diff --git a/cyassl/internal.h b/cyassl/internal.h index dabd624b2..3b8a3ee75 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -511,6 +511,7 @@ enum Misc { DTLS_MAJOR = 0xfe, /* DTLS major version number */ DTLS_MINOR = 0xff, /* DTLS minor version number */ + DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */ SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */ SSLv3_MINOR = 0, /* TLSv1 minor version number */ TLSv1_MINOR = 1, /* TLSv1 minor version number */ @@ -719,6 +720,7 @@ CYASSL_LOCAL ProtocolVersion MakeTLSv1_2(void); #ifdef CYASSL_DTLS CYASSL_LOCAL ProtocolVersion MakeDTLSv1(void); + CYASSL_LOCAL ProtocolVersion MakeDTLSv1_2(void); #endif diff --git a/cyassl/openssl/ssl.h b/cyassl/openssl/ssl.h index b5070d18f..840954f00 100644 --- a/cyassl/openssl/ssl.h +++ b/cyassl/openssl/ssl.h @@ -92,6 +92,8 @@ typedef CYASSL_X509_STORE_CTX X509_STORE_CTX; #ifdef CYASSL_DTLS #define DTLSv1_client_method CyaDTLSv1_client_method #define DTLSv1_server_method CyaDTLSv1_server_method + #define DTLSv1_2_client_method CyaDTLSv1_2_client_method + #define DTLSv1_2_server_method CyaDTLSv1_2_server_method #endif diff --git a/cyassl/ssl.h b/cyassl/ssl.h index 5f1b5a466..cef60f5f3 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -157,6 +157,8 @@ CYASSL_API CYASSL_METHOD *CyaTLSv1_2_client_method(void); #ifdef CYASSL_DTLS CYASSL_API CYASSL_METHOD *CyaDTLSv1_client_method(void); CYASSL_API CYASSL_METHOD *CyaDTLSv1_server_method(void); + CYASSL_API CYASSL_METHOD *CyaDTLSv1_2_client_method(void); + CYASSL_API CYASSL_METHOD *CyaDTLSv1_2_server_method(void); #endif #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) diff --git a/cyassl/test.h b/cyassl/test.h index 88c8c88a9..5c0f15f67 100644 --- a/cyassl/test.h +++ b/cyassl/test.h @@ -108,7 +108,11 @@ #define SERVER_DEFAULT_VERSION 3 +#define SERVER_DTLS_DEFAULT_VERSION (-2) +#define SERVER_INVALID_VERSION (-99) #define CLIENT_DEFAULT_VERSION 3 +#define CLIENT_DTLS_DEFAULT_VERSION (-2) +#define CLIENT_INVALID_VERSION (-99) /* all certs relative to CyaSSL home directory now */ #define caCert "./certs/ca-cert.pem" diff --git a/examples/client/client.c b/examples/client/client.c index 238995da6..5d9f83a92 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -99,7 +99,8 @@ static void Usage(void) printf("-s Use pre Shared keys\n"); printf("-d Disable peer checks\n"); printf("-g Send server HTTP GET\n"); - printf("-u Use UDP DTLS\n"); + printf("-u Use UDP DTLS," + " add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n"); printf("-m Match domain name in cert\n"); printf("-N Use Non-blocking sockets\n"); printf("-r Resume session\n"); @@ -129,7 +130,7 @@ void client_test(void* args) char* domain = (char*)"www.yassl.com"; int ch; - int version = CLIENT_DEFAULT_VERSION; + int version = CLIENT_INVALID_VERSION; int usePsk = 0; int sendGET = 0; int benchmark = 0; @@ -170,7 +171,6 @@ void client_test(void* args) case 'u' : doDTLS = 1; - version = -1; /* DTLS flag */ break; case 's' : @@ -196,8 +196,6 @@ void client_test(void* args) Usage(); exit(MY_EX_USAGE); } - if (doDTLS) - version = -1; /* DTLS flag */ break; case 'l' : @@ -240,6 +238,22 @@ void client_test(void* args) myoptind = 0; /* reset for test cases */ + /* sort out DTLS versus TLS versions */ + if (version == CLIENT_INVALID_VERSION) { + if (doDTLS) + version = CLIENT_DTLS_DEFAULT_VERSION; + else + version = CLIENT_DEFAULT_VERSION; + } + else { + if (doDTLS) { + if (version == 3) + version = -2; + else + version = -1; + } + } + switch (version) { #ifndef NO_OLD_TLS case 0: @@ -263,6 +277,10 @@ void client_test(void* args) case -1: method = CyaDTLSv1_client_method(); break; + + case -2: + method = CyaDTLSv1_2_client_method(); + break; #endif default: diff --git a/examples/server/server.c b/examples/server/server.c index 7af1eca13..e77adf8b5 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -98,7 +98,8 @@ static void Usage(void) printf("-d Disable client cert check\n"); printf("-b Bind to any interface instead of localhost only\n"); printf("-s Use pre Shared keys\n"); - printf("-u Use UDP DTLS\n"); + printf("-u Use UDP DTLS," + " add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2\n"); printf("-N Use Non-blocking sockets\n"); } @@ -163,7 +164,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) case 'u' : doDTLS = 1; - version = -1; /* DTLS flag */ break; case 'p' : @@ -176,8 +176,6 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) Usage(); exit(MY_EX_USAGE); } - if (doDTLS) - version = -1; /* stay with DTLS */ break; case 'l' : @@ -208,6 +206,22 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) myoptind = 0; /* reset for test cases */ + /* sort out DTLS versus TLS versions */ + if (version == CLIENT_INVALID_VERSION) { + if (doDTLS) + version = CLIENT_DTLS_DEFAULT_VERSION; + else + version = CLIENT_DEFAULT_VERSION; + } + else { + if (doDTLS) { + if (version == 3) + version = -2; + else + version = -1; + } + } + switch (version) { #ifndef NO_OLD_TLS case 0: @@ -231,6 +245,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) case -1: method = DTLSv1_server_method(); break; + + case -2: + method = DTLSv1_2_server_method(); + break; #endif default: diff --git a/src/internal.c b/src/internal.c index 923699b19..726711c8f 100644 --- a/src/internal.c +++ b/src/internal.c @@ -123,6 +123,8 @@ int IsAtLeastTLSv1_2(const CYASSL* ssl) { if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_2_MINOR) return 1; + if (ssl->version.major == DTLS_MAJOR && ssl->version.minor <= DTLSv1_2_MINOR) + return 1; return 0; } @@ -357,7 +359,7 @@ int InitSSL_Ctx(CYASSL_CTX* ctx, CYASSL_METHOD* method) ctx->CBIOSend = EmbedSend; #ifdef CYASSL_DTLS if (method->version.major == DTLS_MAJOR - && method->version.minor == DTLS_MINOR) { + && method->version.minor >= DTLSv1_2_MINOR) { ctx->CBIORecv = EmbedReceiveFrom; ctx->CBIOSend = EmbedSendTo; } @@ -591,8 +593,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveRSA, byte havePSK, } #ifdef CYASSL_DTLS - if (pv.major == DTLS_MAJOR && pv.minor == DTLS_MINOR) - tls = 1; + if (pv.major == DTLS_MAJOR) { + tls = 1; + tls1_2 = pv.minor <= DTLSv1_2_MINOR; + } #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA @@ -1303,7 +1307,8 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->heap = ctx->heap; /* defaults to self */ ssl->options.tls = 0; ssl->options.tls1_1 = 0; - if (ssl->version.major == DTLS_MAJOR && ssl->version.minor == DTLS_MINOR) + if (ssl->version.major == DTLS_MAJOR + && ssl->version.minor >= DTLSv1_2_MINOR) ssl->options.dtls = 1; else ssl->options.dtls = 0; @@ -1955,6 +1960,15 @@ ProtocolVersion MakeDTLSv1(void) return pv; } +ProtocolVersion MakeDTLSv1_2(void) +{ + ProtocolVersion pv; + pv.major = DTLS_MAJOR; + pv.minor = DTLSv1_2_MINOR; + + return pv; +} + #endif /* CYASSL_DTLS */ @@ -3380,6 +3394,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz) { byte additional[AES_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; + const byte* additionalSrc = input - 5; XMEMSET(additional, 0, AES_BLOCK_SIZE); @@ -3389,7 +3404,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz) /* Store the type, version. Unfortunately, they are in * the input buffer ahead of the plaintext. */ - XMEMCPY(additional + AEAD_TYPE_OFFSET, input - 5, 3); + #ifdef CYASSL_DTLS + if (ssl->options.dtls) + additionalSrc -= DTLS_HANDSHAKE_EXTRA; + #endif + XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); /* Store the length of the plain text minus the explicit * IV length minus the authentication tag size. */ @@ -3416,6 +3435,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz) { byte additional[AES_BLOCK_SIZE]; byte nonce[AEAD_NONCE_SZ]; + const byte* additionalSrc = input - 5; XMEMSET(additional, 0, AES_BLOCK_SIZE); @@ -3425,7 +3445,11 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz) /* Store the type, version. Unfortunately, they are in * the input buffer ahead of the plaintext. */ - XMEMCPY(additional + AEAD_TYPE_OFFSET, input - 5, 3); + #ifdef CYASSL_DTLS + if (ssl->options.dtls) + additionalSrc -= DTLS_HANDSHAKE_EXTRA; + #endif + XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3); /* Store the length of the plain text minus the explicit * IV length minus the authentication tag size. */ diff --git a/src/io.c b/src/io.c index 624f5742c..6edb8008d 100644 --- a/src/io.c +++ b/src/io.c @@ -96,6 +96,7 @@ #define SOCKET_EINTR WSAEINTR #define SOCKET_EPIPE WSAEPIPE #define SOCKET_ECONNREFUSED WSAENOTCONN + #define SOCKET_ECONNABORTED WSAECONNABORTED #elif defined(__PPU) #define SOCKET_EWOULDBLOCK SYS_NET_EWOULDBLOCK #define SOCKET_EAGAIN SYS_NET_EAGAIN @@ -103,6 +104,7 @@ #define SOCKET_EINTR SYS_NET_EINTR #define SOCKET_EPIPE SYS_NET_EPIPE #define SOCKET_ECONNREFUSED SYS_NET_ECONNREFUSED + #define SOCKET_ECONNABORTED SYS_NET_ECONNABORTED #elif defined(FREESCALE_MQX) /* RTCS doesn't have an EWOULDBLOCK error */ #define SOCKET_EWOULDBLOCK EAGAIN @@ -111,6 +113,7 @@ #define SOCKET_EINTR EINTR #define SOCKET_EPIPE EPIPE #define SOCKET_ECONNREFUSED RTCSERR_TCP_CONN_REFUSED + #define SOCKET_ECONNABORTED RTCSERR_TCP_CONN_ABORTED #else #define SOCKET_EWOULDBLOCK EWOULDBLOCK #define SOCKET_EAGAIN EAGAIN @@ -118,6 +121,7 @@ #define SOCKET_EINTR EINTR #define SOCKET_EPIPE EPIPE #define SOCKET_ECONNREFUSED ECONNREFUSED + #define SOCKET_ECONNABORTED ECONNABORTED #endif /* USE_WINDOWS_API */ @@ -136,16 +140,6 @@ #endif -#ifdef CYASSL_DTLS - /* sizeof(struct timeval) will pass uninit bytes to setsockopt if padded */ - #ifdef USE_WINDOWS_API - #define TIMEVAL_BYTES sizeof(timeout) - #else - #define TIMEVAL_BYTES sizeof(timeout.tv_sec) + sizeof(timeout.tv_usec) - #endif -#endif - - /* Translates return codes returned from * send() and recv() if need be. */ @@ -201,7 +195,7 @@ int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx) struct timeval timeout = {dtls_timeout, 0}; #endif if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout, - TIMEVAL_BYTES) != 0) { + sizeof(timeout)) != 0) { CYASSL_MSG("setsockopt rcvtimeo failed"); } } @@ -238,6 +232,10 @@ int EmbedReceive(CYASSL *ssl, char *buf, int sz, void *ctx) CYASSL_MSG(" Connection refused"); return IO_ERR_WANT_READ; } + else if (err == SOCKET_ECONNABORTED) { + CYASSL_MSG(" Connection aborted"); + return IO_ERR_CONN_CLOSE; + } else { CYASSL_MSG(" General error"); return IO_ERR_GENERAL; @@ -329,7 +327,7 @@ int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx) struct timeval timeout = { dtls_timeout, 0 }; #endif if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout, - TIMEVAL_BYTES) != 0) { + sizeof(timeout)) != 0) { CYASSL_MSG("setsockopt rcvtimeo failed"); } } diff --git a/src/ssl.c b/src/ssl.c index d68c839bf..1ee738c0f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2575,6 +2575,17 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) InitSSL_Method(method, MakeDTLSv1()); return method; } + + CYASSL_METHOD* CyaDTLSv1_2_client_method(void) + { + CYASSL_METHOD* method = + (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0, + DYNAMIC_TYPE_METHOD); + CYASSL_ENTER("DTLSv1_2_client_method"); + if (method) + InitSSL_Method(method, MakeDTLSv1_2()); + return method; + } #endif @@ -2596,7 +2607,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) #ifdef CYASSL_DTLS if (ssl->version.major == DTLS_MAJOR && - ssl->version.minor == DTLS_MINOR) { + ssl->version.minor >= DTLSv1_2_MINOR) { ssl->options.dtls = 1; ssl->options.tls = 1; ssl->options.tls1_1 = 1; @@ -2671,10 +2682,14 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) InitMd5(&ssl->hashMd5); InitSha(&ssl->hashSha); #endif - #ifndef NO_SHA256 - if (IsAtLeastTLSv1_2(ssl)) + if (IsAtLeastTLSv1_2(ssl)) { + #ifndef NO_SHA256 InitSha256(&ssl->hashSha256); - #endif + #endif + #ifdef CYASSL_SHA384 + InitSha384(&ssl->hashSha384); + #endif + } if ( (ssl->error = SendClientHello(ssl)) != 0) { CYASSL_ERROR(ssl->error); return SSL_FATAL_ERROR; @@ -2822,6 +2837,19 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) } return method; } + + CYASSL_METHOD* CyaDTLSv1_2_server_method(void) + { + CYASSL_METHOD* method = + (CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0, + DYNAMIC_TYPE_METHOD); + CYASSL_ENTER("DTLSv1_2_server_method"); + if (method) { + InitSSL_Method(method, MakeDTLSv1_2()); + method->side = SERVER_END; + } + return method; + } #endif @@ -2869,7 +2897,7 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) #ifdef CYASSL_DTLS if (ssl->version.major == DTLS_MAJOR && - ssl->version.minor == DTLS_MINOR) { + ssl->version.minor >= DTLSv1_2_MINOR) { ssl->options.dtls = 1; ssl->options.tls = 1; ssl->options.tls1_1 = 1; @@ -2925,10 +2953,14 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) InitMd5(&ssl->hashMd5); InitSha(&ssl->hashSha); #endif - #ifndef NO_SHA256 - if (IsAtLeastTLSv1_2(ssl)) - InitSha256(&ssl->hashSha256); - #endif + if (IsAtLeastTLSv1_2(ssl)) { + #ifndef NO_SHA256 + InitSha256(&ssl->hashSha256); + #endif + #ifdef CYASSL_SHA384 + InitSha384(&ssl->hashSha384); + #endif + } while (ssl->options.clientState < CLIENT_HELLO_COMPLETE) if ( (ssl->error = ProcessReply(ssl)) < 0) { @@ -5440,8 +5472,16 @@ int CyaSSL_set_compression(CYASSL* ssl) return "unknown"; } } - else if (ssl->version.major == DTLS_MAJOR) - return "DTLS"; + else if (ssl->version.major == DTLS_MAJOR) { + switch (ssl->version.minor) { + case DTLS_MINOR : + return "DTLS"; + case DTLSv1_2_MINOR : + return "DTLSv1.2"; + default: + return "unknown"; + } + } return "unknown"; } diff --git a/tests/include.am b/tests/include.am index 374e1676b..651f5b3fe 100644 --- a/tests/include.am +++ b/tests/include.am @@ -22,14 +22,19 @@ EXTRA_DIST += tests/test.conf \ tests/test-openssl.conf \ tests/test-hc128.conf \ tests/test-psk.conf \ + tests/test-psk-dtls.conf \ tests/test-ntru.conf \ tests/test-ecc.conf \ + tests/test-ecc-dtls.conf \ tests/test-ecc-sha384.conf \ + tests/test-ecc-dtls-sha384.conf \ tests/test-aesgcm.conf \ tests/test-aesgcm-ecc.conf \ + tests/test-aesgcm-ecc-dtls.conf \ tests/test-aesgcm-openssl.conf \ tests/test-aesccm.conf \ tests/test-aesccm-ecc.conf \ + tests/test-aesccm-ecc-dtls.conf \ tests/test-camellia.conf \ tests/test-camellia-openssl.conf \ tests/test-dtls.conf \ diff --git a/tests/suites.c b/tests/suites.c index e4d81ec36..17eeb4563 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -376,6 +376,16 @@ int SuiteTest(void) printf("error from script %d\n", args.return_code); exit(EXIT_FAILURE); } + #ifdef CYASSL_DTLS + /* add psk dtls extra suites */ + strcpy(argv0[1], "tests/test-psk-dtls.conf"); + printf("starting psk extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + exit(EXIT_FAILURE); + } + #endif #endif #if !defined(NO_PSK) && defined(HAVE_NULL_CIPHER) && !defined(NO_OLD_TLS) @@ -418,10 +428,30 @@ int SuiteTest(void) printf("error from script %d\n", args.return_code); exit(EXIT_FAILURE); } + #ifdef CYASSL_DTLS + /* add ecc dtls extra suites */ + strcpy(argv0[1], "tests/test-ecc-dtls.conf"); + printf("starting ecc dtls extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + exit(EXIT_FAILURE); + } + #endif #ifdef CYASSL_SHA384 - /* add ecc extra suites */ + /* add ecc sha384 extra suites */ strcpy(argv0[1], "tests/test-ecc-sha384.conf"); - printf("starting ecc-sha384 extra cipher suite tests\n"); + printf("starting ecc sha384 extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + exit(EXIT_FAILURE); + } + #endif + #if defined(CYASSL_DTLS) && defined(CYASSL_SHA384) + /* add ecc dtls sha384 extra suites */ + strcpy(argv0[1], "tests/test-ecc-dtls-sha384.conf"); + printf("starting ecc dtls sha384 extra cipher suite tests\n"); test_harness(&args); if (args.return_code != 0) { printf("error from script %d\n", args.return_code); @@ -461,6 +491,16 @@ int SuiteTest(void) printf("error from script %d\n", args.return_code); exit(EXIT_FAILURE); } + #ifdef CYASSL_DTLS + /* add aesgcm ecc dtls extra suites */ + strcpy(argv0[1], "tests/test-aesgcm-ecc-dtls.conf"); + printf("starting aesgcm ecc dtls extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + exit(EXIT_FAILURE); + } + #endif #endif #if defined(HAVE_AESCCM) @@ -481,6 +521,16 @@ int SuiteTest(void) printf("error from script %d\n", args.return_code); exit(EXIT_FAILURE); } + #ifdef CYASSL_DTLS + /* add aesccm ecc dtls extra suites */ + strcpy(argv0[1], "tests/test-aesccm-ecc-dtls.conf"); + printf("starting aesccm ecc dtls cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + exit(EXIT_FAILURE); + } + #endif #endif #endif diff --git a/tests/test-aesccm-ecc-dtls.conf b/tests/test-aesccm-ecc-dtls.conf new file mode 100644 index 000000000..0fef28d82 --- /dev/null +++ b/tests/test-aesccm-ecc-dtls.conf @@ -0,0 +1,56 @@ +# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 +-u +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 +-u +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8-SHA256 +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8-SHA384 +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 NON-BLOCKING +-u +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem +-N + +# client DTLSv1.2 ECDHE-ECDSA-AES128-CCM-8-SHA256 NON-BLOCKING +-u +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8-SHA256 +-A ./certs/server-ecc.pem +-N + +# server DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 NON-BLOCKING +-u +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem +-N + +# client DTLSv1.2 ECDHE-ECDSA-AES256-CCM-8-SHA384 NON-BLOCKING +-u +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8-SHA384 +-A ./certs/server-ecc.pem +-N + diff --git a/tests/test-aesgcm-ecc-dtls.conf b/tests/test-aesgcm-ecc-dtls.conf new file mode 100644 index 000000000..dd2a8cc77 --- /dev/null +++ b/tests/test-aesgcm-ecc-dtls.conf @@ -0,0 +1,96 @@ +# server DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +-u +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +-u +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 +-u +-v 3 +-l ECDH-ECDSA-AES128-GCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 +-u +-v 3 +-l ECDH-ECDSA-AES128-GCM-SHA256 +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDH-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDH-ECDSA-AES256-GCM-SHA384 +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 +-u +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 + +# client DTLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 +-u +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 + +# server DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client DTLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# server DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 +-u +-v 3 +-l ECDH-RSA-AES128-GCM-SHA256 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES128-GCM-SHA256 +-u +-v 3 +-l ECDH-RSA-AES128-GCM-SHA256 + +# server DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDH-RSA-AES256-GCM-SHA384 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES256-GCM-SHA384 +-u +-v 3 +-l ECDH-RSA-AES256-GCM-SHA384 + diff --git a/tests/test-dtls.conf b/tests/test-dtls.conf index d733e0ecf..29e50509a 100644 --- a/tests/test-dtls.conf +++ b/tests/test-dtls.conf @@ -1,98 +1,240 @@ # server DTLSv1 RC4-SHA -u +-v 2 -l RC4-SHA # client DTLSv1 RC4-SHA -u +-v 2 +-l RC4-SHA + +# server DTLSv1.2 RC4-SHA +-u +-v 3 +-l RC4-SHA + +# client DTLSv1.2 RC4-SHA +-u +-v 3 -l RC4-SHA # server DTLSv1 DES-CBC3-SHA -u +-v 2 -l DES-CBC3-SHA # client DTLSv1 DES-CBC3-SHA -u +-v 2 +-l DES-CBC3-SHA + +# server DTLSv1.2 DES-CBC3-SHA +-u +-v 3 +-l DES-CBC3-SHA + +# client DTLSv1.2 DES-CBC3-SHA +-u +-v 3 -l DES-CBC3-SHA # server DTLSv1 AES128-SHA -u +-v 2 -l AES128-SHA # client DTLSv1 AES128-SHA -u +-v 2 +-l AES128-SHA + +# server DTLSv1.2 AES128-SHA +-u +-v 3 +-l AES128-SHA + +# client DTLSv1.2 AES128-SHA +-u +-v 3 -l AES128-SHA # server DTLSv1 AES256-SHA -u +-v 2 -l AES256-SHA # client DTLSv1 AES256-SHA -u +-v 2 +-l AES256-SHA + +# server DTLSv1.2 AES256-SHA +-u +-v 3 +-l AES256-SHA + +# client DTLSv1.2 AES256-SHA +-u +-v 3 -l AES256-SHA # server DTLSv1 AES128-SHA256 -u +-v 2 -l AES128-SHA256 # client DTLSv1 AES128-SHA256 -u +-v 2 +-l AES128-SHA256 + +# server DTLSv1.2 AES128-SHA256 +-u +-v 3 +-l AES128-SHA256 + +# client DTLSv1.2 AES128-SHA256 +-u +-v 3 -l AES128-SHA256 # server DTLSv1 AES256-SHA256 -u +-v 2 -l AES256-SHA256 # client DTLSv1 AES256-SHA256 -u +-v 2 +-l AES256-SHA256 + +# server DTLSv1.2 AES256-SHA256 +-u +-v 3 +-l AES256-SHA256 + +# client DTLSv1.2 AES256-SHA256 +-u +-v 3 -l AES256-SHA256 # server DTLSv1 DES-CBC3-SHA NON-BLOCKING -u +-v 2 -l DES-CBC3-SHA -N # client DTLSv1 DES-CBC3-SHA NON-BLOCKING -u +-v 2 +-l DES-CBC3-SHA +-N + +# server DTLSv1.2 DES-CBC3-SHA NON-BLOCKING +-u +-v 3 +-l DES-CBC3-SHA +-N + +# client DTLSv1.2 DES-CBC3-SHA NON-BLOCKING +-u +-v 3 -l DES-CBC3-SHA -N # server DTLSv1 AES128-SHA NON-BLOCKING -u +-v 2 -l AES128-SHA -N # client DTLSv1 AES128-SHA NON-BLOCKING -u +-v 2 +-l AES128-SHA +-N + +# server DTLSv1.2 AES128-SHA NON-BLOCKING +-u +-v 3 +-l AES128-SHA +-N + +# client DTLSv1.2 AES128-SHA NON-BLOCKING +-u +-v 3 -l AES128-SHA -N # server DTLSv1 AES256-SHA NON-BLOCKING -u +-v 2 -l AES256-SHA -N # client DTLSv1 AES256-SHA NON-BLOCKING -u +-v 2 +-l AES256-SHA +-N + +# server DTLSv1.2 AES256-SHA NON-BLOCKING +-u +-v 3 +-l AES256-SHA +-N + +# client DTLSv1.2 AES256-SHA NON-BLOCKING +-u +-v 3 -l AES256-SHA -N # server DTLSv1 AES128-SHA256 NON-BLOCKING -u +-v 2 -l AES128-SHA256 -N # client DTLSv1 AES128-SHA256 NON-BLOCKING -u +-v 2 +-l AES128-SHA256 +-N + +# server DTLSv1.2 AES128-SHA256 NON-BLOCKING +-u +-v 3 +-l AES128-SHA256 +-N + +# client DTLSv1.2 AES128-SHA256 NON-BLOCKING +-u +-v 3 -l AES128-SHA256 -N # server DTLSv1 AES256-SHA256 NON-BLOCKING -u +-v 2 -l AES256-SHA256 -N # client DTLSv1 AES256-SHA256 NON-BLOCKING -u +-v 2 +-l AES256-SHA256 +-N + +# server DTLSv1.2 AES256-SHA256 NON-BLOCKING +-u +-v 3 +-l AES256-SHA256 +-N + +# client DTLSv1.2 AES256-SHA256 NON-BLOCKING +-u +-v 3 -l AES256-SHA256 -N diff --git a/tests/test-ecc-dtls-sha384.conf b/tests/test-ecc-dtls-sha384.conf new file mode 100644 index 000000000..1e67d4fe1 --- /dev/null +++ b/tests/test-ecc-dtls-sha384.conf @@ -0,0 +1,48 @@ +# server DTLSv1.2 ECDHE-RSA-AES256-SHA384 +-u +-v 3 +-l ECDHE-RSA-AES256-SHA384 + +# client DTLSv1.2 ECDHE-RSA-AES256-SHA384 +-u +-v 3 +-l ECDHE-RSA-AES256-SHA384 + +# server DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256-SHA384 +-u +-v 3 +-l ECDHE-ECDSA-AES256-SHA384 +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDH-RSA-AES256-SHA384 +-u +-v 3 +-l ECDH-RSA-AES256-SHA384 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES256-SHA384 +-u +-v 3 +-l ECDH-RSA-AES256-SHA384 + +# server DTLSv1.2 ECDH-ECDSA-AES256-SHA384 +-u +-v 3 +-l ECDH-ECDSA-AES256-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES256-SHA384 +-u +-v 3 +-l ECDH-ECDSA-AES256-SHA384 +-A ./certs/server-ecc.pem + diff --git a/tests/test-ecc-dtls.conf b/tests/test-ecc-dtls.conf new file mode 100644 index 000000000..d38d37f3d --- /dev/null +++ b/tests/test-ecc-dtls.conf @@ -0,0 +1,432 @@ +# server DTLSv1 ECDHE-RSA-RC4 +-u +-v 2 +-l ECDHE-RSA-RC4-SHA + +# client DTLSv1 ECDHE-RSA-RC4 +-u +-v 2 +-l ECDHE-RSA-RC4-SHA + +# server DTLSv1.1 ECDHE-RSA-DES3 +-u +-v 2 +-l ECDHE-RSA-DES-CBC3-SHA + +# client DTLSv1.1 ECDHE-RSA-DES3 +-u +-v 2 +-l ECDHE-RSA-DES-CBC3-SHA + +# server DTLSv1.1 ECDHE-RSA-AES128 +-u +-v 2 +-l ECDHE-RSA-AES128-SHA + +# client DTLSv1.1 ECDHE-RSA-AES128 +-u +-v 2 +-l ECDHE-RSA-AES128-SHA + +# server DTLSv1.1 ECDHE-RSA-AES256 +-u +-v 2 +-l ECDHE-RSA-AES256-SHA + +# client DTLSv1.1 ECDHE-RSA-AES256 +-u +-v 2 +-l ECDHE-RSA-AES256-SHA + +# server DTLSv1.2 ECDHE-RSA-RC4 +-u +-v 3 +-l ECDHE-RSA-RC4-SHA + +# client DTLSv1.2 ECDHE-RSA-RC4 +-u +-v 3 +-l ECDHE-RSA-RC4-SHA + +# server DTLSv1.2 ECDHE-RSA-DES3 +-u +-v 3 +-l ECDHE-RSA-DES-CBC3-SHA + +# client DTLSv1.2 ECDHE-RSA-DES3 +-u +-v 3 +-l ECDHE-RSA-DES-CBC3-SHA + +# server DTLSv1.2 ECDHE-RSA-AES128 +-u +-v 3 +-l ECDHE-RSA-AES128-SHA + +# client DTLSv1.2 ECDHE-RSA-AES128 +-u +-v 3 +-l ECDHE-RSA-AES128-SHA + +# server DTLSv1.2 ECDHE-RSA-AES128-SHA256 +-u +-v 3 +-l ECDHE-RSA-AES128-SHA256 + +# client DTLSv1.2 ECDHE-RSA-AES128-SHA256 +-u +-v 3 +-l ECDHE-RSA-AES128-SHA256 + +# server DTLSv1.2 ECDHE-RSA-AES256 +-u +-v 3 +-l ECDHE-RSA-AES256-SHA + +# client DTLSv1.2 ECDHE-RSA-AES256 +-u +-v 3 +-l ECDHE-RSA-AES256-SHA + +# server DTLSv1.1 ECDHE-EDCSA-RC4 +-u +-v 2 +-l ECDHE-ECDSA-RC4-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDHE-ECDSA-RC4 +-u +-v 2 +-l ECDHE-ECDSA-RC4-SHA +-A ./certs/server-ecc.pem + +# server DTLSv1.1 ECDHE-ECDSA-DES3 +-u +-v 2 +-l ECDHE-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDHE-ECDSA-DES3 +-u +-v 2 +-l ECDHE-ECDSA-DES-CBC3-SHA +-A ./certs/server-ecc.pem + +# server DTLSv1.1 ECDHE-ECDSA-AES128 +-u +-v 2 +-l ECDHE-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDHE-ECDSA-AES128 +-u +-v 2 +-l ECDHE-ECDSA-AES128-SHA +-A ./certs/server-ecc.pem + +# server DTLSv1.1 ECDHE-ECDSA-AES256 +-u +-v 2 +-l ECDHE-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDHE-ECDSA-AES256 +-u +-v 2 +-l ECDHE-ECDSA-AES256-SHA +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDHE-ECDSA-RC4 +-u +-v 3 +-l ECDHE-ECDSA-RC4-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-RC4 +-u +-v 3 +-l ECDHE-ECDSA-RC4-SHA +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDHE-ECDSA-DES3 +-u +-v 3 +-l ECDHE-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-DES3 +-u +-v 3 +-l ECDHE-ECDSA-DES-CBC3-SHA +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES128 +-u +-v 3 +-l ECDHE-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128 +-u +-v 3 +-l ECDHE-ECDSA-AES128-SHA +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 +-u +-v 3 +-l ECDHE-ECDSA-AES128-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES128-SHA256 +-u +-v 3 +-l ECDHE-ECDSA-AES128-SHA256 +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDHE-ECDSA-AES256 +-u +-v 3 +-l ECDHE-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDHE-ECDSA-AES256 +-u +-v 3 +-l ECDHE-ECDSA-AES256-SHA +-A ./certs/server-ecc.pem + +# server DTLSv1.1 ECDH-RSA-RC4 +-u +-v 2 +-l ECDH-RSA-RC4-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-RSA-RC4 +-u +-v 2 +-l ECDH-RSA-RC4-SHA + +# server DTLSv1.1 ECDH-RSA-DES3 +-u +-v 2 +-l ECDH-RSA-DES-CBC3-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-RSA-DES3 +-u +-v 2 +-l ECDH-RSA-DES-CBC3-SHA + +# server DTLSv1.1 ECDH-RSA-AES128 +-u +-v 2 +-l ECDH-RSA-AES128-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-RSA-AES128 +-u +-v 2 +-l ECDH-RSA-AES128-SHA + +# server DTLSv1.1 ECDH-RSA-AES256 +-u +-v 2 +-l ECDH-RSA-AES256-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-RSA-AES256 +-u +-v 2 +-l ECDH-RSA-AES256-SHA + +# server DTLSv1.2 ECDH-RSA-RC4 +-u +-v 3 +-l ECDH-RSA-RC4-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-RC4 +-u +-v 3 +-l ECDH-RSA-RC4-SHA + +# server DTLSv1.2 ECDH-RSA-DES3 +-u +-v 3 +-l ECDH-RSA-DES-CBC3-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-DES3 +-u +-v 3 +-l ECDH-RSA-DES-CBC3-SHA + +# server DTLSv1.2 ECDH-RSA-AES128 +-u +-v 3 +-l ECDH-RSA-AES128-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES128 +-u +-v 3 +-l ECDH-RSA-AES128-SHA + +# server DTLSv1.2 ECDH-RSA-AES128-SHA256 +-u +-v 3 +-l ECDH-RSA-AES128-SHA256 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES128-SHA256 +-u +-v 3 +-l ECDH-RSA-AES128-SHA256 + +# server DTLSv1.2 ECDH-RSA-AES256 +-u +-v 3 +-l ECDH-RSA-AES256-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-RSA-AES256 +-u +-v 3 +-l ECDH-RSA-AES256-SHA + +# server DTLSv1.1 ECDH-EDCSA-RC4 +-u +-v 2 +-l ECDH-ECDSA-RC4-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-ECDSA-RC4 +-u +-v 2 +-l ECDH-ECDSA-RC4-SHA +-A ./certs/server-ecc.pem + +# server DTLSv1.1 ECDH-ECDSA-DES3 +-u +-v 2 +-l ECDH-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-ECDSA-DES3 +-u +-v 2 +-l ECDH-ECDSA-DES-CBC3-SHA +-A ./certs/server-ecc.pem + +# server DTLSv1.1 ECDH-ECDSA-AES128 +-u +-v 2 +-l ECDH-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-ECDSA-AES128 +-u +-v 2 +-l ECDH-ECDSA-AES128-SHA +-A ./certs/server-ecc.pem + +# server DTLSv1.1 ECDH-ECDSA-AES256 +-u +-v 2 +-l ECDH-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.1 ECDH-ECDSA-AES256 +-u +-v 2 +-l ECDH-ECDSA-AES256-SHA +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDHE-ECDSA-RC4 +-u +-v 3 +-l ECDH-ECDSA-RC4-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-RC4 +-u +-v 3 +-l ECDH-ECDSA-RC4-SHA +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDH-ECDSA-DES3 +-u +-v 3 +-l ECDH-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-DES3 +-u +-v 3 +-l ECDH-ECDSA-DES-CBC3-SHA +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDH-ECDSA-AES128 +-u +-v 3 +-l ECDH-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES128 +-u +-v 3 +-l ECDH-ECDSA-AES128-SHA +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDH-ECDSA-AES128-SHA256 +-u +-v 3 +-l ECDH-ECDSA-AES128-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES128-SHA256 +-u +-v 3 +-l ECDH-ECDSA-AES128-SHA256 +-A ./certs/server-ecc.pem + +# server DTLSv1.2 ECDH-ECDSA-AES256 +-u +-v 3 +-l ECDH-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client DTLSv1.2 ECDH-ECDSA-AES256 +-u +-v 3 +-l ECDH-ECDSA-AES256-SHA +-A ./certs/server-ecc.pem + diff --git a/tests/test-psk-dtls.conf b/tests/test-psk-dtls.conf new file mode 100644 index 000000000..c2e6cbd13 --- /dev/null +++ b/tests/test-psk-dtls.conf @@ -0,0 +1,60 @@ +# server DTLSv1 PSK-AES128 +-s +-u +-v 2 +-l PSK-AES128-CBC-SHA + +# client DTLSv1 PSK-AES128 +-s +-u +-v 2 +-l PSK-AES128-CBC-SHA + +# server DTLSv1 PSK-AES256 +-s +-u +-v 2 +-l PSK-AES256-CBC-SHA + +# client DTLSv1 PSK-AES256 +-s +-u +-v 2 +-l PSK-AES256-CBC-SHA + +# server DTLSv1.2 PSK-AES128 +-s +-u +-v 3 +-l PSK-AES128-CBC-SHA + +# client DTLSv1.2 PSK-AES128 +-s +-u +-v 3 +-l PSK-AES128-CBC-SHA + +# server DTLSv1.2 PSK-AES256 +-s +-u +-v 3 +-l PSK-AES256-CBC-SHA + +# client DTLSv1.2 PSK-AES256 +-s +-u +-v 3 +-l PSK-AES256-CBC-SHA + +# server DTLSv1.2 PSK-AES128-SHA256 +-s +-u +-v 3 +-l PSK-AES128-CBC-SHA256 + +# client DTLSv1.2 PSK-AES128-SHA256 +-s +-u +-v 3 +-l PSK-AES128-CBC-SHA256 +