2 RC4-MD5 -v 3 -l RC4-MD5 --2 # server TLSv1.2 DES-CBC3-SHA -v 3 -l DES-CBC3-SHA --2 # client TLSv1.2 DES-CBC3-SHA -v 3 -l DES-CBC3-SHA --2 # server TLSv1.2 AES128-SHA -v 3 -l AES128-SHA --2 # client TLSv1.2 AES128-SHA -v 3 -l AES128-SHA --2 # server TLSv1.2 AES256-SHA -v 3 -l AES256-SHA --2 # client TLSv1.2 AES256-SHA -v 3 -l AES256-SHA --2 # server TLSv1.2 AES128-SHA256 -v 3 -l AES128-SHA256 --2 # client TLSv1.2 AES128-SHA256 -v 3 -l AES128-SHA256 --2 # server TLSv1.2 AES256-SHA256 -v 3 -l AES256-SHA256 --2 # client TLSv1.2 AES256-SHA256 -v 3 -l AES256-SHA256 --2 # server TLSv1 ECDHE-RSA-RC4 -v 1 -l ECDHE-RSA-RC4-SHA --2 # client TLSv1 ECDHE-RSA-RC4 -v 1 -l ECDHE-RSA-RC4-SHA --2 # server TLSv1 ECDHE-RSA-DES3 -v 1 -l ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1 ECDHE-RSA-DES3 -v 1 -l ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1 ECDHE-RSA-AES128 -v 1 -l ECDHE-RSA-AES128-SHA --2 # client TLSv1 ECDHE-RSA-AES128 -v 1 -l ECDHE-RSA-AES128-SHA --2 # server TLSv1 ECDHE-RSA-AES256 -v 1 -l ECDHE-RSA-AES256-SHA --2 # client TLSv1 ECDHE-RSA-AES256 -v 1 -l ECDHE-RSA-AES256-SHA --2 # server TLSv1.1 ECDHE-RSA-RC4 -v 2 -l ECDHE-RSA-RC4-SHA --2 # client TLSv1.1 ECDHE-RSA-RC4 -v 2 -l ECDHE-RSA-RC4-SHA --2 # server TLSv1.1 ECDHE-RSA-DES3 -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1.1 ECDHE-RSA-DES3 -v 2 -l ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1.1 ECDHE-RSA-AES128 -v 2 -l ECDHE-RSA-AES128-SHA --2 # client TLSv1.1 ECDHE-RSA-AES128 -v 2 -l ECDHE-RSA-AES128-SHA --2 # server TLSv1.1 ECDHE-RSA-AES256 -v 2 -l ECDHE-RSA-AES256-SHA --2 # client TLSv1.1 ECDHE-RSA-AES256 -v 2 -l ECDHE-RSA-AES256-SHA --2 # server TLSv1.2 ECDHE-RSA-RC4 -v 3 -l ECDHE-RSA-RC4-SHA --2 # client TLSv1.2 ECDHE-RSA-RC4 -v 3 -l ECDHE-RSA-RC4-SHA --2 # server TLSv1.2 ECDHE-RSA-DES3 -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # client TLSv1.2 ECDHE-RSA-DES3 -v 3 -l ECDHE-RSA-DES-CBC3-SHA --2 # server TLSv1.2 ECDHE-RSA-AES128 -v 3 -l ECDHE-RSA-AES128-SHA --2 # client TLSv1.2 ECDHE-RSA-AES128 -v 3 -l ECDHE-RSA-AES128-SHA --2 # server TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # client TLSv1.2 ECDHE-RSA-AES128-SHA256 -v 3 -l ECDHE-RSA-AES128-SHA256 --2 # server TLSv1.2 ECDHE-RSA-AES256 -v 3 -l ECDHE-RSA-AES256-SHA --2 # client TLSv1.2 ECDHE-RSA-AES256 -v 3 -l ECDHE-RSA-AES256-SHA --2 # server TLSv1 ECDHE-ECDSA-NULL-SHA -v 1 -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -v 1 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-NULL-SHA -v 2 -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-NULL-SHA -v 2 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-NULL-SHA -v 3 -l ECDHE-ECDSA-NULL-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-NULL-SHA -v 3 -l ECDHE-ECDSA-NULL-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-RC4 -v 1 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-RC4 -v 1 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-DES3 -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-DES3 -v 1 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES128 -v 1 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDHE-ECDSA-AES256 -v 1 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDHE-ECDSA-AES256 -v 1 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-EDCSA-RC4 -v 2 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-RC4 -v 2 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-DES3 -v 2 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES128 -v 2 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDHE-ECDSA-AES256 -v 2 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l ECDHE-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l ECDHE-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-DES3 -v 3 -l ECDHE-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128 -v 3 -l ECDHE-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 -v 3 -l ECDHE-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l ECDHE-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256 -v 3 -l ECDHE-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-RSA-RC4 -v 1 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-RC4 -v 1 -l ECDH-RSA-RC4-SHA --2 # server TLSv1 ECDH-RSA-DES3 -v 1 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-DES3 -v 1 -l ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1 ECDH-RSA-AES128 -v 1 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-AES128 -v 1 -l ECDH-RSA-AES128-SHA --2 # server TLSv1 ECDH-RSA-AES256 -v 1 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-RSA-AES256 -v 1 -l ECDH-RSA-AES256-SHA --2 # server TLSv1.1 ECDH-RSA-RC4 -v 2 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-RC4 -v 2 -l ECDH-RSA-RC4-SHA --2 # server TLSv1.1 ECDH-RSA-DES3 -v 2 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-DES3 -v 2 -l ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1.1 ECDH-RSA-AES128 -v 2 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-AES128 -v 2 -l ECDH-RSA-AES128-SHA --2 # server TLSv1.1 ECDH-RSA-AES256 -v 2 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-RSA-AES256 -v 2 -l ECDH-RSA-AES256-SHA --2 # server TLSv1.2 ECDH-RSA-RC4 -v 3 -l ECDH-RSA-RC4-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-RC4 -v 3 -l ECDH-RSA-RC4-SHA --2 # server TLSv1.2 ECDH-RSA-DES3 -v 3 -l ECDH-RSA-DES-CBC3-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-DES3 -v 3 -l ECDH-RSA-DES-CBC3-SHA --2 # server TLSv1.2 ECDH-RSA-AES128 -v 3 -l ECDH-RSA-AES128-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128 -v 3 -l ECDH-RSA-AES128-SHA --2 # server TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l ECDH-RSA-AES128-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128-SHA256 -v 3 -l ECDH-RSA-AES128-SHA256 --2 # server TLSv1.2 ECDH-RSA-AES256 -v 3 -l ECDH-RSA-AES256-SHA -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256 -v 3 -l ECDH-RSA-AES256-SHA --2 # server TLSv1 ECDH-ECDSA-RC4 -v 1 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-RC4 -v 1 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-DES3 -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-DES3 -v 1 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-AES128 -v 1 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-AES128 -v 1 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 ECDH-ECDSA-AES256 -v 1 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1 ECDH-ECDSA-AES256 -v 1 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-EDCSA-RC4 -v 2 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-RC4 -v 2 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-DES3 -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-DES3 -v 2 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-AES128 -v 2 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.1 ECDH-ECDSA-AES256 -v 2 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.1 ECDH-ECDSA-AES256 -v 2 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-RC4 -v 3 -l ECDH-ECDSA-RC4-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-RC4 -v 3 -l ECDH-ECDSA-RC4-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-DES3 -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-DES3 -v 3 -l ECDH-ECDSA-DES-CBC3-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l ECDH-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128 -v 3 -l ECDH-ECDSA-AES128-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128-SHA256 -v 3 -l ECDH-ECDSA-AES128-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l ECDH-ECDSA-AES256-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256 -v 3 -l ECDH-ECDSA-AES256-SHA -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-SHA384 -v 3 -l ECDHE-RSA-AES256-SHA384 --2 # server TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l ECDHE-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-SHA384 -v 3 -l ECDHE-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l ECDH-RSA-AES256-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256-SHA384 -v 3 -l ECDH-RSA-AES256-SHA384 --2 # server TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l ECDH-ECDSA-AES256-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256-SHA384 -v 3 -l ECDH-ECDSA-AES256-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1 HC128-SHA -v 1 -l HC128-SHA --2 # client TLSv1 HC128-SHA -v 1 -l HC128-SHA --2 # server TLSv1 HC128-MD5 -v 1 -l HC128-MD5 --2 # client TLSv1 HC128-MD5 -v 1 -l HC128-MD5 --2 # server TLSv1 HC128-B2B256 -v 1 -l HC128-B2B256 --2 # client TLSv1 HC128-B2B256 -v 1 -l HC128-B2B256 --2 # server TLSv1 AES128-B2B256 -v 1 -l AES128-B2B256 --2 # client TLSv1 AES128-B2B256 -v 1 -l AES128-B2B256 --2 # server TLSv1 AES256-B2B256 -v 1 -l AES256-B2B256 --2 # client TLSv1 AES256-B2B256 -v 1 -l AES256-B2B256 --2 # server TLSv1.1 HC128-SHA -v 2 -l HC128-SHA --2 # client TLSv1.1 HC128-SHA -v 2 -l HC128-SHA --2 # server TLSv1.1 HC128-MD5 -v 2 -l HC128-MD5 --2 # client TLSv1.1 HC128-MD5 -v 2 -l HC128-MD5 --2 # server TLSv1.1 HC128-B2B256 -v 2 -l HC128-B2B256 --2 # client TLSv1.1 HC128-B2B256 -v 2 -l HC128-B2B256 --2 # server TLSv1.1 AES128-B2B256 -v 2 -l AES128-B2B256 --2 # client TLSv1.1 AES128-B2B256 -v 2 -l AES128-B2B256 --2 # server TLSv1.1 AES256-B2B256 -v 2 -l AES256-B2B256 --2 # client TLSv1.1 AES256-B2B256 -v 2 -l AES256-B2B256 --2 # server TLSv1.2 HC128-SHA -v 3 -l HC128-SHA --2 # client TLSv1.2 HC128-SHA -v 3 -l HC128-SHA --2 # server TLSv1.2 HC128-MD5 -v 3 -l HC128-MD5 --2 # client TLSv1.2 HC128-MD5 -v 3 -l HC128-MD5 --2 # server TLSv1.2 HC128-B2B256 -v 3 -l HC128-B2B256 --2 # client TLSv1.2 HC128-B2B256 -v 3 -l HC128-B2B256 --2 # server TLSv1.2 AES128-B2B256 -v 3 -l AES128-B2B256 --2 # client TLSv1.2 AES128-B2B256 -v 3 -l AES128-B2B256 --2 # server TLSv1.2 AES256-B2B256 -v 3 -l AES256-B2B256 --2 # client TLSv1.2 AES256-B2B256 -v 3 -l AES256-B2B256 --2 # server TLSv1 RABBIT-SHA -v 1 -l RABBIT-SHA --2 # client TLSv1 RABBIT-SHA -v 1 -l RABBIT-SHA --2 # server TLSv1.1 RABBIT-SHA -v 2 -l RABBIT-SHA --2 # client TLSv1.1 RABBIT-SHA -v 2 -l RABBIT-SHA --2 # server TLSv1.2 RABBIT-SHA -v 3 -l RABBIT-SHA --2 # client TLSv1.2 RABBIT-SHA -v 3 -l RABBIT-SHA --2 # server TLSv1 DHE AES128 -v 1 -l DHE-RSA-AES128-SHA --2 # client TLSv1 DHE AES128 -v 1 -l DHE-RSA-AES128-SHA --2 # server TLSv1 DHE AES256 -v 1 -l DHE-RSA-AES256-SHA --2 # client TLSv1 DHE AES256 -v 1 -l DHE-RSA-AES256-SHA --2 # server TLSv1 DHE AES128-SHA256 -v 1 -l DHE-RSA-AES128-SHA256 --2 # client TLSv1 DHE AES128-SHA256 -v 1 -l DHE-RSA-AES128-SHA256 --2 # server TLSv1 DHE AES256-SHA256 -v 1 -l DHE-RSA-AES256-SHA256 --2 # client TLSv1 DHE AES256-SHA256 -v 1 -l DHE-RSA-AES256-SHA256 --2 # server TLSv1.1 DHE AES128 -v 2 -l DHE-RSA-AES128-SHA --2 # client TLSv1.1 DHE AES128 -v 2 -l DHE-RSA-AES128-SHA --2 # server TLSv1.1 DHE AES256 -v 2 -l DHE-RSA-AES256-SHA --2 # client TLSv1.1 DHE AES256 -v 2 -l DHE-RSA-AES256-SHA --2 # server TLSv1.1 DHE AES128-SHA256 -v 2 -l DHE-RSA-AES128-SHA256 --2 # client TLSv1.1 DHE AES128-SHA256 -v 2 -l DHE-RSA-AES128-SHA256 --2 # server TLSv1.1 DHE AES256-SHA256 -v 2 -l DHE-RSA-AES256-SHA256 --2 # client TLSv1.1 DHE AES256-SHA256 -v 2 -l DHE-RSA-AES256-SHA256 --2 # server TLSv1.1 DHE 3DES -v 2 -l EDH-RSA-DES-CBC3-SHA --2 # client TLSv1.1 DHE 3DES -v 2 -l EDH-RSA-DES-CBC3-SHA --2 # server TLSv1.2 DHE 3DES -v 3 -l EDH-RSA-DES-CBC3-SHA --2 # client TLSv1.2 DHE 3DES -v 3 -l EDH-RSA-DES-CBC3-SHA --2 - -# server TLSv1.2 DHE AES128 (DHE prime test) --v 3 --l DHE-RSA-AES128-SHA - -# client TLSv1.2 DHE AES128 (DHE prime test) --v 3 --l DHE-RSA-AES128-SHA # server TLSv1.2 DHE AES128 -v 3 -l DHE-RSA-AES128-SHA --2 # client TLSv1.2 DHE AES128 -v 3 -l DHE-RSA-AES128-SHA --2 # server TLSv1.2 DHE AES256 -v 3 -l DHE-RSA-AES256-SHA --2 # client TLSv1.2 DHE AES256 -v 3 -l DHE-RSA-AES256-SHA --2 # server TLSv1.2 DHE AES128-SHA256 -v 3 -l DHE-RSA-AES128-SHA256 --2 # client TLSv1.2 DHE AES128-SHA256 -v 3 -l DHE-RSA-AES128-SHA256 --2 - -# server TLSv1.2 DHE AES256-SHA256 (DHE prime test) --v 3 --l DHE-RSA-AES256-SHA256 - -# client TLSv1.2 DHE AES256-SHA256 (DHE prime test) --v 3 --l DHE-RSA-AES256-SHA256 # server TLSv1.2 DHE AES256-SHA256 -v 3 -l DHE-RSA-AES256-SHA256 --2 # client TLSv1.2 DHE AES256-SHA256 -v 3 -l DHE-RSA-AES256-SHA256 --2 # server TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1 ECDHE-PSK-NULL-SHA256 -s -v 1 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.1 ECDHE-PSK-NULL-SHA256 -s -v 2 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # client TLSv1.2 ECDHE-PSK-NULL-SHA256 -s -v 3 -l ECDHE-PSK-NULL-SHA256 --2 # server TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1 ECDHE-PSK-AES128-SHA256 -s -v 1 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.1 ECDHE-PSK-AES128-SHA256 -s -v 2 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # client TLSv1.2 ECDHE-PSK-AES128-SHA256 -s -v 3 -l ECDHE-PSK-AES128-SHA256 --2 # server TLSv1 PSK-AES128 -s -v 1 -l PSK-AES128-CBC-SHA --2 # client TLSv1 PSK-AES128 -s -v 1 -l PSK-AES128-CBC-SHA --2 # server TLSv1 PSK-AES256 -s -v 1 -l PSK-AES256-CBC-SHA --2 # client TLSv1 PSK-AES256 -s -v 1 -l PSK-AES256-CBC-SHA --2 # server TLSv1.1 PSK-AES128 -s -v 2 -l PSK-AES128-CBC-SHA --2 # client TLSv1.1 PSK-AES128 -s -v 2 -l PSK-AES128-CBC-SHA --2 # server TLSv1.1 PSK-AES256 -s -v 2 -l PSK-AES256-CBC-SHA --2 # client TLSv1.1 PSK-AES256 -s -v 2 -l PSK-AES256-CBC-SHA --2 # server TLSv1.2 PSK-AES128 -s -v 3 -l PSK-AES128-CBC-SHA --2 # client TLSv1.2 PSK-AES128 -s -v 3 -l PSK-AES128-CBC-SHA --2 # server TLSv1.2 PSK-AES256 -s -v 3 -l PSK-AES256-CBC-SHA --2 # client TLSv1.2 PSK-AES256 -s -v 3 -l PSK-AES256-CBC-SHA --2 # server TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l PSK-AES128-CBC-SHA256 --2 # client TLSv1.0 PSK-AES128-SHA256 -s -v 1 -l PSK-AES128-CBC-SHA256 --2 # server TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l PSK-AES128-CBC-SHA256 --2 # client TLSv1.1 PSK-AES128-SHA256 -s -v 2 -l PSK-AES128-CBC-SHA256 --2 # server TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l PSK-AES128-CBC-SHA256 --2 # client TLSv1.2 PSK-AES128-SHA256 -s -v 3 -l PSK-AES128-CBC-SHA256 --2 # server TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l PSK-AES256-CBC-SHA384 --2 # client TLSv1.0 PSK-AES256-SHA384 -s -v 1 -l PSK-AES256-CBC-SHA384 --2 # server TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l PSK-AES256-CBC-SHA384 --2 # client TLSv1.1 PSK-AES256-SHA384 -s -v 2 -l PSK-AES256-CBC-SHA384 --2 # server TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l PSK-AES256-CBC-SHA384 --2 # client TLSv1.2 PSK-AES256-SHA384 -s -v 3 -l PSK-AES256-CBC-SHA384 --2 # server TLSv1.0 PSK-NULL -s -v 1 -l PSK-NULL-SHA --2 # client TLSv1.0 PSK-NULL -s -v 1 -l PSK-NULL-SHA --2 # server TLSv1.1 PSK-NULL -s -v 2 -l PSK-NULL-SHA --2 # client TLSv1.1 PSK-NULL -s -v 2 -l PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL -s -v 3 -l PSK-NULL-SHA --2 # client TLSv1.2 PSK-NULL -s -v 3 -l PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l PSK-NULL-SHA256 --2 # client TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l PSK-NULL-SHA256 --2 # server TLSv1.2 PSK-NULL-SHA384 -s -v 3 -l PSK-NULL-SHA384 --2 # client TLSv1.2 PSK-NULL-SHA384 -s -v 3 -l PSK-NULL-SHA384 --2 # server TLSv1.2 PSK-NULL -s -v 3 -l PSK-NULL-SHA --2 # client TLSv1.2 PSK-NULL -s -v 3 -l PSK-NULL-SHA --2 # server TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l PSK-NULL-SHA256 --2 # client TLSv1.2 PSK-NULL-SHA256 -s -v 3 -l PSK-NULL-SHA256 --2 # server TLSv1.0 RSA-NULL-SHA -v 1 -l NULL-SHA --2 # client TLSv1.0 RSA-NULL-SHA -v 1 -l NULL-SHA --2 # server TLSv1.1 RSA-NULL-SHA -v 2 -l NULL-SHA --2 # client TLSv1.1 RSA-NULL-SHA -v 2 -l NULL-SHA --2 # server TLSv1.2 RSA-NULL-SHA -v 3 -l NULL-SHA --2 # client TLSv1.2 RSA-NULL-SHA -v 3 -l NULL-SHA --2 # server TLSv1.0 RSA-NULL-SHA256 -v 1 -l NULL-SHA256 --2 # client TLSv1.0 RSA-NULL-SHA256 -v 1 -l NULL-SHA256 --2 # server TLSv1.1 RSA-NULL-SHA256 -v 2 -l NULL-SHA256 --2 # client TLSv1.1 RSA-NULL-SHA256 -v 2 -l NULL-SHA256 --2 # server TLSv1.2 RSA-NULL-SHA256 -v 3 -l NULL-SHA256 --2 # client TLSv1.2 RSA-NULL-SHA256 -v 3 -l NULL-SHA256 --2 # server TLSv1 CAMELLIA128-SHA -v 1 -l CAMELLIA128-SHA --2 # client TLSv1 CAMELLIA128-SHA -v 1 -l CAMELLIA128-SHA --2 # server TLSv1 CAMELLIA256-SHA -v 1 -l CAMELLIA256-SHA --2 # client TLSv1 CAMELLIA256-SHA -v 1 -l CAMELLIA256-SHA --2 # server TLSv1 CAMELLIA128-SHA256 -v 1 -l CAMELLIA128-SHA256 --2 # client TLSv1 CAMELLIA128-SHA256 -v 1 -l CAMELLIA128-SHA256 --2 # server TLSv1 CAMELLIA256-SHA256 -v 1 -l CAMELLIA256-SHA256 --2 # client TLSv1 CAMELLIA256-SHA256 -v 1 -l CAMELLIA256-SHA256 --2 # server TLSv1.1 CAMELLIA128-SHA -v 2 -l CAMELLIA128-SHA --2 # client TLSv1.1 CAMELLIA128-SHA -v 2 -l CAMELLIA128-SHA --2 # server TLSv1.1 CAMELLIA256-SHA -v 2 -l CAMELLIA256-SHA --2 # client TLSv1.1 CAMELLIA256-SHA -v 2 -l CAMELLIA256-SHA --2 # server TLSv1.1 CAMELLIA128-SHA256 -v 2 -l CAMELLIA128-SHA256 --2 # client TLSv1.1 CAMELLIA128-SHA256 -v 2 -l CAMELLIA128-SHA256 --2 # server TLSv1.1 CAMELLIA256-SHA256 -v 2 -l CAMELLIA256-SHA256 --2 # client TLSv1.1 CAMELLIA256-SHA256 -v 2 -l CAMELLIA256-SHA256 --2 # server TLSv1.2 CAMELLIA128-SHA -v 3 -l CAMELLIA128-SHA --2 # client TLSv1.2 CAMELLIA128-SHA -v 3 -l CAMELLIA128-SHA --2 # server TLSv1.2 CAMELLIA256-SHA -v 3 -l CAMELLIA256-SHA --2 # client TLSv1.2 CAMELLIA256-SHA -v 3 -l CAMELLIA256-SHA --2 # server TLSv1.2 CAMELLIA128-SHA256 -v 3 -l CAMELLIA128-SHA256 --2 # client TLSv1.2 CAMELLIA128-SHA256 -v 3 -l CAMELLIA128-SHA256 --2 # server TLSv1.2 CAMELLIA256-SHA256 -v 3 -l CAMELLIA256-SHA256 --2 # client TLSv1.2 CAMELLIA256-SHA256 -v 3 -l CAMELLIA256-SHA256 --2 # server TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 -l DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1 DHE-RSA-CAMELLIA128-SHA -v 1 -l DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 -l DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1 DHE-RSA-CAMELLIA256-SHA -v 1 -l DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 -l DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1 DHE-RSA-CAMELLIA128-SHA256 -v 1 -l DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 -l DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1 DHE-RSA-CAMELLIA256-SHA256 -v 1 -l DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 -l DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1.1 DHE-RSA-CAMELLIA128-SHA -v 2 -l DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 -l DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1.1 DHE-RSA-CAMELLIA256-SHA -v 2 -l DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 -l DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256 -v 2 -l DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 -l DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256 -v 2 -l DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 -l DHE-RSA-CAMELLIA128-SHA --2 # client TLSv1.2 DHE-RSA-CAMELLIA128-SHA -v 3 -l DHE-RSA-CAMELLIA128-SHA --2 # server TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 -l DHE-RSA-CAMELLIA256-SHA --2 # client TLSv1.2 DHE-RSA-CAMELLIA256-SHA -v 3 -l DHE-RSA-CAMELLIA256-SHA --2 # server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 -l DHE-RSA-CAMELLIA128-SHA256 --2 # client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 -v 3 -l DHE-RSA-CAMELLIA128-SHA256 --2 # server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 -l DHE-RSA-CAMELLIA256-SHA256 --2 # client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 -v 3 -l DHE-RSA-CAMELLIA256-SHA256 --2 # server TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l AES128-GCM-SHA256 --2 # client TLSv1.2 RSA-AES128-GCM-SHA256 -v 3 -l AES128-GCM-SHA256 --2 # server TLSv1.2 RSA-AES256-GCM-SHA384 -v 3 -l AES256-GCM-SHA384 --2 # client TLSv1.2 RSA-AES256-GCM-SHA384 -v 3 -l AES256-GCM-SHA384 --2 # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDHE-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDH-ECDSA-AES256-GCM-SHA384 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 -v 3 -l ECDH-ECDSA-AES256-GCM-SHA384 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l ECDH-RSA-AES128-GCM-SHA256 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 -v 3 -l ECDH-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -v 3 -l ECDH-RSA-AES256-GCM-SHA384 -c ./certs/server-ecc-rsa.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 -v 3 -l ECDH-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l DHE-RSA-AES128-GCM-SHA256 --2 # client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 -v 3 -l DHE-RSA-AES128-GCM-SHA256 --2 # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 --2 # server TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # client TLSv1.2 PSK-AES128-GCM-SHA256 -s -v 3 -l PSK-AES128-GCM-SHA256 --2 # server TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # client TLSv1.2 PSK-AES256-GCM-SHA384 -s -v 3 -l PSK-AES256-GCM-SHA384 --2 # server TLSv1.2 AES128-CCM-8 -v 3 -l AES128-CCM-8 --2 # client TLSv1.2 AES128-CCM-8 -v 3 -l AES128-CCM-8 --2 # server TLSv1.2 AES256-CCM-8 -v 3 -l AES256-CCM-8 --2 # client TLSv1.2 AES256-CCM-8 -v 3 -l AES256-CCM-8 --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l ECDHE-ECDSA-AES128-CCM -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM -v 3 -l ECDHE-ECDSA-AES128-CCM -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 -v 3 -l ECDHE-ECDSA-AES128-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -v 3 -l ECDHE-ECDSA-AES256-CCM-8 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 -v 3 -l ECDHE-ECDSA-AES256-CCM-8 -A ./certs/ca-ecc-cert.pem --2 # server TLSv1.2 PSK-AES128-CCM -s -v 3 -l PSK-AES128-CCM --2 # client TLSv1.2 PSK-AES128-CCM -s -v 3 -l PSK-AES128-CCM --2 # server TLSv1.2 PSK-AES256-CCM -s -v 3 -l PSK-AES256-CCM --2 # client TLSv1.2 PSK-AES256-CCM -s -v 3 -l PSK-AES256-CCM --2 # server TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l PSK-AES128-CCM-8 --2 # client TLSv1.2 PSK-AES128-CCM-8 -s -v 3 -l PSK-AES128-CCM-8 --2 # server TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l PSK-AES256-CCM-8 --2 # client TLSv1.2 PSK-AES256-CCM-8 -s -v 3 -l PSK-AES256-CCM-8 --2 # server TLSv1.0 DHE-PSK-AES128-CBC-SHA256 -s -v 1 -l DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.0 DHE-PSK-AES128-CBC-SHA256 -s -v 1 -l DHE-PSK-AES128-CBC-SHA256 --2 # server TLSv1.1 DHE-PSK-AES128-CBC-SHA256 -s -v 2 -l DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.1 DHE-PSK-AES128-CBC-SHA256 -s -v 2 -l DHE-PSK-AES128-CBC-SHA256 --2 - -# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) --s --v 3 --l DHE-PSK-AES128-CBC-SHA256 - -# client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) --s --v 3 --l DHE-PSK-AES128-CBC-SHA256 # server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 -s -v 3 -l DHE-PSK-AES128-CBC-SHA256 --2 # client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 -s -v 3 -l DHE-PSK-AES128-CBC-SHA256 --2 # server TLSv1.0 DHE-PSK-AES256-CBC-SHA384 -s -v 1 -l DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.0 DHE-PSK-AES256-CBC-SHA384 -s -v 1 -l DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.1 DHE-PSK-AES256-CBC-SHA384 -s -v 2 -l DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.1 DHE-PSK-AES256-CBC-SHA384 -s -v 2 -l DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.2 DHE-PSK-AES256-CBC-SHA384 -s -v 3 -l DHE-PSK-AES256-CBC-SHA384 --2 # client TLSv1.2 DHE-PSK-AES256-CBC-SHA384 -s -v 3 -l DHE-PSK-AES256-CBC-SHA384 --2 # server TLSv1.0 DHE-PSK-NULL-SHA256 -s -v 1 -l DHE-PSK-NULL-SHA256 --2 # client TLSv1.0 DHE-PSK-NULL-SHA256 -s -v 1 -l DHE-PSK-NULL-SHA256 --2 # server TLSv1.1 DHE-PSK-NULL-SHA256 -s -v 2 -l DHE-PSK-NULL-SHA256 --2 # client TLSv1.1 DHE-PSK-NULL-SHA256 -s -v 2 -l DHE-PSK-NULL-SHA256 --2 # server TLSv1.2 DHE-PSK-NULL-SHA256 -s -v 3 -l DHE-PSK-NULL-SHA256 --2 # client TLSv1.2 DHE-PSK-NULL-SHA256 -s -v 3 -l DHE-PSK-NULL-SHA256 --2 # server TLSv1.0 DHE-PSK-NULL-SHA384 -s -v 1 -l DHE-PSK-NULL-SHA384 --2 # client TLSv1.0 DHE-PSK-NULL-SHA384 -s -v 1 -l DHE-PSK-NULL-SHA384 --2 # server TLSv1.1 DHE-PSK-NULL-SHA384 -s -v 2 -l DHE-PSK-NULL-SHA384 --2 # client TLSv1.1 DHE-PSK-NULL-SHA384 -s -v 2 -l DHE-PSK-NULL-SHA384 --2 # server TLSv1.2 DHE-PSK-NULL-SHA384 -s -v 3 -l DHE-PSK-NULL-SHA384 --2 # client TLSv1.2 DHE-PSK-NULL-SHA384 -s -v 3 -l DHE-PSK-NULL-SHA384 --2 # server TLSv1.2 DHE-PSK-AES128-GCM-SHA256 -s -v 3 -l DHE-PSK-AES128-GCM-SHA256 --2 # client TLSv1.2 DHE-PSK-AES128-GCM-SHA256 -s -v 3 -l DHE-PSK-AES128-GCM-SHA256 --2 # server TLSv1.2 DHE-PSK-AES256-GCM-SHA384 -s -v 3 -l DHE-PSK-AES256-GCM-SHA384 --2 # client TLSv1.2 DHE-PSK-AES256-GCM-SHA384 -s -v 3 -l DHE-PSK-AES256-GCM-SHA384 --2 # server TLSv1.2 DHE-PSK-AES128-CCM -s -v 3 -l DHE-PSK-AES128-CCM --2 # client TLSv1.2 DHE-PSK-AES128-CCM -s -v 3 -l DHE-PSK-AES128-CCM --2 # server TLSv1.2 DHE-PSK-AES256-CCM -s -v 3 -l DHE-PSK-AES256-CCM --2 # client TLSv1.2 DHE-PSK-AES256-CCM -s -v 3 -l DHE-PSK-AES256-CCM --2 # server TLSv1.2 ADH-AES128-SHA -a -v 3 -l ADH-AES128-SHA --2 # client TLSv1.2 ADH-AES128-SHA -a -v 3 -l ADH-AES128-SHA --2 # server TLSv1.1 ADH-AES128-SHA -a -v 2 -l ADH-AES128-SHA --2 # client TLSv1.1 ADH-AES128-SHA -a -v 2 -l ADH-AES128-SHA --2 # server TLSv1.0 ADH-AES128-SHA -a -v 1 -l ADH-AES128-SHA --2 # client TLSv1.0 ADH-AES128-SHA -a -v 1 -l ADH-AES128-SHA --2 # server TLSv1.2 ADH-AES256-GCM-SHA384 -a -v 3 -l ADH-AES256-GCM-SHA384 --2 # client TLSv1.2 ADH-AES256-GCM-SHA384 -a -v 3 -l ADH-AES256-GCM-SHA384 --2 # server TLSv1.1 ADH-AES256-GCM-SHA384 -a -v 2 -l ADH-AES256-GCM-SHA384 --2 # client TLSv1.1 ADH-AES256-GCM-SHA384 -a -v 2 -l ADH-AES256-GCM-SHA384 --2 # server TLSv1.0 ADH-AES256-GCM-SHA384 -a -v 1 -l ADH-AES256-GCM-SHA384 --2 # client TLSv1.0 ADH-AES256-GCM-SHA384 -a -v 1 -l ADH-AES256-GCM-SHA384 --2 # server TLSv1 NTRU_RC4 -v 1 @@ -2564,12 +2084,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_RC4 -v 1 -l NTRU-RC4-SHA --2 # server TLSv1 NTRU_DES3 -v 1 @@ -2577,12 +2095,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_DES3 -v 1 -l NTRU-DES-CBC3-SHA --2 # server TLSv1 NTRU_AES128 -v 1 @@ -2590,12 +2106,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_AES128 -v 1 -l NTRU-AES128-SHA --2 # server TLSv1 NTRU_AES256 -v 1 @@ -2603,12 +2117,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1 NTRU_AES256 -v 1 -l NTRU-AES256-SHA --2 # server TLSv1.1 NTRU_RC4 -v 2 @@ -2616,12 +2128,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_RC4 -v 2 -l NTRU-RC4-SHA --2 # server TLSv1.1 NTRU_DES3 -v 2 @@ -2629,12 +2139,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_DES3 -v 2 -l NTRU-DES-CBC3-SHA --2 # server TLSv1.1 NTRU_AES128 -v 2 @@ -2642,12 +2150,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_AES128 -v 2 -l NTRU-AES128-SHA --2 # server TLSv1.1 NTRU_AES256 -v 2 @@ -2655,12 +2161,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.1 NTRU_AES256 -v 2 -l NTRU-AES256-SHA --2 # server TLSv1.2 NTRU_RC4 -v 3 @@ -2668,12 +2172,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_RC4 -v 3 -l NTRU-RC4-SHA --2 # server TLSv1.2 NTRU_DES3 -v 3 @@ -2681,12 +2183,10 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_DES3 -v 3 -l NTRU-DES-CBC3-SHA --2 # server TLSv1.2 NTRU_AES128 -v 3 @@ -2694,113 +2194,95 @@ -n -c ./certs/ntru-cert.pem -k ./certs/ntru-key.raw --2 # client TLSv1.2 NTRU_AES128 -v 3 -l NTRU-AES128-SHA --2 # error going into callback, return ok # server TLSv1.2 verify callback override -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-rsa-badsig.pem --2 # client TLSv1.2 verify callback override -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -j --2 # server TLSv1.2 verify callback override -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-ecc-badsig.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 verify callback override -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem -j --2 # no error going into callback, return ok # server TLSv1.2 verify callback override -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/server-cert.pem --2 # client TLSv1.2 verify callback override -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -j --2 # server TLSv1.2 verify callback override -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 verify callback override -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -A ./certs/ca-ecc-cert.pem -j --2 # server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem --2 # client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 -v 3 -l ECDHE-ECDSA-CHACHA20-POLY1305 -A ./certs/ca-ecc-cert.pem -t --2 # server TLSv1.2 private-only key -v 3 -c ./certs/ecc-privOnlyCert.pem -k ./certs/ecc-privOnlyKey.pem --2 # client TLSv1.2 private-only key on server -v 3 -d --2 # server TLSv1.2 with fragment -v 3 --2 # client TLSv1.2 with fragment -v 3 -F 1 --2 # server TLSv1.2 RSA 3072-bit DH 3072-bit -v 3 -D certs/dh3072.pem -A certs/client-cert-3072.pem --2 # client TLSv1.2 RSA 3072-bit DH 3072-bit -v 3 -D certs/dh3072.pem -c certs/client-cert-3072.pem -k certs/client-key-3072.pem --2 # server good certificate common name -v 3 @@ -2808,7 +2290,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-goodcn.pem -d --2 # client good certificate common name -v 3 @@ -2817,7 +2298,6 @@ -A ./certs/test/server-goodcn.pem -m -C --2 # server good certificate alt name -v 3 @@ -2825,7 +2305,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-goodalt.pem -d --2 # client good certificate alt name -v 3 @@ -2834,7 +2313,6 @@ -A ./certs/test/server-goodalt.pem -m -C --2 # server good certificate common name wild -v 3 @@ -2842,7 +2320,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-goodcnwild.pem -d --2 # client good certificate common name wild -v 3 @@ -2851,7 +2328,6 @@ -A ./certs/test/server-goodcnwild.pem -m -C --2 # server good certificate alt name wild -v 3 @@ -2859,7 +2335,6 @@ -k ./certs/server-key.pem -c ./certs/test/server-goodaltwild.pem -d --2 # client good certificate alt name wild -v 3 @@ -2868,13 +2343,11 @@ -A ./certs/test/server-goodaltwild.pem -m -C --2 # server CN in alternate names list -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-localhost.pem --2 # client CN in alternate names list -v 3 @@ -2882,18 +2355,15 @@ -h localhost -A ./certs/test/server-localhost.pem -m --2 # server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 --2 # client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 with user curve (384 or 256) -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -H useSupCurve --2 # server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 with P-384 Certs and CA -v 3 @@ -2901,7 +2371,6 @@ -c ./certs/server-ecc384-cert.pem -k ./certs/server-ecc384-key.pem -A ./certs/ca-ecc384-cert.pem --2 # client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 with P-384 Certs and CA -v 3 @@ -2909,4 +2378,3 @@ -c ./certs/client-ecc384-cert.pem -k ./certs/client-ecc384-key.pem -A ./certs/ca-ecc384-cert.pem --2 diff --git a/tests/unit.c b/tests/unit.c index 7ac13bc53..f237d17b8 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -82,7 +82,7 @@ int unit_test(int argc, char** argv) #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) #ifndef SINGLE_THREADED - if ( (ret = SuiteTest()) != 0){ + if ( (ret = SuiteTest(argc, argv)) != 0){ printf("suite test failed with %d\n", ret); goto exit; } diff --git a/tests/unit.h b/tests/unit.h index d62e0ee16..b2ec7d1a1 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -91,7 +91,7 @@ void ApiTest(void); -int SuiteTest(void); +int SuiteTest(int argc, char** argv); int HashTest(void); void SrpTest(void);