forked from wolfSSL/wolfssl
tests: add dtls downgrade tests
This commit is contained in:
Marco Oliverio
@@ -30,6 +30,7 @@ EXTRA_DIST += tests/unit.h \
|
|||||||
tests/test-psk-no-id.conf \
|
tests/test-psk-no-id.conf \
|
||||||
tests/test-psk-no-id-sha2.conf \
|
tests/test-psk-no-id-sha2.conf \
|
||||||
tests/test-dtls.conf \
|
tests/test-dtls.conf \
|
||||||
|
tests/test-dtls-downgrade.conf \
|
||||||
tests/test-dtls-fails.conf \
|
tests/test-dtls-fails.conf \
|
||||||
tests/test-dtls-fails-cipher.conf \
|
tests/test-dtls-fails-cipher.conf \
|
||||||
tests/test-dtls-group.conf \
|
tests/test-dtls-group.conf \
|
||||||
|
|||||||
@@ -1023,6 +1023,17 @@ int SuiteTest(int argc, char** argv)
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* Add dtls downgrade test */
|
||||||
|
XSTRLCPY(argv0[1], "tests/test-dtls-downgrade.conf", sizeof(argv0[1]));
|
||||||
|
printf("starting dtls downgrade tests\n");
|
||||||
|
test_harness(&args);
|
||||||
|
if (args.return_code != 0) {
|
||||||
|
printf("error from script %d\n", args.return_code);
|
||||||
|
args.return_code = EXIT_FAILURE;
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
|
#ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
|
||||||
/* add dtls extra suites */
|
/* add dtls extra suites */
|
||||||
XSTRLCPY(argv0[1], "tests/test-dtls-sha2.conf", sizeof(argv0[1]));
|
XSTRLCPY(argv0[1], "tests/test-dtls-sha2.conf", sizeof(argv0[1]));
|
||||||
|
|||||||
21
tests/test-dtls-downgrade.conf
Normal file
21
tests/test-dtls-downgrade.conf
Normal file
@@ -0,0 +1,21 @@
|
|||||||
|
# server DTLS multiversion allow downgrading
|
||||||
|
-vd
|
||||||
|
-7 2
|
||||||
|
-u
|
||||||
|
-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
|
||||||
|
# client DTLSv1.0
|
||||||
|
-v 2
|
||||||
|
-u
|
||||||
|
-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
|
||||||
|
# server DTLSv1.0
|
||||||
|
-v 2
|
||||||
|
-u
|
||||||
|
-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
|
||||||
|
# client DTLS multiversion allow downgrading
|
||||||
|
-vd
|
||||||
|
-7 2
|
||||||
|
-u
|
||||||
|
-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
@@ -1,11 +1,43 @@
|
|||||||
# server DTLSv1.3 allow downgrading
|
# server DTLS multiversion allow downgrade
|
||||||
-vd
|
-vd
|
||||||
-7 2
|
-7 2
|
||||||
-u
|
-u
|
||||||
-l TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
|
||||||
# client TLSv1.2 group message
|
# client DTLSv1.2
|
||||||
-v 3
|
-v 3
|
||||||
-u
|
-u
|
||||||
-l TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
-f
|
|
||||||
|
# server DTLS multiversion allow downgrade
|
||||||
|
-vd
|
||||||
|
-7 2
|
||||||
|
-u
|
||||||
|
-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
|
||||||
|
# client DTLSv1.0
|
||||||
|
-v 2
|
||||||
|
-u
|
||||||
|
-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
|
||||||
|
# server DTLSv1.0
|
||||||
|
-v 2
|
||||||
|
-u
|
||||||
|
-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
|
||||||
|
# client DTLS multiversion, allow downgrade
|
||||||
|
-vd
|
||||||
|
-7 2
|
||||||
|
-u
|
||||||
|
-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
|
||||||
|
# server DTLSv1.2
|
||||||
|
-v 3
|
||||||
|
-u
|
||||||
|
-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
|
||||||
|
# client DTLS multiversion, allow downgrade
|
||||||
|
-vd
|
||||||
|
-7 2
|
||||||
|
-u
|
||||||
|
-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
|
||||||
|
|||||||
Reference in New Issue
Block a user