feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Disallow SHA-2 ciphersuites from TLS 1.0 and 1.1 handshakes

Browse Source
This commit is contained in:
Sean Parkinson
2019-07-18 13:59:32 +10:00
parent ef20276ab5
commit a975ba9e97
13 changed files with 1107 additions and 854 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
src/internal.c
View File

@ -2706,14 +2706,24 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
if (tls && haveDH && haveRSA) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && haveDH && haveRSA)
#else
if (tls && haveDH && haveRSA)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256;
}
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
if (tls && haveDH && haveRSA) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && haveDH && haveRSA)
#else
if (tls && haveDH && haveRSA)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256;
}
@ -2744,14 +2754,24 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
if (tls && haveRSA) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && haveRSA)
#else
if (tls && haveRSA)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256;
}
#endif
#ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
if (tls && haveRSA) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && haveRSA)
#else
if (tls && haveRSA)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
}
@ -2815,7 +2835,12 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
#endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
if (tls && haveRSA) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && haveRSA)
#else
if (tls && haveRSA)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256;
}
@ -2829,28 +2854,48 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
if (tls && haveDH && havePSK) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && haveDH && havePSK)
#else
if (tls && haveDH && havePSK)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384;
}
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
if (tls && havePSK) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && havePSK)
#else
if (tls && havePSK)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384;
}
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
if (tls && haveDH && havePSK) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && haveDH && havePSK)
#else
if (tls && haveDH && havePSK)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256;
}
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
if (tls && havePSK) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && havePSK)
#else
if (tls1 && havePSK)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA256;
}
@ -2878,28 +2923,48 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
#endif
#ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
if (tls && havePSK) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && havePSK)
#else
if (tls && havePSK)
#endif
{
suites->suites[idx++] = CHACHA_BYTE;
suites->suites[idx++] = TLS_PSK_WITH_CHACHA20_POLY1305_SHA256;
}
#endif
#ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
if (tls && havePSK) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && havePSK)
#else
if (tls && havePSK)
#endif
{
suites->suites[idx++] = CHACHA_BYTE;
suites->suites[idx++] = TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
}
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
if (tls && havePSK) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && havePSK)
#else
if (tls && havePSK)
#endif
{
suites->suites[idx++] = CHACHA_BYTE;
suites->suites[idx++] = TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
}
#endif
#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
if (tls && havePSK) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && havePSK)
#else
if (tls && havePSK)
#endif
{
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
}
@ -2934,35 +2999,60 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
if (tls && haveDH && havePSK) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && haveDH && havePSK)
#else
if (tls && haveDH && havePSK)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384;
}
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
if (tls && havePSK) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && havePSK)
#else
if (tls && havePSK)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384;
}
#endif
#ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
if (tls && havePSK) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && havePSK)
#else
if (tls && havePSK)
#endif
{
suites->suites[idx++] = ECC_BYTE;
suites->suites[idx++] = TLS_ECDHE_PSK_WITH_NULL_SHA256;
}
#endif
#ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
if (tls && haveDH && havePSK) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && haveDH && havePSK)
#else
if (tls && haveDH && havePSK)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256;
}
#endif
#ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
if (tls && havePSK) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && havePSK)
#else
if (tls && havePSK)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256;
}
@ -3067,28 +3157,48 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
#endif
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
if (tls && haveRSA) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && haveRSA)
#else
if (tls && haveRSA)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256;
}
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
if (tls && haveDH && haveRSA) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && haveDH && haveRSA)
#else
if (tls && haveDH && haveRSA)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256;
}
#endif
#ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
if (tls && haveRSA) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && haveRSA)
#else
if (tls && haveRSA)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256;
}
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
if (tls && haveDH && haveRSA) {
#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
if (tls1_2 && haveDH && haveRSA)
#else
if (tls && haveDH && haveRSA)
#endif
{
suites->suites[idx++] = CIPHER_BYTE;
suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256;
}

5
tests/include.am
View File

@ -20,15 +20,20 @@ tests_unit_test_DEPENDENCIES = src/libwolfssl.la
endif
EXTRA_DIST += tests/unit.h
EXTRA_DIST += tests/test.conf \
tests/test-sha2.conf \
tests/test-tls13.conf \
tests/test-tls13-down.conf \
tests/test-tls13-ecc.conf \
tests/test-tls13-psk.conf \
tests/test-qsh.conf \
tests/test-qsh-sha2.conf \
tests/test-psk.conf \
tests/test-psk-no-id.conf \
tests/test-psk-no-id-sha2.conf \
tests/test-dtls.conf \
tests/test-dtls-sha2.conf \
tests/test-sctp.conf \
tests/test-sctp-sha2.conf \
tests/test-sig.conf \
tests/test-ed25519.conf \
tests/test-enckeys.conf \

44
tests/suites.c
View File

@ -717,6 +717,18 @@ int SuiteTest(int argc, char** argv)
/* any extra cases will need another argument */
args.argc = 2;
#ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
/* SHA-2 cipher suites in old TLS versions */
strcpy(argv0[1], "tests/test-sha2.conf");
printf("starting SHA-2 cipher suite in old TLS versions tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#ifdef WOLFSSL_TLS13
/* add TLSv13 extra suites */
strcpy(argv0[1], "tests/test-tls13.conf");
@ -771,6 +783,17 @@ int SuiteTest(int argc, char** argv)
args.return_code = EXIT_FAILURE;
goto exit;
}
#ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
/* add dtls extra suites */
strcpy(argv0[1], "tests/test-dtls-sha2.conf");
printf("starting dtls extra cipher suite tests - old TLS sha-2 cs\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#endif
#ifdef WOLFSSL_SCTP
/* add dtls-sctp extra suites */
@ -782,6 +805,17 @@ int SuiteTest(int argc, char** argv)
args.return_code = EXIT_FAILURE;
goto exit;
}
#ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
/* add dtls-sctp extra suites */
strcpy(argv0[1], "tests/test-sctp-sha2.conf");
printf("starting dtls-sctp extra cipher suite tests - old TLS sha-2 cs\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#endif
#ifndef WC_STRICT_SIG
#if !defined(NO_RSA) && defined(HAVE_ECC) /* testing mixed ECC/RSA cert */
@ -806,6 +840,16 @@ int SuiteTest(int argc, char** argv)
args.return_code = EXIT_FAILURE;
goto exit;
}
#ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
strcpy(argv0[1], "tests/test-qsh-sha2.conf");
printf("starting qsh extra cipher suite tests - old TLS sha-2 cs\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
args.return_code = EXIT_FAILURE;
goto exit;
}
#endif
#endif
#ifndef NO_PSK
#ifndef WOLFSSL_NO_TLS12

66
tests/test-dtls-sha2.conf Normal file
View File

@ -0,0 +1,66 @@
# server DTLSv1 AES128-SHA256
-u
-v 2
-l AES128-SHA256
# client DTLSv1 AES128-SHA256
-u
-v 2
-l AES128-SHA256
# server DTLSv1 AES256-SHA256
-u
-v 2
-l AES256-SHA256
# client DTLSv1 AES256-SHA256
-u
-v 2
-l AES256-SHA256
# server TLSv1 ECDHE-PSK-AES128-SHA256
-s
-u
-v 1
-l ECDHE-PSK-AES128-SHA256
# client TLSv1 ECDHE-PSK-AES128-SHA256
-s
-u
-v 1
-l ECDHE-PSK-AES128-SHA256
# server TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-u
-v 2
-l ECDHE-PSK-AES128-SHA256
# client TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-u
-v 2
-l ECDHE-PSK-AES128-SHA256
# server TLSv1 ECDHE-PSK-NULL-SHA256
-s
-u
-v 1
-l ECDHE-PSK-NULL-SHA256
# client TLSv1 ECDHE-PSK-NULL-SHA256
-s
-u
-v 1
-l ECDHE-PSK-NULL-SHA256
# server TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-u
-v 2
-l ECDHE-PSK-NULL-SHA256
# client TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-u
-v 2
-l ECDHE-PSK-NULL-SHA256

68
tests/test-dtls.conf
View File

@ -170,16 +170,6 @@
-v 3
-l AES256-SHA
# server DTLSv1 AES128-SHA256
-u
-v 2
-l AES128-SHA256
# client DTLSv1 AES128-SHA256
-u
-v 2
-l AES128-SHA256
# server DTLSv1.2 AES128-SHA256
-u
-v 3
@ -190,16 +180,6 @@
-v 3
-l AES128-SHA256
# server DTLSv1 AES256-SHA256
-u
-v 2
-l AES256-SHA256
# client DTLSv1 AES256-SHA256
-u
-v 2
-l AES256-SHA256
# server DTLSv1.2 AES256-SHA256
-u
-v 3
@ -633,30 +613,6 @@
-l ECDH-ECDSA-AES256-SHA384
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDHE-PSK-AES128-SHA256
-s
-u
-v 1
-l ECDHE-PSK-AES128-SHA256
# client TLSv1 ECDHE-PSK-AES128-SHA256
-s
-u
-v 1
-l ECDHE-PSK-AES128-SHA256
# server TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-u
-v 2
-l ECDHE-PSK-AES128-SHA256
# client TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-u
-v 2
-l ECDHE-PSK-AES128-SHA256
# server TLSv1.2 ECDHE-PSK-AES128-SHA256
-s
-u
@ -669,30 +625,6 @@
-v 3
-l ECDHE-PSK-AES128-SHA256
# server TLSv1 ECDHE-PSK-NULL-SHA256
-s
-u
-v 1
-l ECDHE-PSK-NULL-SHA256
# client TLSv1 ECDHE-PSK-NULL-SHA256
-s
-u
-v 1
-l ECDHE-PSK-NULL-SHA256
# server TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-u
-v 2
-l ECDHE-PSK-NULL-SHA256
# client TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-u
-v 2
-l ECDHE-PSK-NULL-SHA256
# server TLSv1.2 ECDHE-PSK-NULL-SHA256
-s
-u

87
tests/test-psk-no-id-sha2.conf Normal file
View File

@ -0,0 +1,87 @@
# No Hint server TLSv1 ECDHE-PSK-AES128-SHA256
-s
-I
-v 1
-l ECDHE-PSK-AES128-SHA256
# No Hint client TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l ECDHE-PSK-AES128-SHA256
# No Hint server TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-I
-v 2
-l ECDHE-PSK-AES128-SHA256
# No Hint client TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l ECDHE-PSK-AES128-SHA256
# No Hint server TLSv1 ECDHE-PSK-NULL-SHA256
-s
-I
-v 1
-l ECDHE-PSK-NULL-SHA256
# No Hint client TLSv1 ECDHE-PSK-NULL-SHA256
-s
-v 1
-l ECDHE-PSK-NULL-SHA256
# No Hint server TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-I
-v 2
-l ECDHE-PSK-NULL-SHA256
# No Hint client TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-v 2
-l ECDHE-PSK-NULL-SHA256
# No Hint server TLSv1.0 PSK-AES128-SHA256
-s
-I
-v 1
-l PSK-AES128-CBC-SHA256
# No Hint client TLSv1.0 PSK-AES128-SHA256
-s
-v 1
-l PSK-AES128-CBC-SHA256
# No Hint server TLSv1.1 PSK-AES128-SHA256
-s
-I
-v 2
-l PSK-AES128-CBC-SHA256
# No Hint client TLSv1.1 PSK-AES128-SHA256
-s
-v 2
-l PSK-AES128-CBC-SHA256
No Hint server TLSv1.0 PSK-AES256-SHA384
-s
-I
-v 1
-l PSK-AES256-CBC-SHA384
# No Hint client TLSv1.0 PSK-AES256-SHA384
-s
-v 1
-l PSK-AES256-CBC-SHA384
# No Hint server TLSv1.1 PSK-AES256-SHA384
-s
-I
-v 2
-l PSK-AES256-CBC-SHA384
# No Hint client TLSv1.1 PSK-AES256-SHA384
-s
-v 2
-l PSK-AES256-CBC-SHA384

88
tests/test-psk-no-id.conf
View File

@ -31,28 +31,6 @@
-v 3
-l ECDHE-PSK-CHACHA20-POLY1305
# No Hint server TLSv1 ECDHE-PSK-AES128-SHA256
-s
-I
-v 1
-l ECDHE-PSK-AES128-SHA256
# No Hint client TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l ECDHE-PSK-AES128-SHA256
# No Hint server TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-I
-v 2
-l ECDHE-PSK-AES128-SHA256
# No Hint client TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l ECDHE-PSK-AES128-SHA256
# No Hint server TLSv1.2 ECDHE-PSK-AES128-SHA256
-s
-I
@ -64,28 +42,6 @@
-v 3
-l ECDHE-PSK-AES128-SHA256
# No Hint server TLSv1 ECDHE-PSK-NULL-SHA256
-s
-I
-v 1
-l ECDHE-PSK-NULL-SHA256
# No Hint client TLSv1 ECDHE-PSK-NULL-SHA256
-s
-v 1
-l ECDHE-PSK-NULL-SHA256
# No Hint server TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-I
-v 2
-l ECDHE-PSK-NULL-SHA256
# No Hint client TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-v 2
-l ECDHE-PSK-NULL-SHA256
# No Hint server TLSv1.2 ECDHE-PSK-NULL-SHA256
-s
-I
@ -163,28 +119,6 @@
-v 3
-l PSK-AES256-CBC-SHA
# No Hint server TLSv1.0 PSK-AES128-SHA256
-s
-I
-v 1
-l PSK-AES128-CBC-SHA256
# No Hint client TLSv1.0 PSK-AES128-SHA256
-s
-v 1
-l PSK-AES128-CBC-SHA256
# No Hint server TLSv1.1 PSK-AES128-SHA256
-s
-I
-v 2
-l PSK-AES128-CBC-SHA256
# No Hint client TLSv1.1 PSK-AES128-SHA256
-s
-v 2
-l PSK-AES128-CBC-SHA256
# No Hint server TLSv1.2 PSK-AES128-SHA256
-s
-I
@ -196,28 +130,6 @@
-v 3
-l PSK-AES128-CBC-SHA256
# No Hint server TLSv1.0 PSK-AES256-SHA384
-s
-I
-v 1
-l PSK-AES256-CBC-SHA384
# No Hint client TLSv1.0 PSK-AES256-SHA384
-s
-v 1
-l PSK-AES256-CBC-SHA384
# No Hint server TLSv1.1 PSK-AES256-SHA384
-s
-I
-v 2
-l PSK-AES256-CBC-SHA384
# No Hint client TLSv1.1 PSK-AES256-SHA384
-s
-v 2
-l PSK-AES256-CBC-SHA384
# No Hint server TLSv1.2 PSK-AES256-SHA384
-s
-I

303
tests/test-qsh-sha2.conf Normal file
View File

@ -0,0 +1,303 @@
# server TLSv1 AES128-SHA256
-v 1
-l QSH:AES128-SHA256
# client TLSv1 AES128-SHA256
-v 1
-l QSH:AES128-SHA256
# server TLSv1 AES256-SHA256
-v 1
-l QSH:AES256-SHA256
# client TLSv1 AES256-SHA256
-v 1
-l QSH:AES256-SHA256
# server TLSv1.1 AES128-SHA256
-v 2
-l QSH:AES128-SHA256
# client TLSv1.1 AES128-SHA256
-v 2
-l QSH:AES128-SHA256
# server TLSv1.1 AES256-SHA256
-v 2
-l QSH:AES256-SHA256
# client TLSv1.1 AES256-SHA256
-v 2
-l QSH:AES256-SHA256
# server TLSv1 DHE AES128-SHA256
-v 1
-l QSH:DHE-RSA-AES128-SHA256
# client TLSv1 DHE AES128-SHA256
-v 1
-l QSH:DHE-RSA-AES128-SHA256
# server TLSv1 DHE AES256-SHA256
-v 1
-l QSH:DHE-RSA-AES256-SHA256
# client TLSv1 DHE AES256-SHA256
-v 1
-l QSH:DHE-RSA-AES256-SHA256
# server TLSv1.1 DHE AES128-SHA256
-v 2
-l QSH:DHE-RSA-AES128-SHA256
# client TLSv1.1 DHE AES128-SHA256
-v 2
-l QSH:DHE-RSA-AES128-SHA256
# server TLSv1.1 DHE AES256-SHA256
-v 2
-l QSH:DHE-RSA-AES256-SHA256
# client TLSv1.1 DHE AES256-SHA256
-v 2
-l QSH:DHE-RSA-AES256-SHA256
# server TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l QSH:ECDHE-PSK-AES128-SHA256
# client TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l QSH:ECDHE-PSK-AES128-SHA256
# server TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l QSH:ECDHE-PSK-AES128-SHA256
# client TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l QSH:ECDHE-PSK-AES128-SHA256
# server TLSv1 ECDHE-PSK-NULL-SHA256
-s
-v 1
-l QSH:ECDHE-PSK-NULL-SHA256
# client TLSv1 ECDHE-PSK-NULL-SHA256
-s
-v 1
-l QSH:ECDHE-PSK-NULL-SHA256
# server TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-v 2
-l QSH:ECDHE-PSK-NULL-SHA256
# client TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-v 2
-l QSH:ECDHE-PSK-NULL-SHA256
# server TLSv1.0 PSK-AES128-SHA256
-s
-v 1
-l QSH:PSK-AES128-CBC-SHA256
# client TLSv1.0 PSK-AES128-SHA256
-s
-v 1
-l QSH:PSK-AES128-CBC-SHA256
# server TLSv1.1 PSK-AES128-SHA256
-s
-v 2
-l QSH:PSK-AES128-CBC-SHA256
# client TLSv1.1 PSK-AES128-SHA256
-s
-v 2
-l QSH:PSK-AES128-CBC-SHA256
# server TLSv1.0 PSK-AES256-SHA384
-s
-v 1
-l QSH:PSK-AES256-CBC-SHA384
# client TLSv1.0 PSK-AES256-SHA384
-s
-v 1
-l QSH:PSK-AES256-CBC-SHA384
# server TLSv1.1 PSK-AES256-SHA384
-s
-v 2
-l QSH:PSK-AES256-CBC-SHA384
# client TLSv1.1 PSK-AES256-SHA384
-s
-v 2
-l QSH:PSK-AES256-CBC-SHA384
# server TLSv1.0 RSA-NULL-SHA256
-v 1
-l QSH:NULL-SHA256
# client TLSv1.0 RSA-NULL-SHA256
-v 1
-l QSH:NULL-SHA256
# server TLSv1.1 RSA-NULL-SHA256
-v 2
-l QSH:NULL-SHA256
# client TLSv1.1 RSA-NULL-SHA256
-v 2
-l QSH:NULL-SHA256
# server TLSv1 CAMELLIA128-SHA256
-v 1
-l QSH:CAMELLIA128-SHA256
# client TLSv1 CAMELLIA128-SHA256
-v 1
-l QSH:CAMELLIA128-SHA256
# server TLSv1 CAMELLIA256-SHA256
-v 1
-l QSH:CAMELLIA256-SHA256
# client TLSv1 CAMELLIA256-SHA256
-v 1
-l QSH:CAMELLIA256-SHA256
# server TLSv1.1 CAMELLIA128-SHA256
-v 2
-l QSH:CAMELLIA128-SHA256
# client TLSv1.1 CAMELLIA128-SHA256
-v 2
-l QSH:CAMELLIA128-SHA256
# server TLSv1.1 CAMELLIA256-SHA256
-v 2
-l QSH:CAMELLIA256-SHA256
# client TLSv1.1 CAMELLIA256-SHA256
-v 2
-l QSH:CAMELLIA256-SHA256
# server TLSv1 DHE-RSA-CAMELLIA128-SHA256
-v 1
-l QSH:DHE-RSA-CAMELLIA128-SHA256
# client TLSv1 DHE-RSA-CAMELLIA128-SHA256
-v 1
-l QSH:DHE-RSA-CAMELLIA128-SHA256
# server TLSv1 DHE-RSA-CAMELLIA256-SHA256
-v 1
-l QSH:DHE-RSA-CAMELLIA256-SHA256
# client TLSv1 DHE-RSA-CAMELLIA256-SHA256
-v 1
-l QSH:DHE-RSA-CAMELLIA256-SHA256
# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
-v 2
-l QSH:DHE-RSA-CAMELLIA128-SHA256
# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
-v 2
-l QSH:DHE-RSA-CAMELLIA128-SHA256
# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
-v 2
-l QSH:DHE-RSA-CAMELLIA256-SHA256
# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
-v 2
-l QSH:DHE-RSA-CAMELLIA256-SHA256
# server TLSv1.0 DHE-PSK-AES128-CBC-SHA256
-s
-v 1
-l QSH:DHE-PSK-AES128-CBC-SHA256
# client TLSv1.0 DHE-PSK-AES128-CBC-SHA256
-s
-v 1
-l QSH:DHE-PSK-AES128-CBC-SHA256
# server TLSv1.1 DHE-PSK-AES128-CBC-SHA256
-s
-v 2
-l QSH:DHE-PSK-AES128-CBC-SHA256
# client TLSv1.1 DHE-PSK-AES128-CBC-SHA256
-s
-v 2
-l QSH:DHE-PSK-AES128-CBC-SHA256
# server TLSv1.0 DHE-PSK-AES256-CBC-SHA384
-s
-v 1
-l QSH:DHE-PSK-AES256-CBC-SHA384
# client TLSv1.0 DHE-PSK-AES256-CBC-SHA384
-s
-v 1
-l QSH:DHE-PSK-AES256-CBC-SHA384
# server TLSv1.1 DHE-PSK-AES256-CBC-SHA384
-s
-v 2
-l QSH:DHE-PSK-AES256-CBC-SHA384
# client TLSv1.1 DHE-PSK-AES256-CBC-SHA384
-s
-v 2
-l QSH:DHE-PSK-AES256-CBC-SHA384
# server TLSv1.0 DHE-PSK-NULL-SHA256
-s
-v 1
-l QSH:DHE-PSK-NULL-SHA256
# client TLSv1.0 DHE-PSK-NULL-SHA256
-s
-v 1
-l QSH:DHE-PSK-NULL-SHA256
# server TLSv1.1 DHE-PSK-NULL-SHA256
-s
-v 2
-l QSH:DHE-PSK-NULL-SHA256
# client TLSv1.1 DHE-PSK-NULL-SHA256
-s
-v 2
-l QSH:DHE-PSK-NULL-SHA256
# server TLSv1.0 DHE-PSK-NULL-SHA384
-s
-v 1
-l QSH:DHE-PSK-NULL-SHA384
# client TLSv1.0 DHE-PSK-NULL-SHA384
-s
-v 1
-l QSH:DHE-PSK-NULL-SHA384
# server TLSv1.1 DHE-PSK-NULL-SHA384
-s
-v 2
-l QSH:DHE-PSK-NULL-SHA384
# client TLSv1.1 DHE-PSK-NULL-SHA384
-s
-v 2
-l QSH:DHE-PSK-NULL-SHA384

304
tests/test-qsh.conf
View File

@ -162,22 +162,6 @@
-v 1
-l QSH:AES256-SHA
# server TLSv1 AES128-SHA256
-v 1
-l QSH:AES128-SHA256
# client TLSv1 AES128-SHA256
-v 1
-l QSH:AES128-SHA256
# server TLSv1 AES256-SHA256
-v 1
-l QSH:AES256-SHA256
# client TLSv1 AES256-SHA256
-v 1
-l QSH:AES256-SHA256
# server TLSv1.1 RC4-SHA
-v 2
-l QSH:RC4-SHA
@ -226,22 +210,6 @@
-v 2
-l QSH:AES256-SHA
# server TLSv1.1 AES128-SHA256
-v 2
-l QSH:AES128-SHA256
# client TLSv1.1 AES128-SHA256
-v 2
-l QSH:AES128-SHA256
# server TLSv1.1 AES256-SHA256
-v 2
-l QSH:AES256-SHA256
# client TLSv1.1 AES256-SHA256
-v 2
-l QSH:AES256-SHA256
# server TLSv1.2 RC4-SHA
-v 3
-l QSH:RC4-SHA
@ -1051,22 +1019,6 @@
-v 1
-l QSH:DHE-RSA-AES256-SHA
# server TLSv1 DHE AES128-SHA256
-v 1
-l QSH:DHE-RSA-AES128-SHA256
# client TLSv1 DHE AES128-SHA256
-v 1
-l QSH:DHE-RSA-AES128-SHA256
# server TLSv1 DHE AES256-SHA256
-v 1
-l QSH:DHE-RSA-AES256-SHA256
# client TLSv1 DHE AES256-SHA256
-v 1
-l QSH:DHE-RSA-AES256-SHA256
# server TLSv1.1 DHE AES128
-v 2
-l QSH:DHE-RSA-AES128-SHA
@ -1083,22 +1035,6 @@
-v 2
-l QSH:DHE-RSA-AES256-SHA
# server TLSv1.1 DHE AES128-SHA256
-v 2
-l QSH:DHE-RSA-AES128-SHA256
# client TLSv1.1 DHE AES128-SHA256
-v 2
-l QSH:DHE-RSA-AES128-SHA256
# server TLSv1.1 DHE AES256-SHA256
-v 2
-l QSH:DHE-RSA-AES256-SHA256
# client TLSv1.1 DHE AES256-SHA256
-v 2
-l QSH:DHE-RSA-AES256-SHA256
# server TLSv1.2 DHE AES128
-v 3
-l QSH:DHE-RSA-AES128-SHA
@ -1131,26 +1067,6 @@
-v 3
-l QSH:DHE-RSA-AES256-SHA256
# server TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l QSH:ECDHE-PSK-AES128-SHA256
# client TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l QSH:ECDHE-PSK-AES128-SHA256
# server TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l QSH:ECDHE-PSK-AES128-SHA256
# client TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l QSH:ECDHE-PSK-AES128-SHA256
# server TLSv1.2 ECDHE-PSK-AES128-SHA256
-s
-v 3
@ -1161,26 +1077,6 @@
-v 3
-l QSH:ECDHE-PSK-AES128-SHA256
# server TLSv1 ECDHE-PSK-NULL-SHA256
-s
-v 1
-l QSH:ECDHE-PSK-NULL-SHA256
# client TLSv1 ECDHE-PSK-NULL-SHA256
-s
-v 1
-l QSH:ECDHE-PSK-NULL-SHA256
# server TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-v 2
-l QSH:ECDHE-PSK-NULL-SHA256
# client TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-v 2
-l QSH:ECDHE-PSK-NULL-SHA256
# server TLSv1.2 ECDHE-PSK-NULL-SHA256
-s
-v 3
@ -1251,26 +1147,6 @@
-v 3
-l QSH:PSK-AES256-CBC-SHA
# server TLSv1.0 PSK-AES128-SHA256
-s
-v 1
-l QSH:PSK-AES128-CBC-SHA256
# client TLSv1.0 PSK-AES128-SHA256
-s
-v 1
-l QSH:PSK-AES128-CBC-SHA256
# server TLSv1.1 PSK-AES128-SHA256
-s
-v 2
-l QSH:PSK-AES128-CBC-SHA256
# client TLSv1.1 PSK-AES128-SHA256
-s
-v 2
-l QSH:PSK-AES128-CBC-SHA256
# server TLSv1.2 PSK-AES128-SHA256
-s
-v 3
@ -1281,26 +1157,6 @@
-v 3
-l QSH:PSK-AES128-CBC-SHA256
# server TLSv1.0 PSK-AES256-SHA384
-s
-v 1
-l QSH:PSK-AES256-CBC-SHA384
# client TLSv1.0 PSK-AES256-SHA384
-s
-v 1
-l QSH:PSK-AES256-CBC-SHA384
# server TLSv1.1 PSK-AES256-SHA384
-s
-v 2
-l QSH:PSK-AES256-CBC-SHA384
# client TLSv1.1 PSK-AES256-SHA384
-s
-v 2
-l QSH:PSK-AES256-CBC-SHA384
# server TLSv1.2 PSK-AES256-SHA384
-s
-v 3
@ -1405,22 +1261,6 @@
-v 3
-l QSH:NULL-SHA
# server TLSv1.0 RSA-NULL-SHA256
-v 1
-l QSH:NULL-SHA256
# client TLSv1.0 RSA-NULL-SHA256
-v 1
-l QSH:NULL-SHA256
# server TLSv1.1 RSA-NULL-SHA256
-v 2
-l QSH:NULL-SHA256
# client TLSv1.1 RSA-NULL-SHA256
-v 2
-l QSH:NULL-SHA256
# server TLSv1.2 RSA-NULL-SHA256
-v 3
-l QSH:NULL-SHA256
@ -1445,22 +1285,6 @@
-v 1
-l QSH:CAMELLIA256-SHA
# server TLSv1 CAMELLIA128-SHA256
-v 1
-l QSH:CAMELLIA128-SHA256
# client TLSv1 CAMELLIA128-SHA256
-v 1
-l QSH:CAMELLIA128-SHA256
# server TLSv1 CAMELLIA256-SHA256
-v 1
-l QSH:CAMELLIA256-SHA256
# client TLSv1 CAMELLIA256-SHA256
-v 1
-l QSH:CAMELLIA256-SHA256
# server TLSv1.1 CAMELLIA128-SHA
-v 2
-l QSH:CAMELLIA128-SHA
@ -1477,22 +1301,6 @@
-v 2
-l QSH:CAMELLIA256-SHA
# server TLSv1.1 CAMELLIA128-SHA256
-v 2
-l QSH:CAMELLIA128-SHA256
# client TLSv1.1 CAMELLIA128-SHA256
-v 2
-l QSH:CAMELLIA128-SHA256
# server TLSv1.1 CAMELLIA256-SHA256
-v 2
-l QSH:CAMELLIA256-SHA256
# client TLSv1.1 CAMELLIA256-SHA256
-v 2
-l QSH:CAMELLIA256-SHA256
# server TLSv1.2 CAMELLIA128-SHA
-v 3
-l QSH:CAMELLIA128-SHA
@ -1541,22 +1349,6 @@
-v 1
-l QSH:DHE-RSA-CAMELLIA256-SHA
# server TLSv1 DHE-RSA-CAMELLIA128-SHA256
-v 1
-l QSH:DHE-RSA-CAMELLIA128-SHA256
# client TLSv1 DHE-RSA-CAMELLIA128-SHA256
-v 1
-l QSH:DHE-RSA-CAMELLIA128-SHA256
# server TLSv1 DHE-RSA-CAMELLIA256-SHA256
-v 1
-l QSH:DHE-RSA-CAMELLIA256-SHA256
# client TLSv1 DHE-RSA-CAMELLIA256-SHA256
-v 1
-l QSH:DHE-RSA-CAMELLIA256-SHA256
# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA
-v 2
-l QSH:DHE-RSA-CAMELLIA128-SHA
@ -1573,22 +1365,6 @@
-v 2
-l QSH:DHE-RSA-CAMELLIA256-SHA
# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
-v 2
-l QSH:DHE-RSA-CAMELLIA128-SHA256
# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
-v 2
-l QSH:DHE-RSA-CAMELLIA128-SHA256
# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
-v 2
-l QSH:DHE-RSA-CAMELLIA256-SHA256
# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
-v 2
-l QSH:DHE-RSA-CAMELLIA256-SHA256
# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA
-v 3
-l QSH:DHE-RSA-CAMELLIA128-SHA
@ -1842,26 +1618,6 @@
-v 3
-l QSH:PSK-AES256-CCM-8
# server TLSv1.0 DHE-PSK-AES128-CBC-SHA256
-s
-v 1
-l QSH:DHE-PSK-AES128-CBC-SHA256
# client TLSv1.0 DHE-PSK-AES128-CBC-SHA256
-s
-v 1
-l QSH:DHE-PSK-AES128-CBC-SHA256
# server TLSv1.1 DHE-PSK-AES128-CBC-SHA256
-s
-v 2
-l QSH:DHE-PSK-AES128-CBC-SHA256
# client TLSv1.1 DHE-PSK-AES128-CBC-SHA256
-s
-v 2
-l QSH:DHE-PSK-AES128-CBC-SHA256
# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256
-s
-v 3
@ -1872,26 +1628,6 @@
-v 3
-l QSH:DHE-PSK-AES128-CBC-SHA256
# server TLSv1.0 DHE-PSK-AES256-CBC-SHA384
-s
-v 1
-l QSH:DHE-PSK-AES256-CBC-SHA384
# client TLSv1.0 DHE-PSK-AES256-CBC-SHA384
-s
-v 1
-l QSH:DHE-PSK-AES256-CBC-SHA384
# server TLSv1.1 DHE-PSK-AES256-CBC-SHA384
-s
-v 2
-l QSH:DHE-PSK-AES256-CBC-SHA384
# client TLSv1.1 DHE-PSK-AES256-CBC-SHA384
-s
-v 2
-l QSH:DHE-PSK-AES256-CBC-SHA384
# server TLSv1.2 DHE-PSK-AES256-CBC-SHA384
-s
-v 3
@ -1902,26 +1638,6 @@
-v 3
-l QSH:DHE-PSK-AES256-CBC-SHA384
# server TLSv1.0 DHE-PSK-NULL-SHA256
-s
-v 1
-l QSH:DHE-PSK-NULL-SHA256
# client TLSv1.0 DHE-PSK-NULL-SHA256
-s
-v 1
-l QSH:DHE-PSK-NULL-SHA256
# server TLSv1.1 DHE-PSK-NULL-SHA256
-s
-v 2
-l QSH:DHE-PSK-NULL-SHA256
# client TLSv1.1 DHE-PSK-NULL-SHA256
-s
-v 2
-l QSH:DHE-PSK-NULL-SHA256
# server TLSv1.2 DHE-PSK-NULL-SHA256
-s
-v 3
@ -1932,26 +1648,6 @@
-v 3
-l QSH:DHE-PSK-NULL-SHA256
# server TLSv1.0 DHE-PSK-NULL-SHA384
-s
-v 1
-l QSH:DHE-PSK-NULL-SHA384
# client TLSv1.0 DHE-PSK-NULL-SHA384
-s
-v 1
-l QSH:DHE-PSK-NULL-SHA384
# server TLSv1.1 DHE-PSK-NULL-SHA384
-s
-v 2
-l QSH:DHE-PSK-NULL-SHA384
# client TLSv1.1 DHE-PSK-NULL-SHA384
-s
-v 2
-l QSH:DHE-PSK-NULL-SHA384
# server TLSv1.2 DHE-PSK-NULL-SHA384
-s
-v 3

67
tests/test-sctp-sha2.conf Normal file
View File

@ -0,0 +1,67 @@
# server DTLSv1 AES128-SHA256
-G
-v 2
-l AES128-SHA256
# client DTLSv1 AES128-SHA256
-G
-v 2
-l AES128-SHA256
# server DTLSv1 AES256-SHA256
-G
-v 2
-l AES256-SHA256
# client DTLSv1 AES256-SHA256
-G
-v 2
-l AES256-SHA256
# server TLSv1 ECDHE-PSK-AES128-SHA256
-s
-G
-v 1
-l ECDHE-PSK-AES128-SHA256
# client TLSv1 ECDHE-PSK-AES128-SHA256
-s
-G
-v 1
-l ECDHE-PSK-AES128-SHA256
# server TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-G
-v 2
-l ECDHE-PSK-AES128-SHA256
# client TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-G
-v 2
-l ECDHE-PSK-AES128-SHA256
# server TLSv1 ECDHE-PSK-NULL-SHA256
-s
-G
-v 1
-l ECDHE-PSK-NULL-SHA256
# client TLSv1 ECDHE-PSK-NULL-SHA256
-s
-G
-v 1
-l ECDHE-PSK-NULL-SHA256
# server TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-G
-v 2
-l ECDHE-PSK-NULL-SHA256
# client TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-G
-v 2
-l ECDHE-PSK-NULL-SHA256

68
tests/test-sctp.conf
View File

@ -223,16 +223,6 @@
-v 3
-l AES256-SHA
# server DTLSv1 AES128-SHA256
-G
-v 2
-l AES128-SHA256
# client DTLSv1 AES128-SHA256
-G
-v 2
-l AES128-SHA256
# server DTLSv1.2 AES128-SHA256
-G
-v 3
@ -243,16 +233,6 @@
-v 3
-l AES128-SHA256
# server DTLSv1 AES256-SHA256
-G
-v 2
-l AES256-SHA256
# client DTLSv1 AES256-SHA256
-G
-v 2
-l AES256-SHA256
# server DTLSv1.2 AES256-SHA256
-G
-v 3
@ -782,30 +762,6 @@
-l ECDH-ECDSA-AES256-SHA384
-A ./certs/ca-ecc-cert.pem
# server TLSv1 ECDHE-PSK-AES128-SHA256
-s
-G
-v 1
-l ECDHE-PSK-AES128-SHA256
# client TLSv1 ECDHE-PSK-AES128-SHA256
-s
-G
-v 1
-l ECDHE-PSK-AES128-SHA256
# server TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-G
-v 2
-l ECDHE-PSK-AES128-SHA256
# client TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-G
-v 2
-l ECDHE-PSK-AES128-SHA256
# server TLSv1.2 ECDHE-PSK-AES128-SHA256
-s
-G
@ -818,30 +774,6 @@
-v 3
-l ECDHE-PSK-AES128-SHA256
# server TLSv1 ECDHE-PSK-NULL-SHA256
-s
-G
-v 1
-l ECDHE-PSK-NULL-SHA256
# client TLSv1 ECDHE-PSK-NULL-SHA256
-s
-G
-v 1
-l ECDHE-PSK-NULL-SHA256
# server TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-G
-v 2
-l ECDHE-PSK-NULL-SHA256
# client TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-G
-v 2
-l ECDHE-PSK-NULL-SHA256
# server TLSv1.2 ECDHE-PSK-NULL-SHA256
-s
-G

403
tests/test-sha2.conf Normal file
View File

@ -0,0 +1,403 @@
# server TLSv1 AES128-SHA256
-v 1
-l AES128-SHA256
# client TLSv1 AES128-SHA256
-v 1
-l AES128-SHA256
# server TLSv1 AES256-SHA256
-v 1
-l AES256-SHA256
# client TLSv1 AES256-SHA256
-v 1
-l AES256-SHA256
# server TLSv1.1 AES128-SHA256
-v 2
-l AES128-SHA256
# client TLSv1.1 AES128-SHA256
-v 2
-l AES128-SHA256
# server TLSv1.1 AES256-SHA256
-v 2
-l AES256-SHA256
# client TLSv1.1 AES256-SHA256
-v 2
-l AES256-SHA256
# server TLSv1 DHE AES128-SHA256
-v 1
-l DHE-RSA-AES128-SHA256
# client TLSv1 DHE AES128-SHA256
-v 1
-l DHE-RSA-AES128-SHA256
# server TLSv1 DHE AES256-SHA256
-v 1
-l DHE-RSA-AES256-SHA256
# client TLSv1 DHE AES256-SHA256
-v 1
-l DHE-RSA-AES256-SHA256
# server TLSv1.1 DHE AES128-SHA256
-v 2
-l DHE-RSA-AES128-SHA256
# client TLSv1.1 DHE AES128-SHA256
-v 2
-l DHE-RSA-AES128-SHA256
# server TLSv1.1 DHE AES256-SHA256
-v 2
-l DHE-RSA-AES256-SHA256
# client TLSv1.1 DHE AES256-SHA256
-v 2
-l DHE-RSA-AES256-SHA256
# server TLSv1 ECDHE-PSK-NULL-SHA256
-s
-v 1
-l ECDHE-PSK-NULL-SHA256
# client TLSv1 ECDHE-PSK-NULL-SHA256
-s
-v 1
-l ECDHE-PSK-NULL-SHA256
# server TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-v 2
-l ECDHE-PSK-NULL-SHA256
# client TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-v 2
-l ECDHE-PSK-NULL-SHA256
# server TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l ECDHE-PSK-AES128-SHA256
# client TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l ECDHE-PSK-AES128-SHA256
# server TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l ECDHE-PSK-AES128-SHA256
# client TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l ECDHE-PSK-AES128-SHA256
# server TLSv1.0 PSK-AES128-SHA256
-s
-v 1
-l PSK-AES128-CBC-SHA256
# client TLSv1.0 PSK-AES128-SHA256
-s
-v 1
-l PSK-AES128-CBC-SHA256
# server TLSv1.1 PSK-AES128-SHA256
-s
-v 2
-l PSK-AES128-CBC-SHA256
# client TLSv1.1 PSK-AES128-SHA256
-s
-v 2
-l PSK-AES128-CBC-SHA256
# server TLSv1.0 PSK-AES256-SHA384
-s
-v 1
-l PSK-AES256-CBC-SHA384
# client TLSv1.0 PSK-AES256-SHA384
-s
-v 1
-l PSK-AES256-CBC-SHA384
# server TLSv1.1 PSK-AES256-SHA384
-s
-v 2
-l PSK-AES256-CBC-SHA384
# client TLSv1.1 PSK-AES256-SHA384
-s
-v 2
-l PSK-AES256-CBC-SHA384
# server TLSv1.0 RSA-NULL-SHA256
-v 1
-l NULL-SHA256
# client TLSv1.0 RSA-NULL-SHA256
-v 1
-l NULL-SHA256
# server TLSv1.1 RSA-NULL-SHA256
-v 2
-l NULL-SHA256
# client TLSv1.1 RSA-NULL-SHA256
-v 2
-l NULL-SHA256
# server TLSv1 CAMELLIA128-SHA256
-v 1
-l CAMELLIA128-SHA256
# client TLSv1 CAMELLIA128-SHA256
-v 1
-l CAMELLIA128-SHA256
# server TLSv1 CAMELLIA256-SHA256
-v 1
-l CAMELLIA256-SHA256
# client TLSv1 CAMELLIA256-SHA256
-v 1
-l CAMELLIA256-SHA256
# server TLSv1.1 CAMELLIA128-SHA256
-v 2
-l CAMELLIA128-SHA256
# client TLSv1.1 CAMELLIA128-SHA256
-v 2
-l CAMELLIA128-SHA256
# server TLSv1.1 CAMELLIA256-SHA256
-v 2
-l CAMELLIA256-SHA256
# client TLSv1.1 CAMELLIA256-SHA256
-v 2
-l CAMELLIA256-SHA256
# server TLSv1 DHE-RSA-CAMELLIA128-SHA256
-v 1
-l DHE-RSA-CAMELLIA128-SHA256
# client TLSv1 DHE-RSA-CAMELLIA128-SHA256
-v 1
-l DHE-RSA-CAMELLIA128-SHA256
# server TLSv1 DHE-RSA-CAMELLIA256-SHA256
-v 1
-l DHE-RSA-CAMELLIA256-SHA256
# client TLSv1 DHE-RSA-CAMELLIA256-SHA256
-v 1
-l DHE-RSA-CAMELLIA256-SHA256
# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
-v 2
-l DHE-RSA-CAMELLIA128-SHA256
# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
-v 2
-l DHE-RSA-CAMELLIA128-SHA256
# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
-v 2
-l DHE-RSA-CAMELLIA256-SHA256
# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
-v 2
-l DHE-RSA-CAMELLIA256-SHA256
# server TLSv1.0 DHE-PSK-AES128-CBC-SHA256
-s
-v 1
-l DHE-PSK-AES128-CBC-SHA256
# client TLSv1.0 DHE-PSK-AES128-CBC-SHA256
-s
-v 1
-l DHE-PSK-AES128-CBC-SHA256
# server TLSv1.1 DHE-PSK-AES128-CBC-SHA256
-s
-v 2
-l DHE-PSK-AES128-CBC-SHA256
# client TLSv1.1 DHE-PSK-AES128-CBC-SHA256
-s
-v 2
-l DHE-PSK-AES128-CBC-SHA256
# server TLSv1.0 DHE-PSK-AES256-CBC-SHA384
-s
-v 1
-l DHE-PSK-AES256-CBC-SHA384
# client TLSv1.0 DHE-PSK-AES256-CBC-SHA384
-s
-v 1
-l DHE-PSK-AES256-CBC-SHA384
# server TLSv1.1 DHE-PSK-AES256-CBC-SHA384
-s
-v 2
-l DHE-PSK-AES256-CBC-SHA384
# client TLSv1.1 DHE-PSK-AES256-CBC-SHA384
-s
-v 2
-l DHE-PSK-AES256-CBC-SHA384
# server TLSv1.0 DHE-PSK-NULL-SHA256
-s
-v 1
-l DHE-PSK-NULL-SHA256
# client TLSv1.0 DHE-PSK-NULL-SHA256
-s
-v 1
-l DHE-PSK-NULL-SHA256
# server TLSv1.1 DHE-PSK-NULL-SHA256
-s
-v 2
-l DHE-PSK-NULL-SHA256
# client TLSv1.1 DHE-PSK-NULL-SHA256
-s
-v 2
-l DHE-PSK-NULL-SHA256
# server TLSv1.0 DHE-PSK-AES256-CBC-SHA384
-s
-v 1
-l DHE-PSK-AES256-CBC-SHA384
# client TLSv1.0 DHE-PSK-AES256-CBC-SHA384
-s
-v 1
-l DHE-PSK-AES256-CBC-SHA384
# server TLSv1.1 DHE-PSK-AES256-CBC-SHA384
-s
-v 2
-l DHE-PSK-AES256-CBC-SHA384
# client TLSv1.1 DHE-PSK-AES256-CBC-SHA384
-s
-v 2
-l DHE-PSK-AES256-CBC-SHA384
# server TLSv1.0 DHE-PSK-NULL-SHA256
-s
-v 1
-l DHE-PSK-NULL-SHA256
# client TLSv1.0 DHE-PSK-NULL-SHA256
-s
-v 1
-l DHE-PSK-NULL-SHA256
# server TLSv1.1 DHE-PSK-NULL-SHA256
-s
-v 2
-l DHE-PSK-NULL-SHA256
# client TLSv1.1 DHE-PSK-NULL-SHA256
-s
-v 2
-l DHE-PSK-NULL-SHA256
# server TLSv1.0 DHE-PSK-NULL-SHA384
-s
-v 1
-l DHE-PSK-NULL-SHA384
# client TLSv1.0 DHE-PSK-NULL-SHA384
-s
-v 1
-l DHE-PSK-NULL-SHA384
# server TLSv1.1 DHE-PSK-NULL-SHA384
-s
-v 2
-l DHE-PSK-NULL-SHA384
# client TLSv1.1 DHE-PSK-NULL-SHA384
-s
-v 2
-l DHE-PSK-NULL-SHA384
# server TLSv1.0 DHE-PSK-AES256-CBC-SHA384
-s
-v 1
-l DHE-PSK-AES256-CBC-SHA384
# client TLSv1.0 DHE-PSK-AES256-CBC-SHA384
-s
-v 1
-l DHE-PSK-AES256-CBC-SHA384
# server TLSv1.1 DHE-PSK-AES256-CBC-SHA384
-s
-v 2
-l DHE-PSK-AES256-CBC-SHA384
# client TLSv1.1 DHE-PSK-AES256-CBC-SHA384
-s
-v 2
-l DHE-PSK-AES256-CBC-SHA384
# server TLSv1.0 DHE-PSK-NULL-SHA256
-s
-v 1
-l DHE-PSK-NULL-SHA256
# client TLSv1.0 DHE-PSK-NULL-SHA256
-s
-v 1
-l DHE-PSK-NULL-SHA256
# server TLSv1.1 DHE-PSK-NULL-SHA256
-s
-v 2
-l DHE-PSK-NULL-SHA256
# client TLSv1.1 DHE-PSK-NULL-SHA256
-s
-v 2
-l DHE-PSK-NULL-SHA256
# server TLSv1.0 DHE-PSK-NULL-SHA384
-s
-v 1
-l DHE-PSK-NULL-SHA384
# client TLSv1.0 DHE-PSK-NULL-SHA384
-s
-v 1
-l DHE-PSK-NULL-SHA384
# server TLSv1.1 DHE-PSK-NULL-SHA384
-s
-v 2
-l DHE-PSK-NULL-SHA384
# client TLSv1.1 DHE-PSK-NULL-SHA384
-s
-v 2
-l DHE-PSK-NULL-SHA384

304
tests/test.conf
View File

@ -162,22 +162,6 @@
-v 1
-l AES256-SHA
# server TLSv1 AES128-SHA256
-v 1
-l AES128-SHA256
# client TLSv1 AES128-SHA256
-v 1
-l AES128-SHA256
# server TLSv1 AES256-SHA256
-v 1
-l AES256-SHA256
# client TLSv1 AES256-SHA256
-v 1
-l AES256-SHA256
# server TLSv1.1 RC4-SHA
-v 2
-l RC4-SHA
@ -226,22 +210,6 @@
-v 2
-l AES256-SHA
# server TLSv1.1 AES128-SHA256
-v 2
-l AES128-SHA256
# client TLSv1.1 AES128-SHA256
-v 2
-l AES128-SHA256
# server TLSv1.1 AES256-SHA256
-v 2
-l AES256-SHA256
# client TLSv1.1 AES256-SHA256
-v 2
-l AES256-SHA256
# server TLSv1.2 RC4-SHA
-v 3
-l RC4-SHA
@ -1051,22 +1019,6 @@
-v 1
-l DHE-RSA-AES256-SHA
# server TLSv1 DHE AES128-SHA256
-v 1
-l DHE-RSA-AES128-SHA256
# client TLSv1 DHE AES128-SHA256
-v 1
-l DHE-RSA-AES128-SHA256
# server TLSv1 DHE AES256-SHA256
-v 1
-l DHE-RSA-AES256-SHA256
# client TLSv1 DHE AES256-SHA256
-v 1
-l DHE-RSA-AES256-SHA256
# server TLSv1.1 DHE AES128
-v 2
-l DHE-RSA-AES128-SHA
@ -1083,22 +1035,6 @@
-v 2
-l DHE-RSA-AES256-SHA
# server TLSv1.1 DHE AES128-SHA256
-v 2
-l DHE-RSA-AES128-SHA256
# client TLSv1.1 DHE AES128-SHA256
-v 2
-l DHE-RSA-AES128-SHA256
# server TLSv1.1 DHE AES256-SHA256
-v 2
-l DHE-RSA-AES256-SHA256
# client TLSv1.1 DHE AES256-SHA256
-v 2
-l DHE-RSA-AES256-SHA256
# server TLSv1.1 DHE 3DES
-v 2
-l EDH-RSA-DES-CBC3-SHA
@ -1147,26 +1083,6 @@
-v 3
-l DHE-RSA-AES256-SHA256
# server TLSv1 ECDHE-PSK-NULL-SHA256
-s
-v 1
-l ECDHE-PSK-NULL-SHA256
# client TLSv1 ECDHE-PSK-NULL-SHA256
-s
-v 1
-l ECDHE-PSK-NULL-SHA256
# server TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-v 2
-l ECDHE-PSK-NULL-SHA256
# client TLSv1.1 ECDHE-PSK-NULL-SHA256
-s
-v 2
-l ECDHE-PSK-NULL-SHA256
# server TLSv1.2 ECDHE-PSK-NULL-SHA256
-s
-v 3
@ -1177,26 +1093,6 @@
-v 3
-l ECDHE-PSK-NULL-SHA256
# server TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l ECDHE-PSK-AES128-SHA256
# client TLSv1 ECDHE-PSK-AES128-SHA256
-s
-v 1
-l ECDHE-PSK-AES128-SHA256
# server TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l ECDHE-PSK-AES128-SHA256
# client TLSv1.1 ECDHE-PSK-AES128-SHA256
-s
-v 2
-l ECDHE-PSK-AES128-SHA256
# server TLSv1.2 ECDHE-PSK-AES128-SHA256
-s
-v 3
@ -1267,26 +1163,6 @@
-v 3
-l PSK-AES256-CBC-SHA
# server TLSv1.0 PSK-AES128-SHA256
-s
-v 1
-l PSK-AES128-CBC-SHA256
# client TLSv1.0 PSK-AES128-SHA256
-s
-v 1
-l PSK-AES128-CBC-SHA256
# server TLSv1.1 PSK-AES128-SHA256
-s
-v 2
-l PSK-AES128-CBC-SHA256
# client TLSv1.1 PSK-AES128-SHA256
-s
-v 2
-l PSK-AES128-CBC-SHA256
# server TLSv1.2 PSK-AES128-SHA256
-s
-v 3
@ -1297,26 +1173,6 @@
-v 3
-l PSK-AES128-CBC-SHA256
# server TLSv1.0 PSK-AES256-SHA384
-s
-v 1
-l PSK-AES256-CBC-SHA384
# client TLSv1.0 PSK-AES256-SHA384
-s
-v 1
-l PSK-AES256-CBC-SHA384
# server TLSv1.1 PSK-AES256-SHA384
-s
-v 2
-l PSK-AES256-CBC-SHA384
# client TLSv1.1 PSK-AES256-SHA384
-s
-v 2
-l PSK-AES256-CBC-SHA384
# server TLSv1.2 PSK-AES256-SHA384
-s
-v 3
@ -1445,22 +1301,6 @@
-v 3
-l NULL-SHA
# server TLSv1.0 RSA-NULL-SHA256
-v 1
-l NULL-SHA256
# client TLSv1.0 RSA-NULL-SHA256
-v 1
-l NULL-SHA256
# server TLSv1.1 RSA-NULL-SHA256
-v 2
-l NULL-SHA256
# client TLSv1.1 RSA-NULL-SHA256
-v 2
-l NULL-SHA256
# server TLSv1.2 RSA-NULL-SHA256
-v 3
-l NULL-SHA256
@ -1485,22 +1325,6 @@
-v 1
-l CAMELLIA256-SHA
# server TLSv1 CAMELLIA128-SHA256
-v 1
-l CAMELLIA128-SHA256
# client TLSv1 CAMELLIA128-SHA256
-v 1
-l CAMELLIA128-SHA256
# server TLSv1 CAMELLIA256-SHA256
-v 1
-l CAMELLIA256-SHA256
# client TLSv1 CAMELLIA256-SHA256
-v 1
-l CAMELLIA256-SHA256
# server TLSv1.1 CAMELLIA128-SHA
-v 2
-l CAMELLIA128-SHA
@ -1517,22 +1341,6 @@
-v 2
-l CAMELLIA256-SHA
# server TLSv1.1 CAMELLIA128-SHA256
-v 2
-l CAMELLIA128-SHA256
# client TLSv1.1 CAMELLIA128-SHA256
-v 2
-l CAMELLIA128-SHA256
# server TLSv1.1 CAMELLIA256-SHA256
-v 2
-l CAMELLIA256-SHA256
# client TLSv1.1 CAMELLIA256-SHA256
-v 2
-l CAMELLIA256-SHA256
# server TLSv1.2 CAMELLIA128-SHA
-v 3
-l CAMELLIA128-SHA
@ -1581,22 +1389,6 @@
-v 1
-l DHE-RSA-CAMELLIA256-SHA
# server TLSv1 DHE-RSA-CAMELLIA128-SHA256
-v 1
-l DHE-RSA-CAMELLIA128-SHA256
# client TLSv1 DHE-RSA-CAMELLIA128-SHA256
-v 1
-l DHE-RSA-CAMELLIA128-SHA256
# server TLSv1 DHE-RSA-CAMELLIA256-SHA256
-v 1
-l DHE-RSA-CAMELLIA256-SHA256
# client TLSv1 DHE-RSA-CAMELLIA256-SHA256
-v 1
-l DHE-RSA-CAMELLIA256-SHA256
# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA
-v 2
-l DHE-RSA-CAMELLIA128-SHA
@ -1613,22 +1405,6 @@
-v 2
-l DHE-RSA-CAMELLIA256-SHA
# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
-v 2
-l DHE-RSA-CAMELLIA128-SHA256
# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA256
-v 2
-l DHE-RSA-CAMELLIA128-SHA256
# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
-v 2
-l DHE-RSA-CAMELLIA256-SHA256
# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA256
-v 2
-l DHE-RSA-CAMELLIA256-SHA256
# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA
-v 3
-l DHE-RSA-CAMELLIA128-SHA
@ -1882,26 +1658,6 @@
-v 3
-l PSK-AES256-CCM-8
# server TLSv1.0 DHE-PSK-AES128-CBC-SHA256
-s
-v 1
-l DHE-PSK-AES128-CBC-SHA256
# client TLSv1.0 DHE-PSK-AES128-CBC-SHA256
-s
-v 1
-l DHE-PSK-AES128-CBC-SHA256
# server TLSv1.1 DHE-PSK-AES128-CBC-SHA256
-s
-v 2
-l DHE-PSK-AES128-CBC-SHA256
# client TLSv1.1 DHE-PSK-AES128-CBC-SHA256
-s
-v 2
-l DHE-PSK-AES128-CBC-SHA256
# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256
-s
-v 3
@ -1912,26 +1668,6 @@
-v 3
-l DHE-PSK-AES128-CBC-SHA256
# server TLSv1.0 DHE-PSK-AES256-CBC-SHA384
-s
-v 1
-l DHE-PSK-AES256-CBC-SHA384
# client TLSv1.0 DHE-PSK-AES256-CBC-SHA384
-s
-v 1
-l DHE-PSK-AES256-CBC-SHA384
# server TLSv1.1 DHE-PSK-AES256-CBC-SHA384
-s
-v 2
-l DHE-PSK-AES256-CBC-SHA384
# client TLSv1.1 DHE-PSK-AES256-CBC-SHA384
-s
-v 2
-l DHE-PSK-AES256-CBC-SHA384
# server TLSv1.2 DHE-PSK-AES256-CBC-SHA384
-s
-v 3
@ -1942,26 +1678,6 @@
-v 3
-l DHE-PSK-AES256-CBC-SHA384
# server TLSv1.0 DHE-PSK-NULL-SHA256
-s
-v 1
-l DHE-PSK-NULL-SHA256
# client TLSv1.0 DHE-PSK-NULL-SHA256
-s
-v 1
-l DHE-PSK-NULL-SHA256
# server TLSv1.1 DHE-PSK-NULL-SHA256
-s
-v 2
-l DHE-PSK-NULL-SHA256
# client TLSv1.1 DHE-PSK-NULL-SHA256
-s
-v 2
-l DHE-PSK-NULL-SHA256
# server TLSv1.2 DHE-PSK-NULL-SHA256
-s
-v 3
@ -1972,26 +1688,6 @@
-v 3
-l DHE-PSK-NULL-SHA256
# server TLSv1.0 DHE-PSK-NULL-SHA384
-s
-v 1
-l DHE-PSK-NULL-SHA384
# client TLSv1.0 DHE-PSK-NULL-SHA384
-s
-v 1
-l DHE-PSK-NULL-SHA384
# server TLSv1.1 DHE-PSK-NULL-SHA384
-s
-v 2
-l DHE-PSK-NULL-SHA384
# client TLSv1.1 DHE-PSK-NULL-SHA384
-s
-v 2
-l DHE-PSK-NULL-SHA384
# server TLSv1.2 DHE-PSK-NULL-SHA384
-s
-v 3